X3Photo Gallery Forums

centurion · 15 Aug 2008, 15:02

Hello,

At the moment i use a contact form (not imagevue) which has verfication via numbers presented as an image.
Now your mail form could be abused by spammers who search for open contact form like this. I may be wrong but i would like to know is this form would be safe, and if not how to get verification in

Regards,

Maarten

16 Aug 2008, 01:03

God bless Flash ...

The usage of verification schemes for forms in HTML sites is to prevent robots(SPAMBOTS) from posting through forms. Spambots are small malicious programs that speed through the web, picking up unprotected forms they can abuse by sending spam through them. It could be contact forms, forums, blogs or anything that sends data through a form.

They do this by reading the HTML source code, but since this is flash, they will not be able to pick up any forms in the Imagevue gallery.

You need not worry! The only way someone may be able to send spam to you, is if a human does it manually, and then it wouldn't help with verification code anyway ...

Paul · 19 Oct 2008, 10:53

If only that were actually true.

I'm still only running a hidden test site and I'm already getting a small amount of contact form spam.

20 Oct 2008, 01:37

hmm, well I would admit that the contact form in the sibling HTML pages would be possible for bots to spam.

However, I am not sure how any bots found your 'hidden' test site. If it was truly hidden, then there would be no visits(from either bots or humans).

Nick · 20 Oct 2008, 08:56

We can add some CAPTCHA image to html, but fixing flash contact form needs some additional research.

Paul · 20 Oct 2008, 21:59

mjau-mjau wrote:hmm, well I would admit that the contact form in the sibling HTML pages would be possible for bots to spam.

However, I am not sure how any bots found your 'hidden' test site. If it was truly hidden, then there would be no visits(from either bots or humans).

It's not a properly hidden site, just a random directory that I installed for testing. I purchased because the design but am waiting until I get some free time to implement it properly.

Anyway, I have the HTML version disabled - I need privacy on my images. The spam is via the flash interface.

It isn't much, half a dozen emails in a month ... but it is there, and from past experience I reckon it will get worse.

21 Oct 2008, 02:51

I gotta say, I haven't received any spam emails from our email forms on our demo at www.photo.gallery/soda/ -

Sure, I receive an email once in a while "sdfsdg test test", but no spam, and our demo gallery has a lot of visitors. I don't want to argue with you, but it shouldn't be possible for a bot to send spam through a flash form ...

As it works in HTML, the bot simply reads the html code, finds the form, the scripts and the button, and sends away its spam. It can't do that with flash because there is no source to read, it can't identify any button or any form.

Perhaps you can send me a link to your gallery - I would like to check if the HTML form is strictly inaccessible.

Of course, there is an option where some spammers are actually human. I doubt very much that is your case though.

lowagie · 11 Jan 2009, 04:21

today, my first 2 spam emails were in my mailbox. Sent from the imagevue webform...

What to do now?

Thijs

prailaFreep (nixonocatalinaahjse@gmail.com),
sends the following message:

put on the buyer servile the instructional satisfied cialis conflicting cialis clay ly, we after to eschew disadvantaged communities with foregone connectivity to access unwrap-submited communicative endeavour, and to up

- This e-mail template may be changed -
_______________________________________________
www.photo.gallery

12 Jan 2009, 02:06

That must be from the HTML form ... Perhaps we need to use a CAPTCHA module. Pain, what you say?

Nick · 12 Jan 2009, 03:46

Yes captcha can be used. But as Karl said, it's not top priority at the moment, we'll add it to THE list though.

X3Photo Gallery Forums

Anyone know how to make contact form secure?10 posts

Anyone know how to make contact form secure?