Fosters Posted May 26, 2019 Posted May 26, 2019 8 minutes ago, Black Tiger said: Sorry, this is not quite English (neither am I) and I don't understand the meaning of this sentence. The point is that I can decide myself to add ip ranges to a blacklist. They can't access it anymore then. Thats true.
Sonya* Posted May 26, 2019 Posted May 26, 2019 35 minutes ago, Black Tiger said: All nice idea's, but adding the abuser's ip is just a little feature question, should be easy to do too. Automatic spam programs change IPs like underwear. Sometimes they use IPs that real users can use as well. I would not rely on IP at all.
Black Tiger Posted May 26, 2019 Posted May 26, 2019 @Sonya*True but that's a choice. In my case 99,9% spammers are comming from certain country's which I block and from dedicated servers, from which normally no users login, like servers from OVH for example. I almost never see IP's that real users can use and ofcourse then I don't block them. But as said, that is a choice and implemeting the ip with the form can be done in half a minute.
Fosters Posted May 26, 2019 Posted May 26, 2019 Ive just added s new feature... Our spam prevention suite will check the banned IP addresses for the contact us form in the next release 🙂 so once the IP or the members was banned, they won’t be able to access the contact us form . Black Tiger 1
Black Tiger Posted May 26, 2019 Posted May 26, 2019 That's great, but you still need the ip to use this option then. 😉 At this point only possible for (former) members then. Fosters 1
Fosters Posted May 26, 2019 Posted May 26, 2019 Yea, as I said, you had a valid point 🙂 Black Tiger 1
Dean Spencer Posted May 26, 2019 Posted May 26, 2019 I had this issue long ago and I fixed it....but since then my life has become horrible. No longer do girls in my area wanna meet me, no longer do I get ad's for free weed, and it's been a while since I heard about the guy who told me my russian grandmother passed away and left me 100 million dollars... The Old Man, Joel R, Gonzo83 and 4 others 1 6
Joel R Posted May 26, 2019 Posted May 26, 2019 4 hours ago, Dean Spencer said: I had this issue long ago and I fixed it....but since then my life has become horrible. No longer do girls in my area wanna meet me, no longer do I get ad's for free weed, and it's been a while since I heard about the guy who told me my russian grandmother passed away and left me 100 million dollars... The hard and brutal life of a community admin LOL The Old Man 1
LiquidFractal Posted May 26, 2019 Posted May 26, 2019 (edited) 4 hours ago, Dean Spencer said: I had this issue long ago and I fixed it....but since then my life has become horrible. No longer do girls in my area wanna meet me, no longer do I get ad's for free weed, and it's been a while since I heard about the guy who told me my russian grandmother passed away and left me 100 million dollars... If it makes you feel better I'd be happy to offer you an interest free loan of up to $100,000, no credit history required. All I need is your credit card details sent to my website at http://wtfomgloleduardossalsaparlorandchainsawrepair.io.mx.co.ec.me. Edited May 26, 2019 by liquidfractal The Old Man, Dean Spencer, Eric BXL and 1 other 4
Misi Posted May 27, 2019 Posted May 27, 2019 5 hours ago, Dean Spencer said: but since then my life has become horrible. No longer do girls in my area wanna meet me, no longer do I get ad's for free weed, and it's been a while since I heard about the guy who told me my russian grandmother passed away and left me 100 million dollars... Hehe...Those offers are coming to me now! But because I have a good heart I may redirect half of them to your email address free of charge... ...all of them for a cent for each. My bank account number at the Whole Universe Bank: 1234 567890
Jamer Posted December 14, 2020 Posted December 14, 2020 I am also receiving far too many emails (spam) via the contact us form. SeNioR- 1
hawksfan Posted January 30, 2021 Posted January 30, 2021 (edited) Can we please get the addition of the question/answer challenge on the contact us form? Captcha is not adequate any longer. Edited January 30, 2021 by hawksfan zyx and Derzhis 2
SeNioR- Posted January 30, 2021 Posted January 30, 2021 (edited) 8 hours ago, hawksfan said: Can we please get the addition of the question/answer challenge on the contact us form? Captcha is not adequate any longer. I had Google reCAPTCHA but still got spam. I added Q&A via plugin but it didn't help. I don't know how the bots / spammers were bypassing these security features. I had to restrict guest access since then I don't get spam anymore. My Q&A plugin (current waitning for approval) Edited January 30, 2021 by SeNioR- The Old Man 1
MEVi Posted February 2, 2021 Posted February 2, 2021 On 6/21/2018 at 5:04 PM, bfarber said: We have discussed this, but it's tricky. For instance, I considered looking at calling our IPS Spam Service for emails sent through the contact form, but we decided that this couldn't be done because a valid user who was blocked from registration by the spam service would then have absolutely no way to contact the site admin to let them know or get assistance. Unfortunately, if you leave a contact form in place, spammers will use it. It's tricky to block spam effectively here without resorting to "hacks" (like scanning the email for specific text which may not actually be indicative of spam). Would it be possible that if the user is identified as a spammer, it sends this request to a defined email address instead of creating a support ticket?
