Jump to content

Spam Bots Using Contact Form


kherezae

Recommended Posts

Posted

On my forum, we have the contact form so that any potential members can contact us with it. Unfortunately, we've been getting a lot of spam messages being sent through it. I've gone through and have banned the e-mail addresses with @yandex.ru for example, and I did a search for some of them on stopforumspam to find their IP addresses and I banned a lot of those. Some of them have been using legitimate email providers like gmail so I can't ban those since a lot of members, including myself, use gmail. Is there a security setting that we should be making sure is set up in order to prevent this from happening that will specifically help with the contact form, or should we just considering turning it off altogether and finding an alternative to allowing guests to contact us if they need to do so?

Posted

Worst case scenerio you can not allow "guest" to use the contact us page but only forum member groups.

In spam prevention configuration I have " Guests must complete CAPTCHA in order to post?" and enabled invisible captcha. I believe this covers the "contact us" page (someone correct if wrong). I haven't had bots signing up to contact me but when I do receive an undesirable it is a real person. 

Posted

There's another topic that's also very recent about spam bots coming through.  I get almost 1 - 2 a day. 

You want guests to be able to contact you, so I'm just sucking it up for the time being.  

Posted
3 hours ago, Christforums said:

Worst case scenerio you can not allow "guest" to use the contact us page but only forum member groups.

In spam prevention configuration I have " Guests must complete CAPTCHA in order to post?" and enabled invisible captcha. I believe this covers the "contact us" page (someone correct if wrong). I haven't had bots signing up to contact me but when I do receive an undesirable it is a real person. 

Yeah, that's what I'm trying to avoid, since we do want guests to be able to contact us if needed. I mean, we do have our social media sites linked on the front page, but typically someone is probably going to use a contact page over social media (especially if they don't even use social media, which is rare but possible). 

Hm, okay. My co-admin is the one who did the settings for that kind of thing, so I'll have to ask her to look into the current settings and see, although I'd also like confirmation that it also contacts the "contact us" page.

3 hours ago, Joel R said:

There's another topic that's also very recent about spam bots coming through.  I get almost 1 - 2 a day. 

You want guests to be able to contact you, so I'm just sucking it up for the time being.  

Ah, I must have missed that, I'll have to go and look for it. I've gotten 1-2 a week so far, since around December 22nd, maybe more (I just looked at my inbox quick). We've only been on IPS since toward the end of November, so it took about a month before we even started getting the spam messages sent through the contact form, I think. I know we've gotten one bot who's managed to get past the CAPTCHA that's set up and turned out to be a bot (though they hadn't posted anything yet before I banned them), but knock on wood, no other bots have actually tried to register and get past it, they've been spamming the contact us form instead. I mean, I can keep blocking the IP addresses that come up on stopforumspam and the email addresses, but they're bots so they're probably using proxies, which means there's probably no real point in doing that and it's probably only temporary at best.

Yeah, that's pretty much what I'm trying to do, as well, is just suck it up. But it doesn't make it any less frustrating to have to deal with, especially since if I get an email telling me someone used the contact form, I'd rather have it be because they actually need help and not because of random Russian spam. 😛

Posted

"Contact Us" is the only link on my site where the spammers can click and actually leave a message. I like it because no one except me sees these messages -- they're only emails -- and I delete them in an instant from my mobile. I like the Contact Us feature because that is how I have instructed prospective members to reach me. Automatic registration has been disabled, so they have to ask to join.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...