Settings cog > Global Settings > Spam Prevention
Spam Prevention settings protect your forms from two types of issues that can unfortunately happen if a spambot uses your form:
- Spam: A large number of junk accounts are created in your system.
- Fraud: A large number of false transactions are entered into your form to test credit cards in bulk, also known as "carding."
NeonCRM is able to prevent these problems by placing limits on the velocity of form submissions coming in to your Neon system.
To view your Velocity Control settings, navigate to: Settings cog > Global Settings > Spam Prevention > Velocity Control.
Using Velocity Control, you can choose how many submissions are allowed before an IP address is blocked, or before a CAPTCHA is added to a form.
Velocity Control also automatically enables a feature that blocks an IP after 7 unsuccessful attempts to process a payment. (Payment attempts that fail due to normal validation errors—such as required fields not being filled out—do not count; this strictly applies to payments rejected/declined by the processor).
A CAPTCHA will automatically be added to all front-end payment forms for 24 hours if a large number or ratio of failed payments is received over the course of 1 hour. A system notification email will be sent to notify all active system administrators of potentially suspicious activity if this setting is triggered.
What's a Captcha?
A CAPTCHA is that "I am not a robot" checkbox. You can add this field manually when customizing your forms, but many prefer not to trouble their constituents with it unless absolutely necessary.
If a certain IP address does become blocked by the Velocity Control, you can review it under Individual IP Address Blocking, which will show all IP addresses that have been blacklisted by your system.
When someone's IP address is blocked from your NeonCRM, upon accessing a Neon page they'll be shown the message "There was a connection problem. Please contact [your organization] for assistance".
If this IP address happens to just belong to a very enthusiastic donor (or it is your organization's IP address) you can remove the block by clicking Unblock. Consider increasing the numbers under Velocity Control if this does occur.
If your organization's database consistently receives spam and/or fraud requests from certain countries you do not work with, you can choose to block those countries via Country IP Address Blocking.
To block traffic coming from a specific country, highlight the country in the whitelist you wish to block, then click the - (right arrow) button in the selector. This will move the country in question from the whitelist to the blacklist. Once you are satisfied with the settings, click Save.
If you do legitimate business with a country, you should not use this method to block the country's IP addresses. Also, IP addresses associated with the United States cannot be blocked via this method; the United States is always on the whitelist.
Donation forms are the main targets for fraudulent credit card attempts. In addition to the system-wide spam prevention measures, there are additional steps that you can take for these forms in particular:
- Make sure that the navigation flow of your donation forms is set to "Two-Page". This puts the payment collection fields on a separate page from the rest of the form. Bots that are automated to complete a single page with name and credit card information will not be able to complete these forms.
The default configuration of your donation forms is the "Two-Page" navigation flow, but if you are experiencing a number of fraudulent donation attempts, we recommend checking the setting to make sure that it hasn't been changed.
- Set a minimum donation amount for your donation forms. Many bots are automated to attempt charges of $5 or less, so if you set a minimum donation amount of at least $5, these attempts will all fail.