To be fair, it would be worth approaching @Pealco to freelance a solution for you.
Yes, though it defies having bought into a platform that promises quick and easy web site creation. If I have to outsource an important portion to a freelancer then I feel I have gotten a car without wheels.
Anyway, right now I am just looking for some simple solution. Even an email link with obfuscation or something that would work. I found some web sites that obfuscate emails but when I add the code snippet, no classes can be applied, no formatting, no colors will be applied when assigning the corresponding class to the code snippet bric.
I would be very grateful if I would get just something here that works.
1 Like
Hello @Visionquest understand your point of view about the car without wheels, but your car with wheels don’t go anywhere without fuel… and you have to pay for the fuel… 
Even to help the users, we have a lot of work, we have to create a new project, try before send any code or input. If you check my blocs snippet website you will see a lot of work there. Every entry in the website was to help a user, and it was free but now I’m not doing it any more, sorry.
From the free help we gave, same people then charge customers. And in this way we work for free to others earn money. And I think it’s not fair.
Hope you understand…
I would tend to have a little more sympathy with your comment about “buying into a platform that promises easy website creation” if indeed Blocs failed to do precisely this. The absence of captcha or re-captcha has very little to do with the ease by which a website can be created. It’s an option that some people obsess about, whilst other can happily live without. The fact is you will find it very difficult to find threads on this, or other forums that demonstrate webforms in blocs are major contributor to spam email.
The primary culprits when it comes to spam emails are not website forms as such. According to 2019 data from SecureList, the problem of spam has more to do with compromised scripts (notionally those associated with open source CMS systems such as Joomla and Wordpress), social networks and a range of google services which have to be constantly updated to try and defeat the problem. Add to this the numerous exploits that can be injected into, predominantly, Windows computers through Microsoft application hacks, and you begin to understand where the real spam problems arise.
Even Google captcha and re-captcha have been circumvented in order to gain access to form processing scripts without even having to visit the originating website where the captcha is displayed. The thing is, the more widely used a spam defeat system is, the greater the determination of professional spammers to circumvent the anti-spam measures. Clearly, it’s simpler for a spammer to compromise a system that literally millions of websites around the world use, because once its hacked, it can be replicated to compromise many systems.
My advice remains the same, build a blocs form, publish it and count the spam emails that come in. You can easily differentiate between those that have been submitted from your website because they will contain all the form fields. If you get inundated with spam emails that do not contain your form fields, it may well be that someone has compromised the script on your server to extract the email address. Certainly, it’s highly unlikely that a professional spammer in China is going to go to the trouble of spamming a single recipient email address - the address may well end up on a spammers hit list if the email address has been used indiscriminately elsewhere, but the chances of it being used in a major spanning operation is highly unlikely.
Of course, there would be nothing to stop a professional spammer from downloading blocs and picking it apart to see how the script works and where it is located on a server when published. It’s then a question of looking for loopholes and backdoors that can be exploited to bypass your website and simply target the scripts directly to send emails to other people. But why would they do this. Unlike the many CMS systems out there, finding blocs sites to target would be little more difficult and probably wouldn’t be worth anyone’s time trying to exploit.
It should also be remembered that by far the biggest problem today is where companies maintain a database of customers which gets replenished through sign-up forms. These are the primary target for most spammers as they gain access to millions of customer email addresses, This is why social networks and major corporations are targeted so frequently. The idea is get the user lists and then spam them en-mass with phoney offers or emails that purport to come from banks. Believe me, none of these spammers have the slightest interest in targeting a single recipient email address on some obscure website. You may well find a troublesome individual who will fill up the form on line just for the fun of it, but it isn’t compromising your system and the resultant email can be simply trashed.
1 Like
On a grander scale you might be right with your theories and statistics. I don’t argue with that.
Specifically, though, I have had and still have web sites that, if I don’t put a ReCaptcha on the form I get tons of emails of the same character, form fields filled out by a bot. Once the ReCaptcha is in place, it stops.
Therefore I am seeking an option, even if it is just a honeypot solution. And I do insist, that this needs to be built into the Blocs core application to make this attractive and to ensure a quick and effective workflow.
Also last but not least, if you have a client and they ask for an active spam protection, you put one in, whether you believe in it or not. And again, this needs to be available in the development platform of your choice.
I have no issues with people offering paid services. And I did not know that you do in the context of Blocs related customizations.
What I did point out that I would expect the core application to offer some kind of solutions for spam protection and that I am indeed disappointed about that. I got Blocs before the ReCaptcha Bric was abandoned and only now I am getting around to work with Blocs.
Which you should be able to do if you are offering these types of services professionally.
It’s interesting actually. Even the swipe the puzzle captcha is easily circumvented if you really wanted to.
I’m not sure what the issue is with the Recaptcha bric, but it appears it’s Google’s own code that’s hit or miss for some reason.
Yes I understand, lets wait for what Blocs V4 brings, probably it could be something that @Norm includes in the new version. I don’t know…
1 Like
I don’t offer services in web development, I am making a general statement.
So was my comment.
