Form Security - What is it made up of? - 123ContactForm Blog

Form Security – What is it made up of?

ID-10079553
We need your feedback!
November 21, 2011
pie-chart-2
Upcoming: Improved Form Charts & Reports
December 5, 2011

Form Security – What is it made up of?

ID-100144550

123ContactForm takes great interest in providing online forms that are protected at all levels. From the hosting packages we use to the antispam solutions that we offer, everything is aimed at creating a secure experience for our users. Your account, your forms and the collected data are subject to various mechanism that ensure their security, integrity and confidentiality.

Secure Contact Form

Professional hosting

Our platform runs on cloud servers provided by Amazon Web Services, known as one of the cloud computing environments that offers the highest level of security and flexibility in today’s world. All information is encrypted and stored on our servers located in AWS’s secure data centers, provided with electronic surveillance and multi-factor access control systems, proofed against disruptions and hazards. Amazon’s servers are clustered in a global network of edge locations around the world (CloudFront), ensuring that no matter what the threat is, information remains securely hosted and available. We also perform daily backups of form data and graphics on Amazon S3.

Antispam protection

Forms can be protected from spam in various ways. You can adjust antispam features in the SettingsSecurity section. For a start, there’s CAPTCHA protection, which makes it very difficult for robots to abuse your form. Based on your choice, the verification image will appear each time the form is accessed, will change daily or will only show up when the form seems to be abused (smart CAPTCHA), i.e. when multiple form submissions are made from the same IP address. You can also use IP limitation and restrict the submissions coming from the same IP to a certain number, e.g. 1 per day, week or month, or even lifetime.

You can also use country filters. To do this, you simply need to check the option Reject submissions from the following countries and type in the country codes that you want to reject (you’ll find these codes in an attached list). Or you can go the other way around, so that you accept submissions only from certain countries. If your form is intended only for specific users, you can even set up password protection and share the keyword with the specific users only.

Phishing shutdown

We are much aware of the fact that forms are used on the web to collect private information (email addresses, passwords, credit card information) from people. We use human review and automated abuse detection to make sure that the web forms created by users of our service are not used in this purpose. For example, forms created on the Free plan and containing certain field labels are banned automatically. Further, our security scripts notify us each time a suspicious form or account is detected; we check user activity and shut down the account, if it is, indeed, malicious. Forms can be reported as abuses using the Report abuse link at form bottom.

If a phishing attempt escapes our security measures, it does so for a short while. After the form is shut down, harmed parties are provided with a document containing the data collected through the form, so that affected persons can be alerted. Qualified authorities that take legal action against online criminal activity are provided with user registration details, logs and IP addresses pertaining to abusive accounts.

Other provisions

Backup copy. A backup copy of your form submissions is stored on our servers. If you delete submissions accidentally, we’ll retrieve them from there. That’s the only reason why the backup copy exists. It is generated by default for every new form. If you don’t want the copy to be created, let us know.

SSL encryption. Platinum accounts benefit from SSL form encryption. SSL encryption is a protocol that secures communication over the Internet. With SSL, all data sent through the form is unreadable for any robot or person that tries to intercept communication. Accepting payments through forms is hence possible only with the Platinum plan.

Confidentiality. According to our Terms of Service, your account data and the information collected through forms are confidential. No information will be used, shared or sold and all collected data is rightfully yours.

 

Featured image courtesy: freedigitalphotos.net

Alexandra Draghici
Alexandra Draghici
is the Project Manager of 123ContactForm. She tracks our project development and acts as a link between departments. Alexandra likes web technologies and teaching online and offline.

4 Comments

  1. I want to learn more about the SSL Encryption and site security you offer

    • Alexandra says:

      Rob, the security features that we provide are summed up in the article above. If you want clarification or further details on a specific feature, please let us know. SSL encryption is a special protocol that protects the data sent through your forms from any third parties that attempt to intercept it.

  2. Samlibs says:

    If you embed the form into an existing web page then its not a secure page. When using Stripe you stay on the same web page to complete payment, when the form is embedded there is no padlock in the address bar and the form is asking for credit card details. How do we tackle this issue?

    Kindest regards

    Peter

    • czlavog says:

      Hello Peter,

      Stripe (and other payment) integration(s) in forms,are always secure because our service forces them to be so.
      More precisely, even if a form is not SSL secured, the Payment Summary portion is automatically and compulsory secured.

      As regards the forms that are also SSL secured (Publish Form -> “Secured SSL” at “Connection Type”), the https:// appears at the beginning of the URL if the 123 link is used.
      If you use the form embedded in your website, the form is still secured (and this can be seen from the https:// URLs in the form code to be used for embedding – the Embed Code sub-section of the Publish Form section), but the https:// does not appear to the URL of your website because the form cannot influence the SSL of your website itself, but only the form connection (which is SSL secured).
      However, an SSL secured form is secure even in a website that is not SSL secured. And the payment Summary portion is secured even if a form is not SSL secured.
      In case you need to have the visual https:// URL for your entire webpage, the SSL of our form building service cannot affect all your website, but only the form connection. If you need to see https:// in your website, you need to take an SSL certificate for your website separately.
      However, the most important aspect is that an SSL secured form is secure even in a website that is not SSL secured.

      Kind regards,

      The 123ContactForm team

Leave a Reply

Your email address will not be published. Required fields are marked *