Testimonials SQL table being spammed

[SilverLining]

Hi,
I don't know if anyone can help me but here goes anyway.
I have been using the RSMonials (ver 1.5.2) component to enable my customers to leave testimonials on my site.
About a month ago a spammer began leaving up to 5 spam testimonials each day.
I activated a setting that notified me by email each time a testimonial is posted. I can then go into the administration side of the RSMonials component and delete the spam.
This is obviously tedious. I would prefer to block the spammer but don't know how.

In an effort to stop the spammer I disabled the RSMonial component and the Testimonial menu and left it for 24 hours. This successfully stopped the spam, but obviously prevented genuine customers leaving a testimonial as well.
I then re-enabled the component but left the Testimonial menu disabled. After about 12 hours the spamming began again.
Therefore the spammer seems to be able to access the component without using the testimonials menu option (possibly via a carefully crafted web link?)
Can anyone offer advice on how to track the spammer down and block him?
Many thanks.

[jon123]

Hi, unfortunately its one of those situations that affects most of us where a form can be spammed by bots.
Your only solution is to get support from rsmonails whom i would have thought had options to add or improve the captcha or offer some other blocking scripts.

No experience with that open source script but is there not an option for you to validate the testimonials before they go live on the site?.

other option would be to add another form field where they have to add a certain word, phrase, or combo and then check for that before the testimonial is entered.

[SilverLining]

Hi Jon123,
Thanks for your quick response and comments.
I am already validating the testimonials, as you suggest, and screening out the spam, so, yes, the spam does not get published which is good news, but it is still a task that I'd rather not have to do.
Your suggestion to add another check to the form, I don't think would work. The spammer seems to bypass the form altogether. Also I have disabled the Testimonial menu entry so there is no way he can get to the form. Using the previous link [compuguide.info/joomla15/index.php/testimonials] to the testimonials form fails with a 404 error.

[jon123]

hi, if the spambots are bypassing the form then the form isnt being validated at the insert end. Adding another form field and checking the contents of that field on the insert page before the entry is executed should stop the insertion.

As a minimum on my forms i check that the form submit button has been clicked by passing the value of the submit button along with the rest of the form. If the submit button hasnt been clicked (i.e they have tried to enter data without using the form), then the entry is rejected.

As mentioned, that is a minimum, I also have a captcha or a text field to help stop the problems you are facing.

[SilverLining]

Thanks for the advice, but sadly it is over my head, I barely knew enough to get the component installed. Hacking the php code is beyond me.
I can't complain, though, it was a free component. I guess it's time to go out and buy a commercial Testimonial component.
Thanks

[jon123]

you're welcome.
Isnt there a mod for that script them? I presume a lot of folk are having the same problems as you are. Common problem really with popular form scripts, they are targeted by the spambots.

Just been to their website and support isnt to be found apart from an email address. As you say a freebie so cant complain.

[SilverLining]

I may hold off on switching to a new Testimonials component.
I have discovered that I can delete a whole bunch of the spams directly from the SQL table in one go, using the cPanel's "phpMyAdmin" option, rather than deleting each one individually from the component's admin page.
This makes it much less tedious to keep clean.