Spammers Via Contact Form

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Ideas Centre
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
zag2me
Registered User
Posts: 15
Joined: Wed Jan 18, 2012 10:13 am

Re: Spammers Via Contact Form

Post by zag2me »

Been getting loads of these myself from something called xrummer spamming software.

Solution is to turn this feature off:

ACP (Admin control panel) > Contact page settings > Enable contact page > Disabled.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72354
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spammers Via Contact Form

Post by KevC »

zag2me wrote: Mon Aug 14, 2017 11:42 am Been getting loads of these myself from something called xrummer spamming software.

Solution is to turn this feature off:

ACP (Admin control panel) > Contact page settings > Enable contact page > Disabled.
There are one or two extensions in the database to deal with that and keep it running.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
mrgtb
Registered User
Posts: 603
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb »

Musoguy wrote: Fri Jan 29, 2016 6:28 pm I know this thread is a little old now, but just had the same issue and am posting in case my fix can help anyone else using 3.1. My theme is based on prosilver and the navbar_footer.html was unchanged so found in the prosilver folder

Open Style -> prosilver -> template -> navbar_footer.html

Find:

Code: Select all

		<!-- IF U_CONTACT_US --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
Replace it with:

Code: Select all

<!-- IF S_USER_LOGGED_IN -->		
			<!-- IF U_CONTACT_US --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
<!-- ENDIF -->
Purge the cache. Now the contact admin link will only show up once a user has logged in. I'm sure there are more eloquent ways to do this, but this worked for me :)
Doing that only hides the Contact Us "icon" not being displayed to guests. But if they know the page address they can still access it and send emails as guests. I know this is an old post, but just saying so others don't think this actually works.

You should do it this way anyway, which doesn't need an extra set of permissions adding and also hides it from bots.

Code: Select all

			<!-- IF U_CONTACT_US and not S_IS_BOT and S_USER_LOGGED_IN --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26520
Joined: Fri Aug 29, 2008 9:49 am

Re: Spammers Via Contact Form

Post by Mick »

I’m confused, what’s the point of having it show only to registered users, that’s not the purpose of the form? You have the option to disable it in the ACP.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
mrgtb
Registered User
Posts: 603
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb »

Well to be fair, since GDPR came along. Euro users are now supposed to display a Contact Us point on their sites. But it really needs to be using anti-spam measures on that page that users must pass to send out an email. In this day and age with spammers now offering a Contact Us form with no sort of anti-spam measures is nuts, plain and simple. It can end up getting your server domain email black listed

I read above it being said it's left out because a guest might be trying to contact you because they cannot register. Well, look at this way. All popular paid forum software does actually use anti-spam measures on the contact us form, such as WoltLab and XenForo. So they obviously think it's needed on that page to help stop email spam.

But keep in mind now with this GDPR, Euro users need to be showing a Contact Us on their sites to come inline with the law. But it's pretty hard to do that using phpBB with no anti-spam measures used on it. If you ask me, this is something you need to address now that GDPR is out. I'm not alone in refusing to display the Contact Us page, all due to lack of anti-spam not used on it.

It's ridiculous to say you don't use anti-spam on it because a guest might not be able to pass it. That's their touch luck, it should still be there though to stop spam being send out "unchecked" from sites servers.
Last edited by mrgtb on Mon Jun 11, 2018 4:15 pm, edited 1 time in total.
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Spammers Via Contact Form

Post by canonknipser »

Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
mrgtb
Registered User
Posts: 603
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb »

I'm aware of the extensions offered, but this is something due to GDPR now that should be corrected really with the Contact Us form in the Core product. I'm not moaning about it, just giving my view on it. You can't always rely on 3rd party mods, they may not always be suported to work with future release versions of phpBB
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Spammers Via Contact Form

Post by canonknipser »

I remember discussions from long ago (the beginning of 3.1 ..) that the contact form is intentionally without any spambot countermeasure to give anybody a easy way to contact the administration, unhindered by a captcha or similar.

But feel free to open a bug report: http://tracker.phpbb.com/
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
mrgtb
Registered User
Posts: 603
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb »

Same here, I've already read what has been said about not adding it.

Not much point adding it in the bug tracker when they already have their minds made up. :roll:

If they had any intentions of changing it, then I think they would have done it before GDPR came out last month.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72354
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spammers Via Contact Form

Post by KevC »

I don't quite get where GDPR comes in to it.
The person filling out the form would knowingly be actively inputting their own information and therefore are consenting for it to be sent.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Spammers Via Contact Form

Post by david63 »

mrgtb wrote: Mon Jun 11, 2018 3:53 pm Well to be fair, since GDPR came along. Euro users are now supposed to display a Contact Us point on their sites.
Please show me where in the GDPR regulations it says that a "casual visitor" to any site must have a "Contact Us" form - for members of a site who have input personal data I would agree and there are enough other ways for members of a site to make contact with the site/board Admin without the need of a Contact Us form, which incidentally could go to any number of people.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
KYPREO
Registered User
Posts: 392
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: Spammers Via Contact Form

Post by KYPREO »

Ironically, because of GDPR there is often now no way of getting a tech contact email address for a website since the WHOIS data is subject to mandatory blocking. :lol:
phpBB user since 2002
www.AusRotary.com
User avatar
mrgtb
Registered User
Posts: 603
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb »

KYPREO wrote: Tue Jun 12, 2018 12:44 am Ironically, because of GDPR there is often now no way of getting a tech contact email address for a website since the WHOIS data is subject to mandatory blocking. :lol:
Yeah, I know what you mean in that. Since this GDRP came along. Now both NameCheap and GoDaddy (I think it is) are since offering free lifetime WhoIs Protection on domains. While GDRP seem to now say that site owners have to list their address details on a Privacy Policy page as part of the contact information. They refer to site owners as being "Operators" of a site.

Which is kind of a swipe back at GDPR really them doing that offering free lifetime domain whois protection now.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26520
Joined: Fri Aug 29, 2008 9:49 am

Re: Spammers Via Contact Form

Post by Mick »

mrgtb wrote: Tue Jun 12, 2018 10:10 amWhile GDRP seem to now say that site owners have to list their address details on a Privacy Policy page as part of the contact information. They refer to site owners as being "Operators" of a site
I’ve not seen that one and will state categorically I won’t be doing it.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
Locked

Return to “[3.1.x] Support Forum”