zyx Posted February 3, 2021 Posted February 3, 2021 On 1/30/2021 at 7:15 AM, hawksfan said: Can we please get the addition of the question/answer challenge on the contact us form? Captcha is not adequate any longer. Agreed! Question and answer seems to work great, as we get hardly any spam bots registering/posting, yet the contact us form is flooded with them! Since question & answer is already built into IPS, hopefully this would be possible to integrate to the contact us form too? 🙏
CoffeeCake Posted February 3, 2021 Posted February 3, 2021 Are you all certain the spam is coming via the form rather than emailed to the community account? We have thousands of messages inbound in contact us and the only spam we see is targeted stuff intentionally sent to us by someone trying to market to us. Sonya* 1
Sonya* Posted February 4, 2021 Posted February 4, 2021 (edited) 8 hours ago, Paul E. said: Are you all certain the spam is coming via the form rather than emailed to the community account? We have thousands of messages inbound in contact us and the only spam we see is targeted stuff intentionally sent to us by someone trying to market to us. In my case, 99% of spam comes through contact form. See my logs in the review of the plugin You can stop bots, but you cannot stop human that really fill out the forms. In my experience, the best way to stop spam is to block their IP addresses, their E-Mails and to investigate the E-Mail content to find spam links in it. The plugin above is ready to use and free for 7 days. It is worth to test it. Edited February 4, 2021 by Sonya*
CoffeeCake Posted February 4, 2021 Posted February 4, 2021 6 hours ago, Sonya* said: The plugin above is ready to use and free for 7 days. It is worth to test it. Interesting, I didn't realize it worked on registration as well. We have had to resort to denying registrations from a particular country because of the amounts of registrants creating accounts to post spam on the community (not contact form, actual posts) originating from those locations. They all are created by humans. I'd be interested to see if we lifted the country restriction and put this in place instead to see if it would catch it. They rotate amongst a number of the country's mobile providers. I assume it's people working in farms.
The Old Man Posted April 2, 2021 Author Posted April 2, 2021 I get this particular PITA spamming me from the Contact Form about 4 times a week, every week for months now. His IP may change, but the email address never does. eric.jones.z.mail@gmail.com Honestly it drives me nuts that I can't simply block him by adding his email address to the existing IPS AdminCP email blacklist facility. A quick check of that list by the contact form would sort it. I can't flag his emails as spam in my mail client, because then I'd be reporting my owner server and shooting myself in the foot in terms of anti spam blacklists (because the email is sent via my server), such is the nature of contact form spam. I increased the strength of the Google Recapcha in their settings but no joy. I can't use the spam filters in CPanel because the form sends the external message, he doesn't spam via a traditional mail client. The From field sent by IPS is my sites email address, not the email addresses of the spammer, which may be RFC compliant in doing so but doesn't help. I set up DKIM, SPF and DMARC correctly but that actually works against me, because Spam Assassin is rating my server and reduces the spam score. Subject: A user sent a message via the contact form From: "Eric Jones" <my sites email address> X-Spam-Status: No, score=4.3 X-Spam-Score: 43 X-Spam-Bar: ++++ X-Ham-Report: Spam detection software, running on the system "vpsxxx.myserver.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: A user has sent a message using the Contact Us form. ---- Eric Jones ( eric.jones.z.mail@gmail.com ) said: Content analysis details: (4.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 2.0 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX X-Spam-Flag: NO X-From-Rewrite: unmodified, no actual sender determined from check mail permissions My email goes through Sparkpost, so technically I'm sending the spam (from my server and it has my email address in the From field) which puts me at risk from their policies. I think that simply manually blacklisting an email address in AdminCP is worthwhile, doesn't have any negative aspects in terms of legitimate users being able to get through. It won't block the first email but at least we could do something about it. Houston Miata Club 1
Nathan Explosion Posted April 2, 2021 Posted April 2, 2021 5 hours ago, The Old Man said: A quick check of that list by the contact form would sort it. Freebie plugin pending approval now: The Old Man, SeNioR-, Houston Miata Club and 1 other 4
CoffeeCake Posted April 2, 2021 Posted April 2, 2021 8 hours ago, The Old Man said: I think that simply manually blacklisting an email address in AdminCP is worthwhile, doesn't have any negative aspects in terms of legitimate users being able to get through. It won't block the first email but at least we could do something about it. If you integrate with the Commerce support tool, there is a setting where you can add filters to ignore things like e-mails from a specific e-mail address. Sonya*, The Old Man and SeNioR- 2 1
The Old Man Posted April 2, 2021 Author Posted April 2, 2021 Thanks @Nathan Explosion just installed. That's what I'm talking about! Houston Miata Club, Eric BXL and Nathan Explosion 2 1
MEVi Posted April 7, 2021 Posted April 7, 2021 The contact module has become the joke with spammers. When a member is banned or an email address is missing, the contact module does not take it into account, would it be possible to modify its behavior: For example if the email address is black listed in the forum, then the message will be sent directly to the webmaster email address, otherwise it opens a ticket in the support.
Interferon Posted April 7, 2021 Posted April 7, 2021 We have a "contact" page on our site, and the email address is shown in an image that looks like text on the page. No problems for years.
SeNioR- Posted April 7, 2021 Posted April 7, 2021 Guys, create contact form here https://freshdesk.com/ and link into forum.
Recommended Posts