What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
Eliminating Foreign Form RequestAsked by RedemptionSong on December 09, 2014 at 01:09 PM
I am getting once again a lot of "free pen" request, all from overseas. The last time this was an issue I took advice and increased the amount of required fields but they are now filling in the zip codes etc. with false addresses. We have no idea where the leads are coming from as we confirmed with Google that they are not AdWords.
Please advise on what we may do to make the form more USA addresses only based. Thanks.
PS just in the past 20 minutes ELEVEN of them have come in and my email is getting totally clogged with these. This is serious.
Thank you for contacting us.
Unfortunately, there is no way to block the form overseas with JotForm at the moment. I have attached a feature request to this thread about the form access options. However, there is no ETA for when it will be implemented. We will let you know if we have any updates.
You might consider hiding the form Submit button when the country is not equal to United States.
Ok...how would I go about hiding the "submit" button if not a US address. Remember they are filling in false zip codes and false US cities under their real addresses just to fill in those fields. Please help I have literally tons of them pouring in by the minute.
I am concerned also since I am being charged for this and you do not have a way to stop it. Is there a way I can get my money refunded since this is an issue and not real submissions.
I have added the condition to your form to hide the submit button for non-US addresses.
Yes, we can refund the most recent monthly payment and and switch your account back to the Free plan per your request. In this case, your monthly submsission quota will be changed from 1,000 to 100.
Hello...although the button was added as per your response, I just wanted to let you know that the forms art still coming in. Not as many as before but enough to be concerned. Not so much an issue with my inbox right now but I just want to make sure I will not be charged should it continue and go over the 100...really wish there was a better way on your end to prevent this type of issue. Thanks.
This is a standard behavior, the form can be submitted by users all over the world. We cannot block such submissions since they are being submitted by real people.
If the form is accessed through your website (which is most likely the case), then you can ask your website administrator to block the website access for non-US users.
If the form is accessed directly via our website, then you can replace the form in question. The goal is to have the same form but with different link. Clone the form, then disable the original form, and use the cloned version (it will have different URL).
In case you would like to cancel your paid subscription, you can do this from the following page.
We unpublished the form at this point. We were told due to this issue of
useless foreign submits that because JotForm could not currently offer any
solutions to preventing this problem that we would be refunded our fee this
month. Could you please verify that? Thanks.
What my colleague has stated is true as far as I know. This is because of the fact that your computer uses a separate assigned IP provided by your ISP when you are connected to the internet which are metamorphic meaning they are constantly changing or being recycled in various ways. So the likelihood is unforeseen unless it is blocked from a specific website as he mentioned.
Have you taken a look at the current ways that we offer to limit your jotform submissions?
Another possible workaround would be to use a country style field with some conditional logic and you could then have this hide the submit button to prevent submission if the user is trying to submit from outside the specified country.
However, if none of those options catch your interest then just let us know and we will honor your request for a refund for your most recent transaction.
I did all the previous suggested methods but it continued....I will look at
the links you sent after the holidays but we have unpublished the form for
I would just like to check with you if you are using the jotforms on your own website or using the direct link?
While currently we can not block the IPs if they access the jotform directly, we could help you set it up so that your website is blocking access to the other countries hence not giving them the chance of filling out the jotform, but this would only be possible if the jotform was embedded on your website.
Yes the form is embedded on our site, so please do submit further
information regarding this.
OK, great I will give you a suggestion on how to do this.
A word of caution. Changing the file I will mention is not something to be taken lightly as it is the file that in a big way controls your website and any bad entry could cause it to send out an error instead of showing your website, hence it is very important to first:
1. have this done by someone that is familiar with this, or have them ready to jump in if needed
2. create a backup of the already working file
3. in case something is off, remove the modified file and restore back the original one you have copied in step 2.
How does it work?
The file that will allow you to do this is called .htaccess file.
With it we can block specific IP or even entire countries / continents, or you can use it to block only specific IPs such as the ones from the spammers.
Which one to select?
I would first try to block only the IPs that I can see in submissions from the spammers. This will be a shorter list, easy to update, but might need to be updated often.
The reason that I would go with this is that it will only block them and there is no worry that you might deny access to some search engine or someone in US by some chance.
Using IP blocs to only allow US IPs will probably seem like a neat solution as it would permanently cripple the attempts from anyone outside the US to come to your website.
Now the issue here is that you could be blocking search engines as well as some people from US as the IPs are 'often' re-assigned, so today's US IPs are not the same ones in maybe few months or a year.
This would mean that you would need to check the file that you download with the list of IPs often and make sure that the .htaccess file is up to date.
Another thing to note is that having a lot of IPs in there will make it slightly less responsive since the server would need to pass through all of them.
OK, now when you have facts that can help you decide what you want to do, here is:
How to do it?
* by country
I would like to recommend checking this guide as it includes nice steps and screenshots on doing this: http://www.inmotionhosting.com/support/website/htaccess/block-country-ips
Also the accepted answer here has a very good list with IP blocks (which means that there are not as many entries - there are still many however).
They hold everything you need to block all IPs that are not from US.
* by IP
This guide has a great explanation on how to do it: http://www.htaccess-guide.com/deny-visitors-by-ip-address/
Basically you just add the IP of the spammer to your list.
To get the IP of the spammer you need to go to Submissions Panel and if the IPs are not shown, just add them by clicking on the little gear wheel in the right and selecting the IPs to be shown.
OK, now you have done this, what you need is to find the spam entries and get their IPs.
For example if you need to block a user with IP xxx.yyy.zzz.mmm you can do it by adding this to your .htaccess file:
deny from xxx.yyy.zzz.mmm
allow from all
which would simply deny access only to the above IP and allow everyone else to proceed.
Another word of caution: Please note that even if you do not see the .htaccess file at first, it is there and most likely already doing something for you. Because of this, you must not simple replace it with a new file or remove parts from it, you should add the IPs list at the top of it instead and then have all the other code that was already there do its job.
The only reason why I have added word of caution 2 times is because it is easy to get in the moment and do something wrong, which happened to me when I got in contact with .htaccess files for the first time and to so many others , now experts as well.
I hope that the instructions were simple and that the provided links will help you further, but in case you are not sure of something, I suggest letting us now and we would be happy to answer to any questions that you might have.