Support » Plugin: Contact Form 7 » Empty spam messages

  • Resolved akerbeltzalba

    (@akerbeltzalba)


    I’m having a real problem with empty spam messages. Every day, I get about 20 messages, all following the same pattern:

    From: 59eecb3de0261 <jbm5210@gmail.com>
    Subject:

    Message Body:


    This e-mail was sent from a contact form on Akerbeltz Translations (http://www.akerbeltz.com)

    The first few digits (59ee…) tend to remain the same for a month, but the rest changes from message to message

    59eecb3de0261
    59ee401706464
    59ee3fd3a9fdc
    59ee3e0f8619c

    Then once a month or so, the first few digits also changes (which is why at the moment I’m regularly having to create new rules to direct these directly to Spam through my email host).

    The email similarly always changes but I’m pretty sure none of them are “real”:

    <cutterh2o2@zoominternet.net>
    <randycantera25@gmail.com>
    <kelchhome@cox.net>
    <llennox@yahoo.com>

    Now I don’t quite get why anyone would send empty spam but it’s quite annoying, especially when I occasionally check my spam folder for any false positives.

    I’m not sure what the issue here is but it seems to me that the plugin should disallow empty form submissions, whether they’re bot spam or by real people who forgot (?) to add a message.

    The page I need help with: [log in to see the link]

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    Use these spam protection features.

    I have Akismet, which doesn’t fix this particular issue.

    Can’t remember now what but there was a problem with reCAPTCHA.

    Not tried Comment Blacklist, will have a look.

    But why would you write the plugin in a way that it allows empty submissions?

    Blacklist won’t work… as I said, the submissions are all empty, so I can’t blacklist specific words…

    Ah that was the problem … Google’s reCAPTCHA only works with Contact Form 7 if you have a Pro account. You have to use BestWebSoft’s form in order to use reCAPTCHA without Pro.

    Hi barnez

    Thanks for the suggestion, I installed honeypot but that there is still spam arriving at my email host – would honeypot messages be caught at the WordPress/Akismet level or does honeypot aim to make it easier for email providers to pick up spam?

    And whoever marked this as resolved has an itchy trigger finder cause it is NOT resolved…

    I have the exact same issue with one of contact forms on my site, can confirm that using akismet and cf7 honeypot does not solve this issue

    @akerbeltzalba

    If the honeypot field is completed by a bot then the email is not sent. Make sure that the form-tag is set to something innocent like [honeypot email-21] rather than [honeypot honeypot]. Another thing you could try is to add the special mail-tag [_remote_ip] to the form. Then you can check and blacklist their IP or IP range through .htaccess.

    @pidengmor
    If by that you mean the instruction

    1. Choose “Honeypot” from the CF7 tag generator. Recommended: change the honeypot element’s ID.

    then I did that. And clearly the email keeps coming.

    I’m hesitant to start blocking IP ranges as that’s an area I’m not very familiar with other than that I’ve had problems with my own (legit) IP getting wrongly blacklisted now and then.

    @takayukister
    What I don’t get is why CF7 allows the sending of an empty form *at all*, I cannot imagine a scenario where that is a desirable user action. At best, a user has accidentally deleted their message or typed it in the wrong field. At worst, it allows spam like this to come through, making user go through code contortions to try and work around this. CF7 should just not allow an empty-message submission, end of…

    • This reply was modified 1 year, 5 months ago by  akerbeltzalba.

    @akerbeltzalba

    Have you tried setting the subject and message body fields to required (*). That would prevent the messages from being sent without these fields being completed. e.g.

    +++++++++++++++++++++++

    <p>Your subject:
    [text* your-subject] </p>

    <p>Your message:
    [textarea* your-message] </p>

    +++++++++++++++++++++++

    <sigh> no I haven’t, I didn’t realize I had to hack this plugin for it to do something, well, fairly basic. Thanks for the suggestion, I’ve put that in, fingers crossed.

    @pidengmor I’m cautiously optimistic, I put that * in 2 1/2 days ago and don’t seem to have had one of “those” spam messages since. I’ll watch it for a bit longer but it seems to be working, so thank you very much!

    @takayukister may I humbly suggest you make that field compulsory by adding the *? It seems a simple change and if someone wants to allow submission of empty messages (???) they can always remove it. But it seems much more logical for a default setting to require a submission form to have … a message to submit 🙂

    Happy to hear that the spam has dried up for now 🙂

    Just to confirm, the empty spam messages have completely dried up.

    Had a colleague today who put CF7 on his site (Executive2020) and within hours he had picked up a dozen of these too. Fortunately the fix worked for him as well – makes me think even more that the * should be there by default!

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Empty spam messages’ is closed to new replies.