Spam email from website form
Permalink 1 user found helpful
Has anyone come up with an addon that rejects submitted forms if they contain banned words or strings? My clients website already has a Captcha so I am almost certain that the rubbish is being submitted manually. Going through the submitted forms it is clear that we could eliminate 95% of all spam form submissions just by having a banned word or string list. I have looked at previous enquiries in the forum and everyone has focused on all sorts of solutions none of them particulary useful or practical.
Many of my clients have this very same problem.
I've been thinking about creating an add-on package to address this problem, bur feel like it's something the core should address directly.
The current middleware approach to this problem seems very convoluted (to me at least) at this time...
I've been thinking about creating an add-on package to address this problem, bur feel like it's something the core should address directly.
The current middleware approach to this problem seems very convoluted (to me at least) at this time...
Many hosting providers have tools to fine tune spam filtering. Have you tried that? Increasing the hosting spam filter level may solve it.
I am the hosting provider, it's my own server. As with most servers that resell hosting space the mail system is shared by all domains on the server. Spamcop filters work right across all the domains. I could exclude 95% of the spam coming into my client by making $ banned. As he is UK based and a community organisation there is no use for dollars. However other domains on the server do have international transactions so banning $ would hurt them big time. What is needed is something far more precise. There are banned words in Conversations, not having it in form submissions is bonkers. I agree with jasteele12 that it is something that the core should be dealing with.
I don't think the problem is with email spaham, it should be handled on the concrete5 form side (including Express, legacy forms, etc).
I have clients that get hammered by russian Cialis, Viagra, etc.
Waste of server resources, DoS, etc. long before the email delivery should be involved...
I have clients that get hammered by russian Cialis, Viagra, etc.
Waste of server resources, DoS, etc. long before the email delivery should be involved...
Are you looking for an input field filtering?
Maybe this?
Or there's a Concrete/Core/Validation/BannedWord/BannedWordList, see the Conversations for example and /concrete/blocks/core_conversation_message/controller.php. Banned words added in the Dashboard > System & Settings > Conversations > Banned Words are saved in the database (table BannedWords) and then checked for in the conversation message validate_composer().
Maybe this?
$th = $app->make('helper/text'); $th->match($pattern, $value); // Determine if a given string matches a given pattern
Or there's a Concrete/Core/Validation/BannedWord/BannedWordList, see the Conversations for example and /concrete/blocks/core_conversation_message/controller.php. Banned words added in the Dashboard > System & Settings > Conversations > Banned Words are saved in the database (table BannedWords) and then checked for in the conversation message validate_composer().
I made a quick Banned Words filter addition to my form block:
https://www.concrete5.org/marketplace/addons/contact-form1/...
I'm not familiar with express forms, but all you need to do is to add the below piece of code into the validation function and change/add the input fields accordingly:
https://www.concrete5.org/marketplace/addons/contact-form1/...
I'm not familiar with express forms, but all you need to do is to add the below piece of code into the validation function and change/add the input fields accordingly:
use Concrete\Core\Support\Facade\Config; $e = $this->app->make('helper/validation/error'); if (Config::get('conversations.banned_words') && ( $this->app->make('helper/validation/banned_words')->hasBannedWords($name) || $this->app->make('helper/validation/banned_words')->hasBannedWords($message))) { return $e; }
Thanks for making a form block, but I'm having trouble making it work. When I submit a form with banned words, the email gets sent without any filtering.
Tim
Tim
Which form (block) are you using: mine or concrete5's?
Have you enabled the Banned Words in Dashboard > System & Settings > Conversations > Banned Words?
Have you enabled the Banned Words in Dashboard > System & Settings > Conversations > Banned Words?
The website is registered at Concrete5 and I added the addon there first, then downloaded and installed it on the website.
I'm using the Advanced Contact Form (screenshot of icon and editing window attached)
Banned Words is enabled (screenshot attached).
Thanks,
Tim
I'm using the Advanced Contact Form (screenshot of icon and editing window attached)
Banned Words is enabled (screenshot attached).
Thanks,
Tim
And I assume you did type some of the word(s) in the name and message fields which are banned in the Dashboard (one of the 4 words there by default or added your own)?
Strange, it works for me (see attached)
Strange, it works for me (see attached)
https://www.concrete5.org/marketplace/addons/akismet...