The Visforms spam protection plugin
Spam protection plugin activated by default
Note: The use of the spam protection plugin is activated by default and set up with sensible default settings.
It checks the sender’s IP by default. And if there is an email field in the form, it also checks the entered email address against the stopforumspam.com and SpamCop.net databases by default.
Another good spam bot database is the ProjectHoneyPot.org database. This database, however, requires its own free access key before it can be used. It is therefore not possible to activate ProjectHoneyPot.org by default.
All settings are form-specific
You can adjust all settings for the spam protection plugin to suit your needs for each form separately in the form configuration on the Spam Protection tab.
The spam protection plugin also offers you the option of creating whitelists and blacklists.
The whitelist is a list of email addresses or IP addresses that are never blocked.
The blacklist is a list of email addresses that are always blocked.
Peculiarity of sorbs.net
The provider sorbs.net has the peculiarity that it sometimes classifies entire IP sub-networks as spam. It sometimes does this even if there is only one IP within the sub-network from which spam is sent. According to Visforms users, this leads to far too many IPs being blocked under unfavorable conditions. We are currently investigating these reports further.
Note: Temporarily deactivate sorbs.net as a provider if you notice such problems.
Special features of the email whitelist
Only in exceptional cases
In principle, it should only be necessary to put people on a whitelist in exceptional cases. If a large number of your users are mistakenly blocked by the plugin, then you must adjust the plugin settings. The providers used are particularly important. See also ‘Special features of sorbs.net’ above.
Email whitelist offers two formats
It is occasionally necessary or desired to put certain users on a whitelist.
The email whitelist offers you two formats:
- A domain-based list, i.e. a list of domains in the format:
@domain1.com,@domain2.com - A list of specific email addresses in the format:
This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. JavaScript must be enabled to view this content..
First set the format
You must first set which format you want to use using the Generic email in whitelist option.
You can then enter a comma-separated list of the specific email addresses or email domains in the correct email format in the Email whitelist field.
Note: It is not possible to mix the two formats.
Using regular expressions
The use of regular expressions is possible in all four lists:
- Email whitelist,
- Email blacklist,
- IP whitelist,
- IP blacklist.
Set the Regular Expressions option to Yes to be able to use regular expressions in all four lists.
Note: If this setting is activated, the setting 'Generic email in whitelist' loses its effect.
The Regular Expressions feature is very powerful, simply because regular expressions are very powerful overall.
You can find examples in this section:
Regular Expression Examples.
Difference between the setting levels
Settings that you make in the global configuration for Visforms act as a template for presets for the newly created form. They serve as a generation template when you create a new form and are only applied at that one time. Only the current settings from the form configuration are used when someone submits the form.
Settings in the form configuration
The settings in the form configuration on the Spam protection tab have numerous explanatory help texts in the inline help.
Turn on the help texts in the inline help if you don’t know your way around yet.
Turn off the help texts in the inline help if you already know your way around and want to get a better overview of the parameters.
Basic settings
The following settings fundamentally affect the way the spam protection plugin works:
- Activate the use of the plugin: Use spam protection plugin = Yes.
- Decide on Check IP and/or Check email.
- Decide on the individual providers.
Whitelists and blacklists
A whitelist is also called a positive list or exception list.
A whitelist is a list of things that are trustworthy.
A blacklist is also called a negative list or block list.
A blacklist is a list of things that should be excluded.
Whitelists and blacklists are comma-separated lists of the corresponding entries.
A special case occurs when you use regular expressions and formulate a regular expression that already contains a comma.
See also this section:
Regular Expression Examples.
The following settings fundamentally affect the way whitelists and blacklists work:
- If you have sufficient knowledge of using regular expressions, activate:
Regular Expressions = Yes.
This setting overrides the Generic Email in Whitelist setting. - Activate the use of domain-based email addresses if you want to include or exclude entire web domains:
Generic Email in Whitelist = Yes.
Save detected attacks
To get an overview of the number and type of spam attacks detected, the detected spam calls can be saved in the database.
This can provide valuable information for analyzing the spam attacks.
Set the option Save spambot attacks in database = Yes if you want to save the detected spam calls in the database.
Note: The database can quickly grow in data volume if a website is heavily attacked.
Therefore, keep an eye on the database.
Delete the records if necessary.
The data is stored in the following table: #__visforms_spambot_attempts.
