CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute (Moderator: Donald Lobo) »
  • Spam bots submitting zero dollar contributions
Pages: [1]

Author Topic: Spam bots submitting zero dollar contributions  (Read 780 times)

Susanh

  • I’m new here
  • *
  • Posts: 21
  • Karma: 2
    • Sierra Club Canada
Spam bots submitting zero dollar contributions
May 03, 2011, 11:29:43 am
Recently, two $0 contributions were recorded on our main contribution page. After verifying that both mailing addresses were fake, a quick google search determined that one of the email addresses is a known spam bot.

Two issues arise, spambots and $0 contributions. We are now considering adding a Captcha to our pages to prevent the bot activity but the contribution page is set up with a minimum donation of $5, so the zero dollar transactions should not be possible. Is this a known bug?

We are currently using CiviCRM 3.3.5 and Drupal 6.19. If I can post any other helpful information, please ask!

Thanks,
Susan

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Spam bots submitting zero dollar contributions
May 03, 2011, 12:01:53 pm

if this is the page:

https://secure.sierraclub.ca/en/civicrm/contribute/transact?reset=1&id=20

note that i can select "No thank you" for both options which allows me to do a zero donation (i just did one with foo/goo/boo, please delete)

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Susanh

  • I’m new here
  • *
  • Posts: 21
  • Karma: 2
    • Sierra Club Canada
Re: Spam bots submitting zero dollar contributions
May 03, 2011, 12:18:26 pm
That's the one! I'm glad that was you!

So, we want them to be able to say "No thank you" to membership, they can give a donation without joining but they can also join without giving a seperate contribution. I'm not sure it is possible with the configuration options for the page to only allow one or the other "No, thank you" option to be selected. Is there something I'm missing or should we limit the available options?

Thanks


xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Spam bots submitting zero dollar contributions
May 03, 2011, 12:51:24 pm
Hi,

You are probably aware that firefox goes all crazy on your ssl connection and displays a lot of scary messages.

May I suggest you to buy a ssl certificate ? You got some that are recognised by the major browers so they don't display any warnings and that are pretty cheap.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Susanh

  • I’m new here
  • *
  • Posts: 21
  • Karma: 2
    • Sierra Club Canada
Re: Spam bots submitting zero dollar contributions
May 03, 2011, 12:56:47 pm
I'm a bookkeeper and a fundraiser, I know very very little about SSL connections and certificates except that I've heard the term. I do not get any warnings when I test drive my pages, but I imagine that is because I am logged in or because of my browsers cache.

Where do I start and how do I implement with Civi? Thanks for your help!


xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Spam bots submitting zero dollar contributions
May 03, 2011, 01:40:29 pm
Hi

That's something to configure on your web server, check with your IT person/provider.

That's what I see from my browser:

Quote
This Connection is Untrusted

     

     
     
     

       

         

You have asked Firefox to connect
securely to secure.sierraclub.ca, but we can't confirm that your connection is secure.

         

Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.

       

       
       

         
What Should I Do?

         

           

If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.

           
         

       

       
       
       

         
Technical Details

         

secure.sierraclub.ca uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

       

       
       

         
I Understand the Risks

         

           

If you understand what's going on, you
can tell Firefox to start trusting this site's identification.
Even if you trust the site, this error could mean that someone is
tampering with your connection.

           

Don't add an exception unless
you know there's a good reason why this site doesn't use trusted identification.

Seems that COMODO (the org that sold you the SSL presumably) is not recognized by FF ? Might be a problem only on some browsers ? (Firefox on linux, admittedly not your core target, but still ;)

-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute (Moderator: Donald Lobo) »
  • Spam bots submitting zero dollar contributions

This forum was archived on 2017-11-26.