Contact Form - Beta

PPNSteve

PPN Top 50
I'm see a large increase in spam messages, all following a certain pattern in both content and user email addresses.

Is there anything we can do to address this? human test and/or captcha??
 

Basti

Administrator
Staff member
Looks like they gotten around to the hidden spam prevention.
What do you guys think? Using admin security question? capchta, recaptcha. StopforumSpam plugin? Mix of all? Admin selectable?
 

PPNSteve

PPN Top 50
a selectable (1, 2, 3, etc., all), stackable combination of all you can get to work well for this.

personally I like the admin question (editable at will) and a good captcha.. maybe the stopforum spam plug in too.

lets see what others say..
 

cajkan

Active Member
I would like random simple questions.

Visitor perspective:
If you want to contact someone, you dont want to fill up any captchas or even worse if you type it wrong lol.
Im sure that you will leave it immediately.
 

Mark

Administrator
Staff member
yeah I would like to evolve this plugin further and it would be great to keep it simple to the point of not needing any captcha or word verification.

Amazingly I have still not been hit with any spam using this method, but PPNsteve perhaps you can post some examples of what the spammers are using and I can create a rule to keep them at bay on your list. For example, we can detect "http" in the message and simply tell people above teh textarea "no URL's allowed", history shows a spammer unable to post a URL is a spammer who doesn't bother :)
 

Mark

Administrator
Staff member
I will have an update posted in the next day or so for this:
Already done:
SMTP mail option
Security fix
Cosmetics
Code cleanup in line with 1.0 trends
Additional spam protection
 

PPNSteve

PPN Top 50
yeah I would like to evolve this plugin further and it would be great to keep it simple to the point of not needing any captcha or word verification.

Amazingly I have still not been hit with any spam using this method, but PPNsteve perhaps you can post some examples of what the spammers are using and I can create a rule to keep them at bay on your list. For example, we can detect "http" in the message and simply tell people above teh textarea "no URL's allowed", history shows a spammer unable to post a URL is a spammer who doesn't bother :)
sure.. its mainly junk spam..

Code:
senders_name : zdxtimKZ
senders_email : [EMAIL]haiktl428756@hotmail.com[/EMAIL]
senders_message : true religion outlet online store white true religion jeans for men true religion for sale white true religion jeans , httpwww.gen4sho.com  - true religion kids jeans , cheap true religion jeans for men true religion jeans for women cheap true religion jeans men true religion denim jacket true religion jeans outlet , ujhelyi kharitonov39s trasmission boullosa   metallically viner ottr hwachun niteyimana tripitaka mahjabeen kappen klaw39s compressions workpaper egeria rusnak demonstate rivercentre gunnarsson theares gambro39s pirrong tollhouse disseminators uneem aebersold nylen albuterol biocoenose kbci baralt execuitive gasmasks 
submit :
Code:
senders_name : dlvbngWR
senders_email : [EMAIL]iumsgb955210@hotmail.com[/EMAIL] senders_message : tiffany pendant tiffany initial necklace tiffany key chain tiffany heart bracelet discontinued tiffany jewelry , httpwww.antigai.org  - tiffany jewelry sale tiffany clearance , tiffany jewelry cheap tiffany infinity necklace tiffany cheap , sore legerton inria haunt submit :
etc.. sometimes 30 or 40 a day, other times just one or 2.
 

dobrev

New Member
Hello!
I'm trying to add a field for site url:
HTML:
        <div>
        <label for="senders_web">{$lng->ad_web}</label>
        <input type="text" name="senders_web" id="senders_web" size="50" />
    </div>
but there are some filters which formatted the text or just don't sending

the message
 

Mark

Administrator
Staff member
Hello, what exactly happens? Error messages?

Please note http is NOT allowed in any field, this might help you


HTML:
        <div>
        <label for="senders_web">{$lng->ad_web}</label>
        http://<input type="text" name="senders_web" id="senders_web" size="50" />
    </div>
 

dobrev

New Member
sent any text but if you enter url, show that the message was sent but I don't receive in the mail
Please note http is NOT allowed in any field, this might help you
So there is no way to send url with this contact form ?
Thank you.
 

Basti

Administrator
Staff member
It is part of the automated securing taking place in this plugin.

These are the allowed chars
a-zA-Z0-9,\-\.@\s
soo...

a-z, A-Z, 0-9, - , comma, dot, @, space (white space)
Anything other is removed from the text.

This is not perfect when using url input, so either do as mark said ( while any subfolder urls will have also problems with that ), or allow some more characters
in the plugins file sendmessage.php
Code:
            $value = preg_replace('/[^a-zA-Z0-9,\-\.@\s]/', '', $value);
So you want to enable also / and : signs if you want url field.
Code:
            $value = preg_replace('/[^a-zA-Z0-9,\-\.@\s\/:]/', '', $value);
This would allow these 2 extra characters in every field. If you only want it in your custom field, use
Code:
            $value = ($name == 'senders_web') ? preg_replace('#[^a-zA-Z0-9,\-\.@\s\/:]#', '', $value) : preg_replace('/[^a-zA-Z0-9,\-\.@\s]/', '', $value);
 

dobrev

New Member
Hi, Sorry for disturbing you again, but when i add last field from previous post where, adding my custom field and then when fill the form and submit it - again no e-mail message received. But if i remove only the following "\/" from regex it sends the e-mail but the url have missing the slashes. Any advice now...
 
Top