Global Settings cog > Global Settings > Spam Prevention
Spam Prevention settings protect your forms from two types of issues that can unfortunately happen if a spambot uses your form:
- Spam: A large number of junk accounts are created in your system.
- Fraud: A large number of false transactions are entered into your form to test credit cards in bulk, also known as "carding."
NeonCRM is able to prevent these problems by placing limits on the velocity of form submissions coming in to your Neon system.
To Enable Velocity Control, navigate to: Global Settings cog > Global Settings > Spam Prevention > Velocity Control
Using Velocity Control, you can choose exactly how many submissions are allowed before an IP address is blocked, or before a captcha is added to a form.
What's a Captcha?
A captcha is that "I am not a robot" checkbox. You can add this field manually when customizing your forms, but many prefer not to trouble their constituents with it unless absolutely necessary.
Enabling Velocity Control also automatically enables a feature that blocks an IP after 7 unsuccessful attempts to process a payment. (Payment attempts that fail due to normal validation errors—such as required fields not being filled out—do not count; this strictly applies to payments rejected/declined by the processor).
If a certain IP address does become blocked by the Velocity Control, you can review it under Individual IP Address Blocking, which will show all IP addresses that have been blacklisted by your system.
When someone's IP address is blocked from your NeonCRM, upon accessing a Neon page they'll be shown the message "There was a connection problem. Please contact [your organization] for assistance".
If this IP address happens to just belong to a very enthusiastic donor (or it is your organization's IP address) you can remove the block by clicking Unblock. Consider increasing the numbers under Velocity Control if this does occur.
If your organization's database consistently receives spam and/or fraud requests from certain countries you do not work with, you can choose to block those countries via Country IP Address Blocking.
To block traffic coming from a specific country, highlight the country in the whitelist you wish to block, then click the -> (right arrow) button in the selector. This will move the country in question from the whitelist to the blacklist. Once you are satisfied with the settings, click Save.
If you do legitimate business with a country, you should not use this method to block the country's IP addresses. Also, IP addresses associated with the United States cannot be blocked via this method; the United States is always on the whitelist.
Donation forms are the main targets for fraudulent credit card attempts. In addition to the system-wide spam prevention measures, there are additional steps that you can take for these forms in particular:
- Make sure that the navigation flow of your donation forms is set to "Two-Page". This puts the payment collection fields on a separate page from the rest of the form. Bots that are automated to complete a single page with name and credit card information will not be able to complete these forms.
The default configuration of your donation forms is the "Two-Page" navigation flow, but if you are experiencing a number of fraudulent donation attempts, we recommend checking the setting to make sure that it hasn't been changed.
- Set a minimum donation amount for your donation forms. Many bots are automated to attempt charges of $5 or less, so if you set a minimum donation amount of at least $5, these attempts will all fail.