Spam Attempts Using Contact Us Form?

[sadams101]

For months now I've seen a growing number of contact us messages like the one below. Notice the unique codes used. I suspect that what is going on is that hackers are probing to see if they can manipulate the forum to send spam, thus the unique identifiers they are including in the content.

I recently patched my forum with the latest update that included an update intended to stop spam from being sent via the share article feature. I guess I am wondering if they could be using the contact us form to be sending spam? I'd like to hear from others who have been seeing similar contact us messages.

 

[Dean_]

On 4.5.1, I believe you’ll be able to enable the captcha, versions before you’d have to use a plugin.

 

Edited August 24, 2020 by Dean_

[CoffeeCake]

Captcha on Contact Us form is in 4.5.0 per our tests. 👍

[sadams101]

Unfortunately this is not an option for me, because of the huge speed issues reCaptcha causes. Notice below and it causes a 20% slowdown on any page that uses reCaptcha.

 

Here is a speed test on an article page from my site with Captcha OFF:

 

And here is the same page with Captcha ON:

[sadams101]

I solved this by having a plugin developed which allows the built in Question and Answer challenge work with, or separately from Google's Captcha. So you can make certain groups have to answer custom questions before posting. Using these questions does not slow down things at all, and also prevents Google from loading tons of junk and spying on your visitors (yes, this form loading pulls in many dubious scripts, which is why it slows things down).

Anyone interested the plugin is called (DP44) Combine Antispam System by @DawPi