Spammers Via Contact Form

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Ideas Centre
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
zag2me
Registered User
Posts: 13
Joined: Wed Jan 18, 2012 10:13 am

Re: Spammers Via Contact Form

Post by zag2me » Mon Aug 14, 2017 11:42 am

Been getting loads of these myself from something called xrummer spamming software.

Solution is to turn this feature off:

ACP (Admin control panel) > Contact page settings > Enable contact page > Disabled.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 68148
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spammers Via Contact Form

Post by KevC » Mon Aug 14, 2017 12:43 pm

zag2me wrote:
Mon Aug 14, 2017 11:42 am
Been getting loads of these myself from something called xrummer spamming software.

Solution is to turn this feature off:

ACP (Admin control panel) > Contact page settings > Enable contact page > Disabled.
There are one or two extensions in the database to deal with that and keep it running.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

mrgtb
Registered User
Posts: 532
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb » Mon Jun 11, 2018 2:41 pm

Musoguy wrote:
Fri Jan 29, 2016 6:28 pm
I know this thread is a little old now, but just had the same issue and am posting in case my fix can help anyone else using 3.1. My theme is based on prosilver and the navbar_footer.html was unchanged so found in the prosilver folder

Open Style -> prosilver -> template -> navbar_footer.html

Find:

Code: Select all

		<!-- IF U_CONTACT_US --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
Replace it with:

Code: Select all

<!-- IF S_USER_LOGGED_IN -->		
			<!-- IF U_CONTACT_US --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->
<!-- ENDIF -->
Purge the cache. Now the contact admin link will only show up once a user has logged in. I'm sure there are more eloquent ways to do this, but this worked for me :)
Doing that only hides the Contact Us "icon" not being displayed to guests. But if they know the page address they can still access it and send emails as guests. I know this is an old post, but just saying so others don't think this actually works.

You should do it this way anyway, which doesn't need an extra set of permissions adding and also hides it from bots.

Code: Select all

			<!-- IF U_CONTACT_US and not S_IS_BOT and S_USER_LOGGED_IN --><li class="small-icon icon-contact rightside" data-last-responsive="true"><a href="{U_CONTACT_US}" role="menuitem">{L_CONTACT_US}</a></li><!-- ENDIF -->

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19718
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: Spammers Via Contact Form

Post by Mick » Mon Jun 11, 2018 3:10 pm

I’m confused, what’s the point of having it show only to registered users, that’s not the purpose of the form? You have the option to disable it in the ACP.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

mrgtb
Registered User
Posts: 532
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb » Mon Jun 11, 2018 3:53 pm

Well to be fair, since GDPR came along. Euro users are now supposed to display a Contact Us point on their sites. But it really needs to be using anti-spam measures on that page that users must pass to send out an email. In this day and age with spammers now offering a Contact Us form with no sort of anti-spam measures is nuts, plain and simple. It can end up getting your server domain email black listed

I read above it being said it's left out because a guest might be trying to contact you because they cannot register. Well, look at this way. All popular paid forum software does actually use anti-spam measures on the contact us form, such as WoltLab and XenForo. So they obviously think it's needed on that page to help stop email spam.

But keep in mind now with this GDPR, Euro users need to be showing a Contact Us on their sites to come inline with the law. But it's pretty hard to do that using phpBB with no anti-spam measures used on it. If you ask me, this is something you need to address now that GDPR is out. I'm not alone in refusing to display the Contact Us page, all due to lack of anti-spam not used on it.

It's ridiculous to say you don't use anti-spam on it because a guest might not be able to pass it. That's their touch luck, it should still be there though to stop spam being send out "unchecked" from sites servers.
Last edited by mrgtb on Mon Jun 11, 2018 4:15 pm, edited 1 time in total.

User avatar
canonknipser
Registered User
Posts: 1557
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Spammers Via Contact Form

Post by canonknipser » Mon Jun 11, 2018 4:04 pm

Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

mrgtb
Registered User
Posts: 532
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb » Mon Jun 11, 2018 4:10 pm

I'm aware of the extensions offered, but this is something due to GDPR now that should be corrected really with the Contact Us form in the Core product. I'm not moaning about it, just giving my view on it. You can't always rely on 3rd party mods, they may not always be suported to work with future release versions of phpBB

User avatar
canonknipser
Registered User
Posts: 1557
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Spammers Via Contact Form

Post by canonknipser » Mon Jun 11, 2018 4:26 pm

I remember discussions from long ago (the beginning of 3.1 ..) that the contact form is intentionally without any spambot countermeasure to give anybody a easy way to contact the administration, unhindered by a captcha or similar.

But feel free to open a bug report: http://tracker.phpbb.com/
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

mrgtb
Registered User
Posts: 532
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb » Mon Jun 11, 2018 4:37 pm

Same here, I've already read what has been said about not adding it.

Not much point adding it in the bug tracker when they already have their minds made up. :roll:

If they had any intentions of changing it, then I think they would have done it before GDPR came out last month.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 68148
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spammers Via Contact Form

Post by KevC » Mon Jun 11, 2018 4:56 pm

I don't quite get where GDPR comes in to it.
The person filling out the form would knowingly be actively inputting their own information and therefore are consenting for it to be sent.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
david63
Jr. Extension Validator
Posts: 14564
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Spammers Via Contact Form

Post by david63 » Mon Jun 11, 2018 5:52 pm

mrgtb wrote:
Mon Jun 11, 2018 3:53 pm
Well to be fair, since GDPR came along. Euro users are now supposed to display a Contact Us point on their sites.
Please show me where in the GDPR regulations it says that a "casual visitor" to any site must have a "Contact Us" form - for members of a site who have input personal data I would agree and there are enough other ways for members of a site to make contact with the site/board Admin without the need of a Contact Us form, which incidentally could go to any number of people.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
KYPREO
Registered User
Posts: 68
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: Spammers Via Contact Form

Post by KYPREO » Tue Jun 12, 2018 12:44 am

Ironically, because of GDPR there is often now no way of getting a tech contact email address for a website since the WHOIS data is subject to mandatory blocking. :lol:
phpBB user since 2002
www.AusRotary.com

mrgtb
Registered User
Posts: 532
Joined: Wed Oct 03, 2007 10:51 am

Re: Spammers Via Contact Form

Post by mrgtb » Tue Jun 12, 2018 10:10 am

KYPREO wrote:
Tue Jun 12, 2018 12:44 am
Ironically, because of GDPR there is often now no way of getting a tech contact email address for a website since the WHOIS data is subject to mandatory blocking. :lol:
Yeah, I know what you mean in that. Since this GDRP came along. Now both NameCheap and GoDaddy (I think it is) are since offering free lifetime WhoIs Protection on domains. While GDRP seem to now say that site owners have to list their address details on a Privacy Policy page as part of the contact information. They refer to site owners as being "Operators" of a site.

Which is kind of a swipe back at GDPR really them doing that offering free lifetime domain whois protection now.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19718
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: Spammers Via Contact Form

Post by Mick » Tue Jun 12, 2018 12:28 pm

mrgtb wrote:
Tue Jun 12, 2018 10:10 am
While GDRP seem to now say that site owners have to list their address details on a Privacy Policy page as part of the contact information. They refer to site owners as being "Operators" of a site
I’ve not seen that one and will state categorically I won’t be doing it.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

Locked

Return to “[3.1.x] Support Forum”

Who is online

Users browsing this forum: No registered users and 18 guests