The solutions are out there, i’ts just a question of choosing one that suits your purpose. On some of the websites I create, it’s essential to have some sort of verification to ensure that the form has been completed by a real person (whether it’s an amateur spammer sitting in his bedroom or a bot that is seeking to compromise a form script). All of the e-commerce sites I create always include a verification system of some sort. So do some of my membership sites. HERE is an example of a site that uses a simple verification code before someone can send the form (bottom of the page). This is required because the the form script saves the data to a database AND responds automatically to the sender. This was done by simply adding a third party script through which the form can be created. It’s then embedded into the web page using a small piece of embed code. Whenever the form is changed in the admin area of the site, the changes automatically show up in the web page. This is a specific example of choosing a solution that achieves a client objective - in this case, compliance with the law rather than a spam defeat method, but it does achieve that objective also.
Basically, any form solution, whether hosted elsewhere or hosted on your own domain can be configured to use a verification code if it’s something the client needs. You just have to find one that works for you and go with it.
2 Likes
I too would like to see a one-size fits all solution, but as has already been seen, if an app or bric developer uses a third party hosted solution such as re-capture, it can open a bag of worms. Every time Google, for example, introduces a new feature to make its system more secure or less vulnerable, the app developer has to put out an upgrade. So most app developers will provide a basic level of security by offering a mail-to script (which in itself is already fairly secure). If people want something else, they can add it through the code bric that is supplied as part of the app. This way, the developer isn’t then constantly tied to the issue of spam protection and the server infrastructure that may require.
And just to ad in here that none of my sites have any sort of recaptcha or other anti-spam devices in the forms and my clients and I have very few spam emails, maybe 2 or 3 per week.
Possibly I’m lucky…
Where’s that script from if I may ask?
@pumpkin Its a script called Contact Form Generator. It’s essentially an online WYSIWYG form generator that sits on your own server (not a third party server). You log into the script through an admin area of your site and use it to create as many contact forms as you wish. Each one can have its own unique parameters. Form fields include file uploads which is currently missing from standard Blocs forms (for obvious reasons). and it offers two types of verification Ether a character verification (such as the one in my reference site) or a math question. Its a relatively cheap solution. for $19 you get the script which you can install on as many sites as you wish. If you want to remove the branding from the script, the fee is $29. The developer will install the script for you at no extra charge, but installation is relatively simple and straight forward.
The script generates the embed code for each form which you simply copy and paste into your blocs project where you want the form to display. You have a choice of plain HTML or javascript, so you can use whichever you prefer. All forms are saved to a database so you can select and reuse them over again. In fact, you could set up the script once on your own domain, and create forms for other websites you are in charge of. The script doesn’t have to be in the same domain that a form is in, so, if you are a web developer, you can basically set up your own form creation facility on one domain and use the forms across several that you may develop.
Edit: Here are some screenshots of the admin interface:
1 Like
Please note that I’m not questioning your above decision as its clearly everyones choice how they wish to approach such things, so this is not directed at you.
But in context, most people are not tracking down and sending tips/payment when they freely gather information from Google, Forums, StackOverflow, Codepen, Github, Tutorial sites, Youtube, Frameworks, Libraries, etc. Instead they choose to pass things off as their own solutions, works and use those things commercially while never giving credit as to where it originated. In similar regard people that use Blocs are not sending Bootstrap, Jquery, etc., separate support funding since those are used in the app and both of those take massive dev effort. I’m sure Norm wouldn’t mind if with every .Xxx update users would send funding between paid major updates for all his hard work. :—P
Again I am not questioning you or anyones approach or decisions. Just giving context in the broader perspective of how historically the web has inherently worked and allowed individuals to prosper. Allowing people to create opportunities through other peoples hard work is what has allowed the web to thrive. If there is a singular positive of the web besides connectivity and all it has to offer it would probably be that aspect. As it has allowed the web to mature to the point that it is today and offered multitudes the ability to prosper freely from others. For instance, people can create a free Youtube account and end up a millionaire. Many times developers will use generosity as a way to give back but also create income. There are lots of frameworks and libraries that have both open source and paid versions for these reasons. @Eldar has done a great job with this approach of offering both and it has allowed him much success.
Generosity can come in many forms - I saw this just recently and it made me laugh.
https://twitter.com/Bliepjes/status/1290254110697160705
The web is full of generosity that allows opportunity for anyone to prosper.
@Visionquest, I believe so.
I posted this old screenshot in another thread the other day that seems to indicate some form of captcha or spam protection is coming to Blocs v4. But I guess there is always the chance that could of changed since.
2 Likes
Feel free to inadvertently spill your coffee on these people laptops. 
2 Likes
Hi all, Let’s be honest. There’s a bunch of amazing guys around here who do help NooBs like me building some amazing features with blocs and their knowledge. It will always difficult to draw the line what should be “free” or “paid”. @PeteSharp helped once with an issue which should be in fairness a paid support (I offered him a few beers on his next holiday though 
). so are there many others around. I believe the spam solution from @Pealco is awesome and ask him to either quote me (pm) for this bric or to add it to the Blocs store.
@Blocs_User We have an old saying in the consulting services industry “Advice is worth exactly what you pay for it.” The same can be said of the website business. Whilst FREE advice is always available on forums such as this, it doesn’t mean that the advice WILL always solve the specific issue in question - its given on a best endeavours basis. To get a specific solution that the advisor can stand behind normally involves payment of a fee. So I agree wholeheartedly with your comments.
1 Like
Noooooo not the coffee!!! 