Announcement

Collapse
No announcement yet.

Getting hit hard with spam through the "contact us" form

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by ManagerJosh View Post
    Image verification will always be missing if you are logged in. If you are not logged in, then you will get the CAPTCHA.
    D'oh! (hits self on head)

    Okay, lemme' log out and see what appears.




    There's the CAPTCHA.

    Somebody is either typing in a CAPTCHA every 20 minutes, or the Ukranians have cracked it.
    Cyburbia Forums - a third place for urban planners
    http://www.cyburbia.org/forums

    Comment


    • #32
      Check your server logs to see if there are any repeated GET requests for the CAPTCHA.
      ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
      Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

      Comment


      • #33
        3.6.0 will have a much better captcha support.

        Comment


        • #34
          Originally posted by cyburbia View Post
          D'oh! (hits self on head)

          Okay, lemme' log out and see what appears.
          LOL the same happened to me. I turned on the image verification and didn't saw it. Until I logged out....

          I hope this helps to avoid the spam I'm getting thru sendmessage.php

          Comment


          • #35
            I have noticed an increase in spam too, even with image verification. If I have the time I will investigate the apache log files to see how they've done it or if they use a unique useragent string or something to make blocking them easier.

            Comment


            • #36
              Here's how I deal with it, via "Contact Us Options":



              Even with image verification off, this simple method worked perfectly.

              No spammer ever figured out that they should change the default setting. Every legitimate contact us user changed the setting.

              Gmail's spam filtering picked up only the spam messages. Problem solved.

              Comment


              • #37
                Check Here
                Italian Body Building & Fitness : www.BodyWeb.com
                Italian unofficial support Forum : www.vBulletin.it

                Comment


                • #38
                  Undertoad! Great suggestion, I just added this to my site. There's using your noggin'

                  Comment


                  • #39
                    Originally posted by Undertoad View Post
                    Here's how I deal with it, via "Contact Us Options":



                    Even with image verification off, this simple method worked perfectly.

                    No spammer ever figured out that they should change the default setting. Every legitimate contact us user changed the setting.

                    Gmail's spam filtering picked up only the spam messages. Problem solved.
                    Yea another proof imagination is more important than knowledge.
                    You're spending millions of dollars on a website?!

                    Comment


                    • #40
                      I think they are even smarter! They hacked the entire contact us script of VB! Take a look at this header:
                      Code:
                      Received: (qmail 19317 invoked by uid 33); 2 Aug 2006 07:04:19 +0200
                      Date: 2 Aug 2006 07:04:19 +0200
                      To: [email protected]
                      Subject: [email protected]
                      From: "Flosoft.biz" <[email protected]>
                      Auto-Submitted: auto-generated
                      Message-ID: <[email protected]>
                      MIME-Version: 1.0
                      Content-Type: text/plain; charset="ISO-8859-1"
                      Content-Transfer-Encoding: 8bit
                      X-Priority: 3
                      X-Mailer: vBulletin Mail via PHP
                      VBulletin needs to fix this before they release 3.6!! This is an major bug in their system.

                      Comment


                      • #41
                        I think you're incorrect. I don't see how they've done that. X-mailed: vbulletin mail via php is correct, that's the internal vbmail();

                        Which version of vbulletin are you using, are you still getting hit? do you have image verfication on? try upgrading to 3.6

                        Comment


                        • #42
                          Originally posted by Floris View Post
                          I think you're incorrect. I don't see how they've done that. X-mailed: vbulletin mail via php is correct, that's the internal vbmail();

                          Which version of vbulletin are you using, are you still getting hit? do you have image verfication on? try upgrading to 3.6
                          I'm using version 3.5.2.
                          Image Verification is active.
                          I will try 3.6 as soon as the stable candidate is out, but I suppose from the other posts that they also have these problems with 3.6.

                          Florian

                          Comment


                          • #43
                            Changes are they are using a potential xss exploit to bypass permissions and use sendmessage.php anyway. Upgrade to at least 3.5.4

                            Comment


                            • #44
                              Originally posted by Floris View Post
                              Changes are they are using a potential xss exploit to bypass permissions and use sendmessage.php anyway. Upgrade to at least 3.5.4
                              Well, I'll wait for 3.6 and tell you then what the result is I'm to lazy to upgrade all the system for now

                              Comment


                              • #45
                                The funny thing is that I rarely receive spam through my contact e-mail address. I tend to get spam through my forum account e-mail address. The two e-mail accounts are separate.

                                Originally posted by Sergio68 View Post
                                Interesting.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X