WordPress.org

Forums

Contact Form plugin and SPAM (46 posts)

  1. Cypher
    Member
    Posted 9 years ago #

    I've been using Ryan Duff's Contact Form plugin for a while now without any problems. It is the only way of getting in touch with me through my website short of posting a comment on one of my posts.

    However, for the past week or so I've been bombarded by spam sent through the contact form. Most of the emails have an attachment which, of course, I have no intention of running/loading/downloading..

    Are there are any varitions to the contact form plugin that will add some level of user-checking, captchas or anything of the sort??

    Regards

  2. jheyer
    Member
    Posted 9 years ago #

    I am also having the same problems with spam coming through my contact form. Wasn't there supposed to be a version 2.0 of the contact form? Maybe that will address this issue.

  3. Firas
    Member
    Posted 9 years ago #

    No, v2.0 won't happen for a while. We're releasing an update to v1 on Saturday to take care of this issue.

    Also, I gotta mention, I goddamn hate spammers. What a drag.

  4. jpettit
    Member
    Posted 9 years ago #

    i'll keep an eye out for that update...i've been bombarded in the past week! thanks!

  5. oriecat
    Member
    Posted 9 years ago #

    I'm confused, how could an email sent through the contact form include an attachment?

  6. Cypher
    Member
    Posted 9 years ago #

    oriecat, that's a damn good question. Majority of the spam I got was pretty much along the lines of "sdfdshfadf@<mydomain.com>" and nothing in the body of the email, so real useless spam. If you're gonna spam me, at least send me some deals on software or Viagra!

    There were however a few emails that claimed to have a 1k or so attachment. I direct all of my contact form messages to my gmail.com account, so perhaps it was just how Gmail was interpreting the content. I don't know.

    Regards

  7. Yeah, I'm getting spam as well, and I even have Bad Behavior installed. :(

    Eargerly awaiting the new version. :D

  8. Cypher
    Member
    Posted 9 years ago #

    It's Sunday now, where can we expect to see the update? On Ryan's site or elsewhere??

    Regards

  9. fromedome
    Member
    Posted 9 years ago #

    I've also been receiving similar spam through my contact form, starting this week. Personally I don't care -- but it looks like some of them are BCCd, and I don't want to be implicated as a spammer.

    I'd love for v2 to include an optional feature requiring people to type a randomly-generated text string represented as an image, as is commonplace across the web these days. That, I think, would all but eliminate non-human spam, especially if the randomly-generated images are done right.

    Are there any good non-WP-Plugin contact form options that you guys could recommend that already has that functionality?

  10. jalenack
    Member
    Posted 9 years ago #

    requiring people to type a randomly-generated text string represented as an image

    There are soooo many better ways. Captchas are unaccessible, inconvenient, eyesores, and things like pwncaptcha can break most of them.

    I'm a huge fan of Bad Behavior, and my contact form is free of spam because of it.

    Firas was talking about releasing a new version of wp-contact form with some spam protection in the immediate future. Hold out for that, I'd say.

  11. Firas
    Member
    Posted 9 years ago #

    Sorry guys, I got delayed. Expect a release tomorrow.

    For those curious, the spamming/attaching is done via injecting extra headers alongwith the 'From' field. It's not done using the actual html interface, but via other agents posting to the script.

    I agree with jalenack about captchas, but v2 will be modular anyway so if you really want one that snaps into wpcf someone will probably write it.

  12. I'm a huge fan of Bad Behavior, and my contact form is free of spam because of it.

    I have it installed and I'm still getting contact form spam.

    Then again, I do get quite a bit of bad bots on my site:

    Bad Behavior has blocked 13827 access attempts (spammers) in the last 7 days

  13. Ryan Duff
    Member
    Posted 9 years ago #

    Version 1.3 of WordPress Contact Form has been released. You can get it from here

    Offical post is here: http://ryanduff.net/archives/2005/09/13/wordpress-contact-form-13/

  14. jwurster
    Member
    Posted 9 years ago #

    I seem to be getting a conflict error.

