Stopping forms from being spammed

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Stopping forms from being spammed

#1

Postby neilnewman » Thu Jan 11, 2018 11:30 am

Is there anything within Ebase that would enable us to stop forms from being fired up by spamming, we have considered using CAPTCHA but don't really want to do anything that would in-convenience our users.
0 x

Segi
Ebase User
Posts: 649
Joined: Mon Dec 09, 2013 6:37 pm

Re: Stopping forms from being spammed

#2

Postby Segi » Thu Jan 11, 2018 6:44 pm

It sounds like your form is publicly accessible and you don't want just anyone to load the form. If thats right, why not have the calling form that calls this form also pass some kind of parameter that you can check for in your before page event for the form that you want to prevent spamming on. If its not provided, display a message or redirect to another URL.
0 x

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Re: Stopping forms from being spammed

#3

Postby neilnewman » Fri Jan 12, 2018 8:44 am

What we appear to be seeing is the forms being fired up by some kind of bot, we are looking to find some way of stopping this, without inconveniencing our normal website form users.
As an example see a snippet from our ebase log below:

Fri Jan 12 04:03:42: INFO <-- Displaying page LOCAL_OR_NOT
Fri Jan 12 04:03:43: INFO << START EXECUTION OF FORM BP_PAY_CCTV_FOOTAGE >>
Fri Jan 12 04:03:43: INFO Running Before Form event for BP_PAY_CCTV_FOOTAGE
Fri Jan 12 04:03:43: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:03:43: INFO (BEFORE_FORM:1) executing SEQUENCE DARTFORD_AXISPORTAL
Fri Jan 12 04:03:43: INFO (BEFORE_FORM:1) $NEXT_SEQUENCE_ID set to 114073
Fri Jan 12 04:03:43: INFO (BEFORE_FORM:2) executing SET CTRL_VALUE = DBCLIVE114073
Fri Jan 12 04:03:43: INFO Start of page LOCAL_OR_NOT
Fri Jan 12 04:03:45: INFO << START EXECUTION OF FORM BP_PAY_CCTV_FOOTAGE >>
Fri Jan 12 04:03:45: INFO Running Before Form event for BP_PAY_CCTV_FOOTAGE
Fri Jan 12 04:03:45: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:03:45: INFO (BEFORE_FORM:1) executing SEQUENCE DARTFORD_AXISPORTAL
Fri Jan 12 04:03:45: INFO (BEFORE_FORM:1) $NEXT_SEQUENCE_ID set to 114074
Fri Jan 12 04:03:45: INFO (BEFORE_FORM:2) executing SET CTRL_VALUE = DBCLIVE114074
Fri Jan 12 04:03:45: INFO Start of page LOCAL_OR_NOT
Fri Jan 12 04:03:47: INFO << START EXECUTION OF FORM BP_PAY_CCTV_FOOTAGE >>
Fri Jan 12 04:03:47: INFO Running Before Form event for BP_PAY_CCTV_FOOTAGE
Fri Jan 12 04:03:47: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:03:47: INFO (BEFORE_FORM:1) executing SEQUENCE DARTFORD_AXISPORTAL
Fri Jan 12 04:03:47: INFO (BEFORE_FORM:1) $NEXT_SEQUENCE_ID set to 114075
Fri Jan 12 04:03:47: INFO (BEFORE_FORM:2) executing SET CTRL_VALUE = DBCLIVE114075
Fri Jan 12 04:03:47: INFO Start of page LOCAL_OR_NOT
Fri Jan 12 04:03:49: INFO << START EXECUTION OF FORM BP_PAY_CCTV_FOOTAGE >>
Fri Jan 12 04:03:49: INFO Running Before Form event for BP_PAY_CCTV_FOOTAGE
Fri Jan 12 04:03:49: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:03:49: INFO (BEFORE_FORM:1) executing SEQUENCE DARTFORD_AXISPORTAL
Fri Jan 12 04:03:49: INFO (BEFORE_FORM:1) $NEXT_SEQUENCE_ID set to 114076
