Formit spammers

tm2000 · August 1, 2023, 4:00pm

Hi there,

is there a way to block an IP address from submitting forms via formit?
Being spammed quite heavily all from the same IP.

I can’t find anything online about this apart from adding extra security, but not sure that will work with this as the submissions are filling out all the fields (even with nospam enabled)

Thanks
Andy

halftrainedharry · August 1, 2023, 4:38pm

You could add a custom hook.
In the snippet check the value of $_SERVER['REMOTE_ADDR'] and return false if the IP matches the known spammer.

Also, maybe it works if you use the spam hook and set the property &spamCheckIp to true.

tm2000 · August 1, 2023, 4:52pm

Thanks. I am using the spam hook but don’t understand how to set the property &spamCheckIp to true?

Is that within the hook call itself? Can’t work out the syntax. Also, how do I tell it which ip to check against?

Thanks
Andy

markh · August 1, 2023, 4:57pm

If it’s one specific IP, just block them from your site entirely. Easy to do in your .htaccess or in a server control panel.

I don’t think the spam hook actually works anymore in FormIt (unless recent versions fixed it).

If you want to properly block spam, use Akismet.

halftrainedharry · August 1, 2023, 5:10pm

Add &spamCheckIp=`1` to the properties in the FormIt snippet call:

[[!FormIt?
	&hooks=`spam`
	&spamCheckIp=`1`
	...
]]

You can’t. The “spam” hook (if it still works) uses the API from https://www.stopforumspam.com/ and they use their own list of known spammer email- (or IP-) addresses to check against.

tm2000 · August 1, 2023, 6:20pm

Ah right of course. That makes sense. Prevent them getting to the site in the first place. I’ve had 189 submissions all from the same ip.

Will look at askimet too though if it continues.

Thanks

tm2000 · August 1, 2023, 6:21pm

Ah right I see thanks. I have multiple hooks but assume that will still work. Sounds like it might not actually work now anyway though. Will investigate.

jenswittmann · August 1, 2023, 9:53pm

Maybe have also a look here: Spam via contact form - #3 by jenswittmann

vibedesign · August 2, 2023, 8:06am

Do you have a captcha in place? That’s what I usually use to prevent unwanted form submissions. There’s the obvious Google reCaptcha but also alternatives like hCaptcha. ReCaptcha has also it’s own extra, but it’s not ready for the latest reCaptcha version if I’m not mistaken. For hCaptcha I gave an example how to implement it here.

tm2000 · August 2, 2023, 8:18am

It doesn’t have captcha - I prefer not to use it because users don’t like them much (who does!)
but will implement if the IP blocking doesn’t work.

I hadn’t seen hCaptcha so will give that a look - thank you!

system · August 4, 2023, 8:19am

This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.

bobray · August 5, 2023, 4:45am

+1 for Akismet.

FWIW, SPForm is remarkably spamproof, though it may not do what you want. I’ve been using it for many years (without the Captcha option) and have received only two or three spam emails, all of which appear to have been hand-written.