Spam email from website form

Permalink
Has anyone come up with an addon that rejects submitted forms if they contain banned words or strings? My clients website already has a Captcha so I am almost certain that the rubbish is being submitted manually. Going through the submitted forms it is clear that we could eliminate 95% of all spam form submissions just by having a banned word or string list. I have looked at previous enquiries in the forum and everyone has focused on all sorts of solutions none of them particulary useful or practical.

wildfirelondon
View Replies:
hutman replied on at Permalink Reply
hutman
I have not tried this add-on but there is an add-on in the Marketplace that will connect you to akismet to provide this service

https://www.concrete5.org/marketplace/addons/akismet...
jasteele12 replied on at Permalink Reply
jasteele12
Many of my clients have this very same problem.

I've been thinking about creating an add-on package to address this problem, bur feel like it's something the core should address directly.

The current middleware approach to this problem seems very convoluted (to me at least) at this time...
linuxoid replied on at Permalink Reply
linuxoid
Many hosting providers have tools to fine tune spam filtering. Have you tried that? Increasing the hosting spam filter level may solve it.
wildfirelondon replied on at Permalink Reply
wildfirelondon
I am the hosting provider, it's my own server. As with most servers that resell hosting space the mail system is shared by all domains on the server. Spamcop filters work right across all the domains. I could exclude 95% of the spam coming into my client by making $ banned. As he is UK based and a community organisation there is no use for dollars. However other domains on the server do have international transactions so banning $ would hurt them big time. What is needed is something far more precise. There are banned words in Conversations, not having it in form submissions is bonkers. I agree with jasteele12 that it is something that the core should be dealing with.
jasteele12 replied on at Permalink Reply
jasteele12
I don't think the problem is with email spaham, it should be handled on the concrete5 form side (including Express, legacy forms, etc).

I have clients that get hammered by russian Cialis, Viagra, etc.

Waste of server resources, DoS, etc. long before the email delivery should be involved...
linuxoid replied on at Permalink Reply
linuxoid
Are you looking for an input field filtering?

Maybe this?
$th = $app->make('helper/text');
$th->match($pattern, $value); // Determine if a given string matches a given pattern

Or there's a Concrete/Core/Validation/BannedWord/BannedWordList, see the Conversations for example and /concrete/blocks/core_conversation_message/controller.php. Banned words added in the Dashboard > System & Settings > Conversations > Banned Words are saved in the database (table BannedWords) and then checked for in the conversation message validate_composer().
linuxoid replied on at Permalink Reply
linuxoid
I made a quick Banned Words filter addition to my form block:
https://www.concrete5.org/marketplace/addons/contact-form1/...

I'm not familiar with express forms, but all you need to do is to add the below piece of code into the validation function and change/add the input fields accordingly:
use Concrete\Core\Support\Facade\Config;
$e = $this->app->make('helper/validation/error');
if (Config::get('conversations.banned_words') && (
    $this->app->make('helper/validation/banned_words')->hasBannedWords($name) ||
    $this->app->make('helper/validation/banned_words')->hasBannedWords($message))) {
    return $e;
}
timothyrf replied on at Permalink Reply
Thanks for making a form block, but I'm having trouble making it work. When I submit a form with banned words, the email gets sent without any filtering.

Tim
linuxoid replied on at Permalink Reply
linuxoid
Which form (block) are you using: mine or concrete5's?

Have you enabled the Banned Words in Dashboard > System & Settings > Conversations > Banned Words?
timothyrf replied on at Permalink Reply 3 Attachments
The website is registered at Concrete5 and I added the addon there first, then downloaded and installed it on the website.

I'm using the Advanced Contact Form (screenshot of icon and editing window attached)

Banned Words is enabled (screenshot attached).

Thanks,
Tim
linuxoid replied on at Permalink Reply 1 Attachment
linuxoid
And I assume you did type some of the word(s) in the name and message fields which are banned in the Dashboard (one of the 4 words there by default or added your own)?

Strange, it works for me (see attached)