Fri Jan 12 04:03:49: INFO (BEFORE_FORM:2) executing SET CTRL_VALUE = DBCLIVE114076
Fri Jan 12 04:03:49: INFO Start of page LOCAL_OR_NOT
Fri Jan 12 04:03:51: INFO << START EXECUTION OF FORM BP_PAY_CCTV_FOOTAGE >>
Fri Jan 12 04:03:51: INFO Running Before Form event for BP_PAY_CCTV_FOOTAGE
Fri Jan 12 04:03:51: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:03:51: INFO (BEFORE_FORM:1) executing SEQUENCE DARTFORD_AXISPORTAL
Fri Jan 12 04:03:51: INFO (BEFORE_FORM:1) $NEXT_SEQUENCE_ID set to 114077
Fri Jan 12 04:03:51: INFO (BEFORE_FORM:2) executing SET CTRL_VALUE = DBCLIVE114077
Fri Jan 12 04:03:51: INFO Start of page LOCAL_OR_NOT
Fri Jan 12 04:03:53: INFO << START EXECUTION OF FORM BP_PAY_CCTV_FOOTAGE >>
Fri Jan 12 04:03:53: INFO Running Before Form event for BP_PAY_CCTV_FOOTAGE
Fri Jan 12 04:03:53: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:03:53: INFO (BEFORE_FORM:1) executing SEQUENCE DARTFORD_AXISPORTAL
Fri Jan 12 04:03:53: INFO (BEFORE_FORM:1) $NEXT_SEQUENCE_ID set to 114078
Fri Jan 12 04:03:53: INFO (BEFORE_FORM:2) executing SET CTRL_VALUE = DBCLIVE114078
Fri Jan 12 04:03:53: INFO Start of page LOCAL_OR_NOT
Fri Jan 12 04:04:00: INFO << START EXECUTION OF FORM BP_CTAX_QUICK_BALANCE_CHECK >>
Fri Jan 12 04:04:00: INFO Running Before Form event for BP_CTAX_QUICK_BALANCE_CHECK
Fri Jan 12 04:04:00: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:04:00: INFO (BEFORE_FORM:1) executing SET HEADER =
Fri Jan 12 04:04:00: INFO Start of page PAGE_1
Fri Jan 12 04:04:02: INFO << START EXECUTION OF FORM BP_CTAX_QUICK_BALANCE_CHECK >>
Fri Jan 12 04:04:02: INFO Running Before Form event for BP_CTAX_QUICK_BALANCE_CHECK
Fri Jan 12 04:04:02: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:04:02: INFO (BEFORE_FORM:1) executing SET HEADER =
Fri Jan 12 04:04:02: INFO Start of page PAGE_1
Fri Jan 12 04:04:04: INFO << START EXECUTION OF FORM BP_CTAX_QUICK_BALANCE_CHECK >>
Fri Jan 12 04:04:04: INFO Running Before Form event for BP_CTAX_QUICK_BALANCE_CHECK
Fri Jan 12 04:04:04: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:04:04: INFO (BEFORE_FORM:1) executing SET HEADER =
Fri Jan 12 04:04:04: INFO Start of page PAGE_1
Fri Jan 12 04:04:06: INFO << START EXECUTION OF FORM BP_CTAX_QUICK_BALANCE_CHECK >>
Fri Jan 12 04:04:06: INFO Running Before Form event for BP_CTAX_QUICK_BALANCE_CHECK
Fri Jan 12 04:04:06: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:04:06: INFO (BEFORE_FORM:1) executing SET HEADER =
Fri Jan 12 04:04:06: INFO Start of page PAGE_1
Fri Jan 12 04:04:08: INFO << START EXECUTION OF FORM BP_CTAX_QUICK_BALANCE_CHECK >>
Fri Jan 12 04:04:08: INFO Running Before Form event for BP_CTAX_QUICK_BALANCE_CHECK
Fri Jan 12 04:04:08: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:04:08: INFO (BEFORE_FORM:1) executing SET HEADER =
Fri Jan 12 04:04:08: INFO Start of page PAGE_1
Fri Jan 12 04:04:10: INFO << START EXECUTION OF FORM BP_CTAX_QUICK_BALANCE_CHECK >>
Fri Jan 12 04:04:10: INFO Running Before Form event for BP_CTAX_QUICK_BALANCE_CHECK
Fri Jan 12 04:04:10: INFO Executing FPL script BEFORE_FORM
Fri Jan 12 04:04:10: INFO (BEFORE_FORM:1) executing SET HEADER =
Fri Jan 12 04:04:10: INFO Start of page PAGE_1
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

