Spam via Contact Us - Call to Arms!

[The Old Man]

Hi IPS,

Any news on adding spam protection features to the Contact Us facility?

My clients and I are currently being spammed senseless with the most blatant, clear as crystal offers of illegal drugs, degrading filth and other vile spam through the wide open portcullis that is Contact Us, into my otherwise fairly spam-free fortress that is IPS community. I've had about 21 since Monday!

Generals @Lindy @Charles , it's time for a Call to Arms!

Gather ye brave fighting men and women coders of IPS and rage war on this unnecessary evil: 

• Add existing IPS Spam Prevention facility to Contact Us
• Add existing Q&A to Contact Us
• Extend existing swearing/IP/email filters to cover Contact Us
• Add existing Recapcha options to Contact Us

Post-haste and godspeed, thank you, gentlemen!

Edited June 19, 2018 by The Old Man

[opentype]

8 minutes ago, The Old Man said:

 

• Add existing Recapcha options to Contact Us

That is already an option. 

[The Old Man]

Thanks, you're quite correct. I wouldn't have guessed as so much of this junk is so blatant, you could spot it from another galaxy with the naked eye!

[bfarber]

We have discussed this, but it's tricky. For instance, I considered looking at calling our IPS Spam Service for emails sent through the contact form, but we decided that this couldn't be done because a valid user who was blocked from registration by the spam service would then have absolutely no way to contact the site admin to let them know or get assistance.

Unfortunately, if you leave a contact form in place, spammers will use it. It's tricky to block spam effectively here without resorting to "hacks" (like scanning the email for specific text which may not actually be indicative of spam).

[The Old Man]

Thank you Brandon, appreciate the reply. I've never experienced a genuine user being blocked by the Spam service having to make contact but I'm sure it happens. Personally I'd be willing to risk it.

What about utilising the Q&A option, ban filters and language/word filters?

[The_Mage]

On 6/19/2018 at 6:35 AM, opentype said:

That is already an option. 

Can you tell me where this is an option? On my system I don't see captcha or recaptcha as an option for the contact us form.

[opentype]

2 hours ago, The_Mage said:

Can you tell me where this is an option? On my system I don't see captcha or recaptcha as an option for the contact us form.

It’s a global setting regarding guest content in the Captcha settings. 

 

[The_Mage]

Ah, I actually just found it, and haven't posted a response. Thanks for that.

Apparently I did have the "invisible recaptcha" set up, but somebody got through sending me some porn spam. 

Thanks for the response.

I found it under the Members tab or icon ► Content Moderation ► Spam Prevention, then chose the Captcha tab.

[AlexWebsites]

11 hours ago, The_Mage said:

Ah, I actually just found it, and haven't posted a response. Thanks for that.

Apparently I did have the "invisible recaptcha" set up, but somebody got through sending me some porn spam. 

Thanks for the response.

I found it under the Members tab or icon ► Content Moderation ► Spam Prevention, then chose the Captcha tab.

Make sure you set up a new api with google for the invisible recaptcha and don't just change the setting in ACP if you used 1 or 2 as it uses a different method. Maybe you did this but I found out later it wasn't working and had to set up new credentials for invisible recaptcha. That invisible recaptcha logo needs to be showing at the bottom right of the screen when you open the contact us form. There doesn't seem to be a check in ACP to test if its working and I just switched the checked box from version 2 to invisible thinking that was fine.

[PoC2]

We get contact form spam. It’s being used by human spammers so they overcome Invisible reCaptcha.

Invision Power: Please allow Q&A to be used with the contact form - as that would do the trick. Thanks!

Edited July 15, 2018 by PoC2

[bfarber]

If humans are submitting the spam, why would Q&A challenge stop them?

[PoC2]

Because they wouldn't know the answers to the questions on a specialist web site - nor could they look them up.

That is why.

[Black Tiger]

Just upping this topic, because it still would be nice if the ip address of the one using the contact forum would be send with it.

It could allow us, for those who want to do this, block ip addresses or ranges.

 

[tonyv]

While I can sympathize -- I get the Contact Us spam, too -- I don't really understand what the big deal is. They're only emails. If I see one on my mobile, I open it, quickly see the Cyrillic text, and hit delete.

[Black Tiger]

In that case your argument could be used for all spam. 🙂

It's not such a big deal but it's annoying and at a certain point one gets fed up with it.

[tonyv]

7 minutes ago, Black Tiger said:

In that case your argument could be used for all spam. 🙂

It's not such a big deal but it's annoying and at a certain point one gets fed up with it.

Yea, I probably don't get enough of it to notice. I've never had a single spam post on my board because I screen prospective members carefully and registration is turned off until I'm ready to admit someone. I do hate spam, but I think I hate ads more, because they're more in my face when I'm visiting some site. To me, ads are spam I can try to ignore but I can't just delete. 

[Black Tiger]

On my board itself I also almost never got spam. It's mostly via the contact forum which is open to guest. I can close it ofcourse, and since I use Invision forum the number decreased a lot. But I still would like an ip mentioned in the contact form.

As for ads, I hate them too but sometimes it's necessary, I my case I only use 1 adblock in the sidebar and 1 totally below the forums. Totally not disturbing but it helps paying the costs.

[SJ77]

I am getting spam like CRAZY via the contact us form. Any one solve for this?

On 5/24/2019 at 8:13 AM, tonyv said:

While I can sympathize -- I get the Contact Us spam, too -- I don't really understand what the big deal is. They're only emails. If I see one on my mobile, I open it, quickly see the Cyrillic text, and hit delete.

I am deleting emails all day long. This is becoming a full time job! That's the problem.

[The Old Man]

If you don't get much that's really rather fortunate, but some of it is really nasty and illegal, not just your friendly Nigerian prince who needs your $10 to reclaim his millionaire inheritance or another advert for magic, blue M and Ms. Secondly, if you run a community for a client like a local charity or organisation,  they don't expect to receive stuff about indecent images of children etc, and neither do you of course, as an admin.

If IPS can help block even some small amount of this stuff received through its software, whether it's integrating a new version of ReCaptcha or integrating or improving their anti-spam spam facilities, or other blacklists or honeypots, why not simply help? As an admin of your server you can do a lot to help reduce spam, but you also leave yourself at the mercy of others to do their bit too.

Edited May 26, 2019 by The Old Man

[Bluto]

Use cleantalk anti-spam it protects the contact form.  It's super cheap and easy to setup.

Of course, if you're specifically targeted by a person who is spamming manually, nothing is going to stop them.  You can only report their email to cleantalk to help for the next person.

 

Edited May 26, 2019 by Bluto

[Fosters]

I've added spam detection for the contact us  form to our spam prevention app and can confirm that it worked quite good for us in the last 2 weeks.

 

 

Unfortunately our IPS license just expired, so can't upgrade it right now🤣

[Sonya*]

Is it possible to add captha ONLY to contact form?

@Fosters, our project is in Cyrillic. If we would prevent Cyrillic characters, nothing would pass through the contact form  

[Black Tiger]

All nice idea's, but adding the abuser's ip is just a little feature question, should be easy to do too.

[Fosters]

1 hour ago, Black Tiger said:

All nice idea's, but adding the abuser's ip is just a little feature question, should be easy to do too.

What’s the point of adding it? Even if you ban it, they’ll be able  to access the contact form 

Edited May 26, 2019 by Fosters

[Black Tiger]

Even if you ban it, they’ll be now to access the contact form

Sorry, this is not quite English (neither am I) and I don't understand the meaning of this sentence.

The point is that I can decide myself to add ip ranges to a blacklist. They can't access it anymore then.