WordPress.org

Ready to get started?Download WordPress

Forums

Custom Contact Forms
Spam gateway - do not use "as-is" (9 posts)

1 star
  1. roaima
    Member
    Posted 1 year ago #

    This plugin looks absolutely fantastic, and on an internal wordpress site could be really useful. Unfortunately the plugin, as written, provides a route for spam to be sent to anyone via the website it's installed into.

    As such I cannot recommend it at the moment.
    Sorry.

  2. Taylor Lovett
    Member
    Plugin Author

    Posted 1 year ago #

    The plugin includes recaptcha support....

  3. roaima
    Member
    Posted 1 year ago #

    The recaptcha does nothing whatsoever to mitigate the problem. CCF is still a Spam gateway.

  4. roaima
    Member
    Posted 1 year ago #

    Sadly even with version 5.1.0.3 I can still route spam through anyone else's Custom Contact Forms. No login required.

  5. Triton Webmaster
    Member
    Posted 1 year ago #

    I added the reCaptcha keys but there is no option in the dropdown to add the reCaptcha. All I get is the poor "captcha" option.

  6. Triton Webmaster
    Member
    Posted 1 year ago #

    The Google reCaptcha doesn't work because there is no entry in the wp_customcontactforms_fields SQL table for it. So no it doesn't have "reCaptcha" but only a simple "captcha" which all spam bots can get around.

  7. roaima
    Member
    Posted 1 year ago #

    The captcha, recaptcha, whatever is completely irrelevant. The HTML code that is generated by the form makes it trivial for a third party to send email through your mailer. This completely bypasses the validation.

    Want an example? Let me know your WordPress contact page and an (obfuscated) target email address I should hit, and I'll demonstrate.

    Sigh.

  8. Triton Webmaster
    Member
    Posted 1 year ago #

    @roaima: I completely believe you. No worries. I've already looked at the code and can see it.

  9. knappen
    Member
    Posted 1 year ago #

    @roaima: I am interesting fixing this problem- globally if I can, or at least locking down an installation if I cannot.

    Unfortunately, I do not see a way to email you directly. Please send me your contact info at M8R-im95d4(at)mailinator.com and I will email you back from a proper address for details.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.