Spammers Via Contact Form

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Anti-Spam Guide
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
MacBookPro
Registered User
Posts: 46
Joined: Thu Nov 13, 2014 11:22 pm
Name: Stu

Spammers Via Contact Form

Post by MacBookPro »

Guys since upgrading to 3.1.3 I have had a number of spammers gaining access to the Contact Form and sending a mail, other than turning off the contact form does anyone have any suggestions on how to stop this??

Thanks. :D
Regards

Stu..
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spammers Via Contact Form

Post by Lumpy Burgertushie »

I believe there is an extension or they are working on a fix. do a search and you will see several discussions about it and a couple of work arounds etc.

robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
MacBookPro
Registered User
Posts: 46
Joined: Thu Nov 13, 2014 11:22 pm
Name: Stu

Re: Spammers Via Contact Form

Post by MacBookPro »

Thanks,

I've had a good look around but can't anything up to date or overly specific to the current versions.
Regards

Stu..
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Spammers Via Contact Form

Post by Lumpy Burgertushie »

here is something that apparently works that you can use at least until the developers do some type of fix to the code .
viewtopic.php?f=456&t=2277011

rdobert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6671
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Spammers Via Contact Form

Post by HiFiKabin »

Lumpy Burgertushie wrote:here is something that apparently works that you can use at least until the developers do some type of fix to the code .
viewtopic.php?f=456&t=2277011

robert
Thanks Robert. Yes indeed, it does work perfectly.It is only BETA as it needs more work to make it ACP configurable. Not worth the effort as phpBB are (apparently) working on the Contact Us form SPAM problem.

I have used this (and its earlier versions both for 3.1.x and 3.0.x) for a months without me getting one SPAM email via it.

I re introduced it for my 3.1.x fora after I started getting SPAM via the contact form as well.
melek3360
Registered User
Posts: 12
Joined: Fri May 30, 2014 2:57 pm

Re: Spammers Via Contact Form

Post by melek3360 »

Maybe by allowing the "spambot countermeasures" to be placed on this page, it could block spambots. Just a suggestion.
-Mike
My site
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72341
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spammers Via Contact Form

Post by KevC »

melek3360 wrote:Maybe by allowing the "spambot countermeasures" to be placed on this page, it could block spambots. Just a suggestion.
The problem with that is that a lot of the users of the form will be ones who are having trouble registering, often because they don't understand the antispam measure being used.....so they won't be able to use the form either unless they can figure it out.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
armorm3
Registered User
Posts: 5
Joined: Thu Apr 09, 2015 5:56 pm

Re: Spammers Via Contact Form

Post by armorm3 »

KevC wrote:
melek3360 wrote:Maybe by allowing the "spambot countermeasures" to be placed on this page, it could block spambots. Just a suggestion.
The problem with that is that a lot of the users of the form will be ones who are having trouble registering, often because they don't understand the antispam measure being used.....so they won't be able to use the form either unless they can figure it out.
There is a technique used by high traffic websites for any type of form that could possibly generate an email or some other system actions like adding a friend, for example. I believe what they do is, when multiple requests are sent from the Contact form, after a while this triggers an spambot countermeasure like a challenge or captcha, and continues to do so every couple of requests to prevent automated submissions
Drug use, addiction, interactions forum - United States drug awareness maps and pricing engine
Musoguy
Registered User
Posts: 24
Joined: Fri Dec 07, 2012 9:31 pm

Re: Spammers Via Contact Form

Post by Musoguy »

I know this thread is a little old now, but just had the same issue and am posting in case my fix can help anyone else using 3.1. My theme is based on prosilver and the navbar_footer.html was unchanged so found in the prosilver folder

Open Style -> prosilver -> template -> navbar_footer.html

Find:

Code: Select all

		<!-- IF U_CONTACT_US --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
Replace it with:

Code: Select all

<!-- IF S_USER_LOGGED_IN -->		
			<!-- IF U_CONTACT_US --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
<!-- ENDIF -->
Purge the cache. Now the contact admin link will only show up once a user has logged in. I'm sure there are more eloquent ways to do this, but this worked for me :)
User avatar
janus_zonstraal
Registered User
Posts: 6418
Joined: Sat Aug 30, 2014 1:30 pm

Re: Spammers Via Contact Form

Post by janus_zonstraal »

Purge the cache. Now the contact admin link will only show up once a user has logged in. I'm sure there are more eloquent ways to do this, but this worked for me
And if a user wants to contact you because he can't log in?
Sorry! My English is bat ;) !!!
MacBookPro
Registered User
Posts: 46
Joined: Thu Nov 13, 2014 11:22 pm
Name: Stu

Re: Spammers Via Contact Form

Post by MacBookPro »

Regards

Stu..
Paph
Registered User
Posts: 362
Joined: Tue Dec 25, 2007 7:58 am
Location: Georgia - USA
Contact:

Re: Spammers Via Contact Form

Post by Paph »

For whatever it's worth, I use this contact form on my website.

Green Beast Contact Form

This contact form can not be made a part of phpBB, but can be set up on the server and linked to from within your forum.
It's very customizable and will stop all spambots.

Here's a link to this contact form on my website, to show how customizable it is.

http://hawkdawg.com/cnt.htm
Hawk
Musoguy
Registered User
Posts: 24
Joined: Fri Dec 07, 2012 9:31 pm

Re: Spammers Via Contact Form

Post by Musoguy »

janus_zonstraal wrote:
Purge the cache. Now the contact admin link will only show up once a user has logged in. I'm sure there are more eloquent ways to do this, but this worked for me
And if a user wants to contact you because he can't log in?

Yup, then use the extension MacBookPro recommended. What I did was specific to my needs. People are invited to the forum I host, so there is no need for anyone who goes on it to see my contact info if they are not a registered member :)
FourierTransformer
Registered User
Posts: 20
Joined: Fri Jan 13, 2017 5:01 pm

Re: Spammers Via Contact Form

Post by FourierTransformer »

Apart from spam, I have also experienced the problem that a banned user attempted to forge a message from another user (whose e-mail address was publicly known) via the contact form.

IMO, it is easier to fight e-mail spam than HTTP spam these days if you enable some checks on your mail server (e.g., proper HELO, proper DNS records, proper SPF, checking some blacklists, etc.). Thus, my preferred solution would be a custom contact page where I can tell guests how to contact us. A captcha is problematic because it excludes blind people (and Lynx users ;)).

For regular users, the contact form is fine; but in the long run, it might be better to send a PM to the global admins rather than an e-mail because someone might send an e-mail message like: This message was sent via the contact form by user foo... „Hi, please delete my account.“ If they succeeded, that would be bad.
Locked

Return to “[3.1.x] Support Forum”