I have a friend who runs an online warehouse selling bulk sunglasses - he has started to get visitors from Nigeria and other dodgy countries scamming his clients by completing an enquiry form asking for more information on the product. The email enquiry form is PHP. Is there a script or any programming that can be done within the email enquiry form to stop scammers from doing this? He keeps blocking IP addresses, but the majority of the time they spam before he can block them. Any thoughts? Darren
He could block the ip range of those countries from where he is getting a lot of phony enquiries (check Ip2Location). But this won't always work since they can just use proxies.
Thanks, and that's true about proxies - I've told him about them already. I'll check that IP2Location site. Is it possible to block everyone from a specific country?
Can you elaborate? I dont understand. Your friend runs an online warehouse. How can someone scam his clients by asking for info? If you are getting too many requests and if you think they are being automated, try adding a CAPTCHA verification system. I may be able to help if you explain more. Thomas
Yes it is, you can either block all IPs from a specific country or you can allow only visitors from specific countries (where you sell the most, i.e. USA, Canada, UK, etc) to have access to the site.
Coderlinks, I'm not happy explaining the full details online, but it's all to do with credit card details. He doesn't think the requests are automated, and I've heard that the CAPTCHA system is flawed and not secure neither. Thanks Daniel. It looks like he's going to have to block a full country IP range through his .htaccess file, and update the .htaccess file monthly as changes are made to the IP addresses. Unless anyone can think of a more automated way of blocking ip users from a specific country.
You can code a ban system that uses a Geo-IP database like that at: http://www.maxmind.com/app/geoip_country Their lite version is not as accurate as their paid version. I knew about another free ip-to-country database but I dont remember... [EDIT] Got it!! Its http://ip-to-country.webhosting.info/ You can make a system with an easy interface for adding and removing countries from a list. Then you can include an authentication file at the top of each page of the site. It will check the IP of the user and give an error message, if he is from a banned country. Thomas
Captcha systems are not the solution in themselves, they are merely a part of the solution. While you ahvent given any details into the form, would it be possible to setup an approval system like blogs have, where you have to approve each comment made? While it may delay things you will be able to remove all the spam...
One of the commerce sites i own contains a contact form, and it gets used by a lot of scammers to attempt fraudulent orders. They're easy to spot a mile off however, 100 products wanted immediately shipped to nigeria and paid for by money order? Scamtastic! I don't think i completely understand the question you're asking though, how are the scammers fooling customers? is the query system public?