Form Security

We monitor requests made to web widgets and forms to try and 

  • Identify and block suspicious requests
  • Block automated form submissions - i.e. submissions from spambots

 

Identify and Blocking Suspicious Requests

If the pattern of requests from a particular source* looks suspicious Donorfy will initially restrict the number of requests responded to - if Donorfy continues to receive suspicious requests all requests from that source will be blocked and email the administrator users in your Donorfy to tell them this has happened. 

You can then decide whether to keep the block in place or allow requests from that source - see 'Allowing and Blocking Requests' below.

* Donorfy uses IP addresses to track the source of requests, IP addresses are numbers allocated to computers using the internet - similar to how a postal address identifies a house or building, an IP address identifies a computer.

 

Blocking Automated Form Submissions

When the form is submitted Donrofy uses various checks to determine whether the form appears to have been submitted by a real person rather than a spambot. If the form appears to have been submitted by a spambot Donorfy will mark it as spam and it will not be processed.

 

Allowing and Blocking Requests

Request rules can be set up from within:

Forms > Security 

mceclip0.png

Online Donations > Security

mceclip1.png mceclip2.png

The rules are a list of allowed or blocked IP addresses. This list is shared by Forms and Web Widgets so it can be managed in both places. These rules are applied whenever a Web Widget or Form is requested. 

Existing request rules are shown in a list - you can update or delete these rules as required.

If a blocking rule was added automatically then information about when it was added and where the requests appear to originate from will be shown - this allows you to decide whether you want to keep the rule or delete the rule.

 

To add a new Request Rule, click on Add Request Rule button

mceclip3.png

  • Enter a description for the rule
  • Enter the range of IP addresses the rule applies to - if you only want the rule to apply to one IP address then enter that value in both the From and To IP address
  • Indicate whether requests received from the IP addresses in the range should be allowed or blocked
  • Save the changes

Note - the IP addresses added should be the Public IP address - if you need to locate your Public IP address, then you can search via your web browser "What is my IP" 

mceclip6.png

 

 

 

To delete a rule or rules, click the Delete button.

Have more questions? Submit a request

Comments

Powered by Zendesk