    Fatal error: Cannot redeclare getip() (previously declared in /home/jimw3141/public_html/wordpress/wp-content/plugins/wp-advanced-stats.php:168) in /home/jimw3141/public_html/wordpress/wp-content/plugins/wp-contactform.php on line 180

    I had the wp-advanced-stats plugins deactivated. I can't even log out now.

    Any help would be appreciated.

  15. Firas
    Member
    Posted 9 years ago #

    jwurster: try replacing your wp-contactform.php with this.

  16. jwurster
    Member
    Posted 9 years ago #

    Firas: That works fine. What did you do?
    Thank you, jim

  17. Firas
    Member
    Posted 9 years ago #

    Changed the function name from getip() to wpcf_getip(). I like simple fixes.

  18. Cypher
    Member
    Posted 9 years ago #

    Just re-installed now, let's hope for no more spam! :)

    Regards

  19. king
    Member
    Posted 9 years ago #

    I just blocked the IP address through .htaccess. Here are the IPs that are abusing my site:
    167.193.194.101, 192.168.72.2, 193.172.234.131, 193.196.193.110, 209.149.150.18, 213.84.202.182, 62.59.31.61, 62.93.34.155, 66.166.127.226, 67.110.225.236, 69.93.229.226, 80.82.3.143

  20. fromedome
    Member
    Posted 9 years ago #

    Thank you; your time (and timeliness) are appreciated.

  21. Ajay
    Member
    Posted 9 years ago #

    I have been using PXS MailForm for quite a while now with no spam problems.

    Only irritating is live people who abuse.

  22. blah boy
    Member
    Posted 9 years ago #

    Thanks for the update. I had been starting to get spam as well just recently. :)

  23. fromedome
    Member
    Posted 9 years ago #

    Has this worked for anyone? I'm still getting spam.

  24. None here.

  25. Firas
    Member
    Posted 9 years ago #

    fromedome: this update doesn't stop spam per se—it is a security update that blocks header injection (eg, bcc:, cc:, to:, attachments etc). Ryan is working on a version that stops the more mundane variety of spam and we intend to have it out this week.

  26. fromedome
    Member
    Posted 9 years ago #

    Oh, sorry I missed that. The changelog said you had 'eliminated spam', so I wasn't sure if the error was on my end or not, or what that really meant. Either way, thanks again folks for your work.

  27. Well, if the bot attempts header injection, it stops right there and doesn't send the e-mail, doesn't it? If not, it should.

    Or it just blocking header injection and that's it? I mean, I don't know of any human who's gonna legitly want to inject headers...

  28. johanvanderwijk
    Member
    Posted 9 years ago #

    FYI: it seems that the 1.3 update has fixed the mailform spam problem for me :)

  29. Firas
    Member
    Posted 9 years ago #

    Viper007Bond: that's correct, try putting 'bcc:' in the 'Your Email' field. The point is that there may be bots who try to spam just the recipient with a message body--you know, the normal email spam thing.

    Although spamming people one HTTP POST at a time is on the verge of getting pretty desperate, I would say. Maybe the spammer needs to find a real job at that point.

  30. jpettit
    Member
    Posted 9 years ago #

    i'm still getting exactly the same type of spam as before although they now come in sequences of 4 at a time. (before i was getting 10 in a row)
    they look something like this:

    bazuknja@mydomain.com wrote:
    bazuknja@mydomain.com
    Content-Type: multipart/mixed; boundary="===============1340882059=="
    MIME-Version: 1.0
    Subject: 94cb0901
    To: bazuknja@mydomain.com
    bcc: PeiCanteenMc@aol.com
    From: bazuknja@mydomain.com

    This is a multi-part message in MIME format.

    --===============1340882059==
    Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit

    volz
    --===============1340882059==--

    Website: bazuknja@mydomain.com
    IP: 193.65.230.17

    any ideas on how i might stop this?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags