Spam protection: Captchas & Co.
Poorly protected forms are a honeypot for spammers. You may have made painfull experiences with that.
Using Captchas as a means of spam protection is not undisputed, because human users often struggle with it.
That's why Visforms provides you with an alternative option to prevent spammers from bothering you, that doesn't incorporate captchas and which is unique among Joomla! form extensions; a spam protection plugin.
We rely on that plugin as sole means of spam protection and usually there is less then one spam submission in a month!The Visforms Spam Protection Plugin
The fight against spam and spammers has created several online spambot databases which can be used without reservation to accomplish spam protection on your own website. Those databases respectively special applications are continously and actively searching for spam IP's and email addresses. Of course spam IP's and emails do change (that is why there is no database that lists every single spammer)
Those online databases are very effective. Usually new spammers are detected and listed within hours and using those databases - which is what our plugin does - provides a very high level of spam protection. Nevertheless, sometimes spammer develop a new quality of spamming and it may happen that the online databases need some time to adapt to this. In this case you can temporarily turn on Captchas.
The Visforms Spam Protection Plugin is enable by default and set up with sensible default settings. By default it will check the sender IP and if your form comes with a field of type e-mail, the e-mail address as well against the databases of stopforumspam.com and SpamCop.net. Another good database is ProjectHoneyPot.org, which needs a (free) key. It is also available but disabled. (If you want to use that database too, you have to get a key.) You can set up simple white- and blacklists as well. All settings are made on the form configuration tab "Spam Protection".
What you should mind about sorbs.net
The provider sorbs.net tends to classify entire IP-networks, if only one IP address out of the network is sending spam. Under some circumstances this may, according to Visforms users, cause many false classifications as spam. Therefore we do advise not to use this provider. We are investigation this subject at the moment.
E-Mail Whitelist
Usually using a white list, should only be necessary rarely. If many of your users are falsly flagged as spammer, you have to adjust the plugin settings and not try to mend this by putting all your users on a whitelist. (See also "What you should mind about sorbs.net).
Nevertheless you might sometimes want to put somebody on a whitlist. The E-Mail whitlist support two different formats. You can either us it as a domain based whitlist. In this case, all entries must be in the format @domain1.com,@domain2.com, or you can use it as an e-mail address whitelist. Then all entries must be in the format
Please select first, which format you want to use with the option "E-Mail Whitelist is Domain bases" (On earlier version: "Allow generic E-Mail in Whitelist?"). Enter your whitelist entries in the correct format in the field "E-Mail Whitelist" then as a comma separated list. It is not possible to use both formats at the same time!
What is the difference between the settings in the global configuration and the form configuration?
Setting, which you make in the global configuration are only used as defaults, when you create a new form. It is the settings in the form configuration that are actually used, when a user submits a form.
Using Captchas
Captcha settings are set in the form configuration tab "Advacned". The option Use Captcha has three settings:
- None
- Visforms Captchas
- Recaptcha Plugin (for Google Recaptchas)
What's special about the Recaptcha Plugins
Recaptchas are a free service of Google and known for their high level of protection. You need two key's which you can get from Google, in order to use this service. Joomla! has decided to make Recaptchas the default captcha system of the CMS and provides a plugin of type "Captcha" for integration. You have to enable the plugin and enter your keys there before you can use the Recaptchas in your forms. You can find more information about Recaptchas and how to get a key in the plugin administration.
Notice: It's Google who determines the layout of their Recaptchas and there are hardly any options to modify this layout, especially the width. So if you work with Recaptchas and publish a form in a module position it may happen, that the Recaptcha simple doesn't fit into the module because it's to big.
You can provide a customised captcha tip text and a customised error message for the captcha. These options are set in the form's tab "Advanced".
Important: Google Recaptchas are resticted to one captcha on a page. If you publish forms in modules you may display more than one form on a page. So you have to make sure that a maximum of one of these forms uses Recaptchas (including a potential Joomla! login module using Recaptchas). It is possible to use more than one form with Visforms captchas on one page and to mix forms with Viscaptchas with forms with Recaptchas.
Other Captcha Settings
In the form configuration tab "Spam Protection" you can further on set a custom label for your Captcha (which is used instead of the default label "Captcha") or you can hide the label. You can set a custom captcha tip text, which is displayed if the user hovers the captcha label with their mouse and you can set a custom captcha error text, which is displayed, if the user leaves the captcha input field empty.
If you decide to use the Visforms Captcha, then you will find a lot of uptions, with which you can customize the Visforms Captcha, for example us a mathamatical captcha instead of a string.
The invisible reCaptcha
Since 3.9, Joomla! provides a new Captcha, the invisible reCaptcha. Please note, that Visforms does not support that Captcha. Further on, because of how Joomla! has implemented the invisible reCaptcha, there will be incompatiblities, which breaks Visforms, if you have enabled the invisible reCaptcha Plugin on your website and enable any Captcha in the Visforms form configuration!