We keep getting contact us form Spam with catpcha enabled and cloudflare "Im under attack" mode enabled. I've even firewalled against massive lists of known spammer IPs. We get about 10 emails a day, mostly in Russian about casinos.
This is our site:
https://www.pcmtec.com/contactus
How are they getting through this? Is there another page URL that handles the submission that the spammers are calling directly?
Is there anyway to disable the contact us page or change the URL at least? I can't find anywhere to disable it.
Anyone know of any anti spam plugins that check usernames against a list of known spammers? Invision community has an excellent anti spam filter for sign up. If I had time I'd look at implementing my own.
Be happy to pay for the nopcommerce developers time to help rectify this. Is there any paid support we can utilise?
Contact Us form Spam with catpcha and cloudflare "Im under attack" mode
MVP
- 11320
- 100942
- 5/22/2011
- United States
I don't think there is a way to disable it, except to remove the html/form in the .cshtml page.
This may interest you
https://www.nopcommerce.com/en/boards/topic/63152/spam-control-quick-fix#231059
This may interest you
https://www.nopcommerce.com/en/boards/topic/63152/spam-control-quick-fix#231059
- 3
- 15
- 7/7/2020
- Australia
Those database triggers do look useful, but I feel like it will accidentally catch real emails and miss spam.
Really need to outsource this to an external service, or figure out how the spammers get past the captcha and cloudflare check. I doubt they are paying a click farm to manually send these emails.
Really need to outsource this to an external service, or figure out how the spammers get past the captcha and cloudflare check. I doubt they are paying a click farm to manually send these emails.
- 1
- 5
- 11/16/2020
- Finland
It seems that the ContactUs page is hard-coded and spammers know that URL. There is no way to prevent calling the ContactUs form from the shop config itself, it just hides it. However, you can block it by making a URL filter. Just install Request Filtering to IIS and add the following code to the web.config (and modify the Redirect URL to match your own webshop URL)
<httpErrors errorMode="DetailedLocalOnly">
<remove statusCode="404" subStatusCode='-1' />
<error statusCode="404" path="https://www.myownwebshopurl.com" prefixLanguageFilePath="" responseMode="Redirect" />
</httpErrors>
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="/contactus" />
</denyUrlSequences>
</requestFiltering>
</security>
<httpErrors errorMode="DetailedLocalOnly">
<remove statusCode="404" subStatusCode='-1' />
<error statusCode="404" path="https://www.myownwebshopurl.com" prefixLanguageFilePath="" responseMode="Redirect" />
</httpErrors>
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="/contactus" />
</denyUrlSequences>
</requestFiltering>
</security>
- 72
- 470
- 8/23/2020
- United States
I also have recaptcha enabled and use cloudflare. Received a spam email just today wich was in the message queue.
Is the only way to stop spam in the contact us page to block the page altogether? I read somewhere that you can use the contact tab in product details as spammers dont usually access it or something to that nature.
Can we change the url in the routing controller? Or will that brerak something else. Noob source code editor talkin here.
Is the only way to stop spam in the contact us page to block the page altogether? I read somewhere that you can use the contact tab in product details as spammers dont usually access it or something to that nature.
Can we change the url in the routing controller? Or will that brerak something else. Noob source code editor talkin here.