We monitor requests made to web widgets and forms to try and
- Identify and block suspicious requests
- Block automated form submissions - i.e. submissions from spambots
Identify and Blocking Suspicious Requests
If the pattern of requests from a particular source* looks suspicious Donorfy will initially restrict the number of requests responded to - if Donorfy continues to receive suspicious requests all requests from that source will be blocked and email the administrator users in your Donorfy to tell them this has happened.
You can then decide whether to keep the block in place or allow requests from that source - see 'Allowing and Blocking Requests' below.
* Donorfy uses IP addresses to track the source of requests, IP addresses are numbers allocated to computers using the internet - similar to how a postal address identifies a house or building, an IP address identifies a computer.
Blocking Automated Form Submissions
When the form is submitted Donorfy uses various checks to determine whether the form appears to have been submitted by a real person rather than a spambot. If the form appears to have been submitted by a spambot Donorfy will mark it as spam note that
- Spam forms will not be processed
- You can view details of spam forms by clicking on them - see this article for more information
- Spam forms are automatically deleted after 30 days
Allowing and Blocking Requests
Request rules can be set up from within:
Forms > Security
Online Donations > Security
The rules are a list of allowed or blocked IP addresses. This list is shared by Forms and Web Widgets so it can be managed in both places. These rules are applied whenever a Web Widget or Form is requested.
Existing request rules are shown in a list - you can update or delete these rules as required.
If a blocking rule was added automatically then information about when it was added and where the requests appear to originate from will be shown - this allows you to decide whether you want to keep the rule or delete the rule.
To add a new Request Rule, click on Add Request Rule button
- Enter a description for the rule
- Enter the range of IP addresses the rule applies to - if you only want the rule to apply to one IP address then enter that value in both the From and To IP address
- Indicate whether requests received from the IP addresses in the range should be allowed or blocked
- Save the changes
Note - the IP addresses added should be the Public IP address - if you need to locate your Public IP address, then you can search via your web browser "What is my IP"
IP address range to be blocked, please ensure that the lower IP number is in the 'From IP Address' box and the higher IP number is in the To IP Address box.
To delete a rule or rules, click the Delete button.