Spam via Contact Us page

Get help with installation and running phpBB 3.1.x here. Please do not post bug reports, feature requests, or extension related questions here.
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: phpBB 3.1.x is at its End of Life stage and support will NOT be provided after July 1st, 2018.
Swanny
Registered User
Posts: 486
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Spam via Contact Us page

Post by Swanny »

Well I guess I should have seen this coming. Spammers are sending messages through the built-in Contact Us page that I enabled on my 3.1 installation.

Is there a way to enable my Q&A that is very successful on registration and port it over to be also used on the Contact Us page when a user is not logged in?

I can go in and block IP addresses after I get the spam but it would be nice to stop it before it starts.
User avatar
noth
Registered User
Posts: 2528
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: Spam via Contact Us page

Post by noth »

yikes, I never thought of that

I have already had some genuine emails through that

:x yeah, hmmm what a shock!
User avatar
nickvergessen
Former Team Member
Posts: 4397
Joined: Mon Apr 30, 2007 5:33 pm
Location: Stuttgart, Germany
Name: Joas Schilling
Contact:

Re: Spam via Contact Us page

Post by nickvergessen »

The problem is that we use the contact form as "Help" when a user can not solve the captcha.
We use the contact form instead of giving out the email adress of the administrator directly.

If this does not work for you, you can just disable the contact form in the ACP, then the email adress is displayed again like in 3.0
No Support via PM
Swanny
Registered User
Posts: 486
Joined: Sun Apr 14, 2002 2:11 am
Location: Canada

Re: Spam via Contact Us page

Post by Swanny »

I intend to put the link to the Contact page in the footer of the rest of my site too, and use it as a built-in feedback system for anyone to contact me.

The questions that I put in the Q&A are easily solved by a human. I understand the captcha system is easily "cracked" by automated systems, that's why I was thinking that the Q&A would work well. You could have a simple question there like what is the missing letter in this word?: Pean_t for example.

Is it possible to enable Q&A (not CAPTCHA) as an option for the contact page, which could be toggled on/off in ACP? So if you want an easy contact page, no Q&A but let the admin decide.
User avatar
mrgtb
Registered User
Posts: 603
Joined: Wed Oct 03, 2007 10:51 am

Re: Spam via Contact Us page

Post by mrgtb »

nickvergessen wrote:The problem is that we use the contact form as "Help" when a user can not solve the captcha.
We use the contact form instead of giving out the email adress of the administrator directly.

If this does not work for you, you can just disable the contact form in the ACP, then the email adress is displayed again like in 3.0
Another problem is though. If spammers can mass send emails dead easy because of no type of captcha used on the contact us page, that could end up getting your forums email blacklisted pretty easy I would imagine, or even have your host complaining about it.

I have it active on my forum but I'm seriously starting to consider stopping doing it because of those two risks posed by having it enabled knowing spammers could really abuse that and end up backfiring on you. If at any point I see a sudden rise in spam coming from it, it's being disabled.

You say when a user cannot answer captcha. Use Q/A on it then, if they can't answer Q/A questions - then they shouldn't be joining a forum in the first place. I would have thought its use is more for when you ban a member and they contact you wanting to know why, or if you'll unban them again, or somebody has a complaint about something posted on forums (such as copyright issues) etc.

I use a forwarder with my forums email via cPanel (so do many others). So any email sent from [email protected] gets redirected to my own hotmail account. What will happen if one day hundreds of spam emails get sent with Viagra and UgBoots, etc - all landing in my hotmail from my forum email address. That could get the forum domain blacklisted as a spam email sender with MSN/hotmail
User avatar
M.O.B.
Registered User
Posts: 944
Joined: Tue Jan 04, 2005 1:07 am
Location: San Diego CA USA
Contact:

Re: Spam via Contact Us page

Post by M.O.B. »

Yes, this particular feature was not thoroughly thought out. :(
Image
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Spam via Contact Us page

Post by RMcGirr83 »

Acutally, IIRC it was pretty heavily debated over at area51
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
shurijo
Registered User
Posts: 35
Joined: Sun Mar 15, 2015 8:37 pm

Re: Spam via Contact Us page

Post by shurijo »

Has anyone figured out a solution for this? I'm blocking spammers via email, IP, etc., so now I'm getting hundreds of spam per hour via the Contact us form.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72340
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam via Contact Us page

Post by KevC »

-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
NicoBlog
Registered User
Posts: 65
Joined: Sun Dec 01, 2013 5:18 pm

Re: Spam via Contact Us page

Post by NicoBlog »

Excuse me but the solution should be an update that adds google's re-captcha to the form, not to install an extension that doesn't even do it.
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Spam via Contact Us page

Post by RMcGirr83 »

Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6671
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Spam via Contact Us page

Post by HiFiKabin »

NicoBlog wrote: Sat Feb 10, 2018 11:44 pm
Excuse me but the solution should be an update that adds google's re-captcha to the form, not to install an extension that doesn't even do it.
This extension does not need any CAPTCHA to prevent spambots signing up, which is why it does not include one. Rich's extension handles the same problem in a different way.

Choice is always good :mrgreen:
NicoBlog
Registered User
Posts: 65
Joined: Sun Dec 01, 2013 5:18 pm

Re: Spam via Contact Us page

Post by NicoBlog »

HiFiKabin wrote: Sun Feb 11, 2018 10:30 am
NicoBlog wrote: Sat Feb 10, 2018 11:44 pm
Excuse me but the solution should be an update that adds google's re-captcha to the form, not to install an extension that doesn't even do it.
This extension does not need any CAPTCHA to prevent spambots signing up, which is why it does not include one. Rich's extension handles the same problem in a different way.

Choice is always good :mrgreen:
Not compatible with 3.2.
Sorry i use 3.2 i got to this thread trough google search.
RMcGirr83 wrote: Sun Feb 11, 2018 12:27 am Then use this
https://www.phpbb.com/customise/db/exte ... act_admin/
Breaks the entire website upon activation.

Code: Select all

[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/di/container_builder.php on line 146: require(./cache/production/autoload_4335734bbdd20f586549a504dff5f80c.php): failed to open stream: No such file or directory

Fatal error: require(): Failed opening required './cache/production/autoload_4335734bbdd20f586549a504dff5f80c.php' (include_path='.:/opt/sp/php7.0/lib/php') in /public/forums/phpbb/di/container_builder.php on line 146
User avatar
RMcGirr83
Former Team Member
Posts: 22016
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Spam via Contact Us page

Post by RMcGirr83 »

Actually, no it doesn't. Your cache folder probably isn't writable or something. I just installed it fine on a test forum that is using PHP 7.0.13.
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beer Image
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6671
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Spam via Contact Us page

Post by HiFiKabin »

NicoBlog wrote: Sun Feb 11, 2018 1:32 pm
HiFiKabin wrote: Sun Feb 11, 2018 10:30 am
NicoBlog wrote: Sat Feb 10, 2018 11:44 pm
Excuse me but the solution should be an update that adds google's re-captcha to the form, not to install an extension that doesn't even do it.
This extension does not need any CAPTCHA to prevent spambots signing up, which is why it does not include one. Rich's extension handles the same problem in a different way.

Choice is always good :mrgreen:
Not compatible with 3.2.
Sorry i use 3.2 i got to this thread trough google search.
The 3.2.x version is currently awaiting validation and is available from my extension website (link below)
Locked

Return to “[3.1.x] Support Forum”