Form Security

We monitor requests made to web widgets and forms to try to:

  • Identify and block suspicious requests
  • Block automated form submissions - i.e. submissions from spambots

Identify and Blocking Suspicious Requests

If the pattern of requests from a particular source* looks suspicious we will initially restrict the number of requests we respond to - if we continue to receive suspicious requests we will block all requests from that source and email the administrator users in your Donorfy to tell them this has happened. You can then decide whether to keep the block in place or allow requests from that source - see 'Allowing and Blocking Requests' below.

* We use IP addresses to track the source of requests, IP addresses are numbers allocated to computers using the internet - similar to how a postal address identifies a house or building, an IP address identifies a computer

Allowing and Blocking Requests

Request rules can be set up under Forms | Security. The rules are a list of allowed or blocked IP addresses. This list is shared by Forms and Web Widgets so it can be managed in both places.

These rules are applied whenever a web widget or form is requested - press the Add Request Rule button to add a new rule you can

  • Enter a description for the rule
  • Enter the range of IP addresses the rule applies to - if you only want the rule to apply to one IP address then enter that value in both the From and To IP address
  • Indicate whether requests received from the IP addresses in the range should be allowed or blocked

Existing request rules are shown in a list - you can update or delete these rules as required.

If a blocking rule was added automatically then information about when it was added and where the requests appear to originate from will be shown - this allows you to decide whether you want to keep the rule.

Blocking Automated Form Submissions

When the form is submitted we use various checks to determine whether the form appears to have been submitted by a real person rather than a spambot. If the form appears to have been submitted by a spambot we will mark it as spam and it will not be processed.

Have more questions? Submit a request

Comments

Powered by Zendesk