Any way to block specific users or IP addresses from submitting webforms?

Report · Jun 26, 2013

I think I know the answer to this question but I just wanted to double-check because I couldn't find the answer by searching.

Is there any way to block a specific user or IP address from submitting webforms? One of our clients is being spammed by the same user repeatedly. The user is successfully completing the ReCaptcha, so it's most likely a human user and not a robot, but the webform submission is spam.

As far as I know we have no way of blocking them from submitting contact forms but I just wanted to double-check.

Report · Jun 26, 2013

Hi Pam,

There is no direct way to block an IP Address in Business Catalyst, but you can use “module_visitoripaddress” to track the IP Address of the visitor and then you can use JavaScript to block this IP Address.

There might be a way to possibly use some JS to potentially help block this however I do not have an example to provide.

Will leave this thread open for suggestions.

Kind regards,

-Sidney

In Response To smitchell80 · Feb 25, 2014

Is it still not possible to block users from filling out forms based on their IP address(es) (without having to code it ourselves)? Our Business Catalyst site has been receiving numerous spam messages from our Contact Us form.

We would like to try and block them, however I'm not sure how to identify what IP address they are accessing our site from. Is there a way to include the user's IP address on the Case for example? Is there a way to have Adobe look at our Cases and block these for us?

Message was edited by: will_in_KC added "(without having to code it ourselves)"

In Response To will_in_KC · Feb 25, 2014

It has other methods and BC are constantly improving the anti spam elements of the system, the forum update this week as an example.

Ip addresses are not the sollution. You could build a sollution right now, give me the link and I will spam your form all day long as you try to ban my IP with no look, I do not even have to have a second thought or do anything remotely difficult to bypass it You wont see any drop in spam from just doing that.

Report · Apr 20, 2016

I had a client who was getting a lot of spam form submissions and was concerned that with the cofirmation emails being sent to the email addresses they had entered into the form, that their site would be blacklisted as sending spam.

So, we have come up with a solution which seems to work.

Step 1 - Enable Liquid

You need to "Enable Liquid" under SITE SETTINGS - BETA FEATURES

Step 2 - Capture offending IP addresses.

Add a text(string) field to your form, called IP Address (or something).

Edit the page with the form and change the input for the new field you just added to the following...

NOTE 1: Your field will have a different number at the end of the "CAT_Custom_"

Let this run for a while so you can get form submissions with the offending IP Address(es)

Step 3 - Rename your form

Change the form name to something different (eg. add a "-1" as a suffix)

Step 4 - Create a NEW Page to check IP Address and Redirect

Create a new page with code similar to the following where ...

1. The IP Addresses ("107.152.186.125" and "23.229.75.60") are replaced with the offending IP Addresses sending the spam.

2. Change the redirect (in the else statement) to your NEW form name

{% if globals.visitor.ip == "107.152.186.125" -%}

<meta http-equiv="refresh" content="1;url=http://anti-hacker-alliance.com/index.php?ip=107.152.186.125" />

<script type="text/javascript">

window.location.href = "http://anti-hacker-alliance.com/index.php?ip=107.152.186.125"

</script>

{% elsif globals.visitor.ip == "23.229.75.60" -%}

<meta http-equiv="refresh" content="1;url=http://anti-hacker-alliance.com/index.php?ip=23.229.75.60" />

<script type="text/javascript">

window.location.href = "http://anti-hacker-alliance.com/index.php?ip=23.229.75.60"

</script>

{% else %}

<meta http-equiv="refresh" content="1;url=/old-form-name-1" />

<script type="text/javascript">

window.location.href = "/old-form-name-1"

</script>

{% endif %}

NOTE 2: You must create this page using the "Develop" interface as the "Manage" interface editor wont work in BC

Step 5 - Change ALL links to your form on your web site to the new page created in step 4

And dont forget to check html and XML sitemaps to check your new form is NOT included.

You dont want the new name to be published or they will potentially find it and you will need to rename the form again.

And thats what we did and it stopped spam form submissions!

NOTE 3: We left the IP Address field in the form to continue to capture IP Addesses in case they changed IP's ni the future. 🙂

Adobe Community

Any way to block specific users or IP addresses from submitting webforms?