Re: Stopping forms from being spammed

#4

Postby Jon » Fri Jan 12, 2018 8:52 am

Have you checked the access log - this will give you the IP address where the request is coming from. It would be unusual for a bot to generate an explicit URL like this.
0 x

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Re: Stopping forms from being spammed

#5

Postby neilnewman » Fri Jan 12, 2018 8:58 am

Hi Jon,
These appear to be the corresponding access log entries:

NB: this is a small sample of the log

Thanks
Neil
178.154.200.31 - - [12/Jan/2018:04:03:43 +0000] "GET /ufs/BP_PAY_CCTV_FOOTAGE.eb?ebd=0&ebz=1_1514315961922 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:03:45 +0000] "GET /ufs/BP_PAY_CCTV_FOOTAGE.eb?ebd=0&ebz=1_1515729823400 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:03:47 +0000] "GET /ufs/BP_PAY_CCTV_FOOTAGE.eb?ebd=0&ebz=1_1515729825385 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:03:49 +0000] "GET /ufs/BP_PAY_CCTV_FOOTAGE.eb?ebd=0&ebz=1_1515729827401 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:03:51 +0000] "GET /ufs/BP_PAY_CCTV_FOOTAGE.eb?ebd=0&ebz=1_1515729829386 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:03:53 +0000] "GET /ufs/BP_PAY_CCTV_FOOTAGE.eb?ebd=0&ebz=1_1515729831386 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:04:00 +0000] "GET /ufs/BP_CTAX_QUICK_BALANCE_CHECK.eb?ebd=0&ebz=1_1514405165307 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:04:02 +0000] "GET /ufs/BP_CTAX_QUICK_BALANCE_CHECK.eb?ebd=0&ebz=1_1515729840528 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:04:04 +0000] "GET /ufs/BP_CTAX_QUICK_BALANCE_CHECK.eb?ebd=0&ebz=1_1515729842415 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:04:06 +0000] "GET /ufs/BP_CTAX_QUICK_BALANCE_CHECK.eb?ebd=0&ebz=1_1515729844431 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:04:08 +0000] "GET /ufs/BP_CTAX_QUICK_BALANCE_CHECK.eb?ebd=0&ebz=1_1515729846416 HTTP/1.1" 302 -
178.154.200.31 - - [12/Jan/2018:04:04:10 +0000] "GET /ufs/BP_CTAX_QUICK_BALANCE_CHECK.eb?ebd=0&ebz=1_1515729848432 HTTP/1.1" 302 -
NB: this is a small sample of the log
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

Re: Stopping forms from being spammed

#6

Postby Jon » Fri Jan 12, 2018 9:50 am

It seems to be coming from Russia - you can check the IP address e.g. 178.154.200.31 using any of the ip address location tools on the internet. So it does look like a bot. It's not unusual to receive URL requests from Russia - most servers will see these at some point, but it is a bit unusual to see an explicit Ebase form request.

You can't stop the Ebase system from processing these requests - it doesn't discriminate between IP addresses. One option would be to block these IP address ranges in a firewall or you could probably set up a Tomcat filter to do the same thing. But these requests probably don't present any security threat unless your system allows unauthenticated access, so I'm not sure it would be worth the effort.
0 x

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Re: Stopping forms from being spammed

#7

Postby neilnewman » Fri Jan 12, 2018 9:55 am

As part of our channel shift program, we monitor how often our forms are used, and these types of hits are not what we want to be counting, also we are a bit concerned about how much this loads the Ebase server.
As you suggested I will take a look into using Tomcat to block certain ip addresses.
0 x


Who is online

Users browsing this forum: No registered users and 9 guests