We are on Joomla 3.9.1 and the latest Chrono v5. Our forms have both reCaptcha v2 as well as data validation set for email address field and phone number. We are seeing large amounts of SPAM coming through with bogus data which shouldn't be passing due to the reCaptcha and field validations.
reCaptcha and field validation only stops automated tools, it won't stop a person sitting there and filling in the forms. What does "large amount of spam" constitute? And you're sure the reCaptcha is set up properly - you've tried to submit it without ticking the box?
I should mention we are very proficient with Chronoforms and are using it on countless number of sites with the Unlimited license. We are seeing about 3,000 form submissions so far today... I don't think someone is filling it out manually.
The form has been tested many times and the front end validations are working for humans...
The form has been tested many times and the front end validations are working for humans...
Got a link?
Can you send me or post here an example spam email including the header
I have the same problem. Website (https://www.huesy.ch) is running on Joomla 3.9.2, Chrono Forms V5.0.17, reCaptcha V2, PHP 7.2. The reCaptcha works well for humans.
SPAM mails arriving every five to ten minutes with the following content for example:
In the meantime, is there any idea?
Thank you very much
*********
[file=11560]huesy-chronoforms-1.png[/file]
SPAM mails arriving every five to ten minutes with the following content for example:
In the meantime, is there any idea?
Thank you very much
*********
Return-Path: <murachka94@inbox.ru> Delivered-To: info@huesy.ch Received: from srv1.tophost.ch by srv1.tophost.ch with LMTP id 6O7bEHdPWFxhMAEA/BOfDg for <info@huesy.ch>; Mon, 04 Feb 2019 15:43:03 +0100 Return-path: <murachka94@inbox.ru> Envelope-to: info@huesy.ch Delivery-date: Mon, 04 Feb 2019 15:43:03 +0100 Received: from huesy by srv1.tophost.ch with local (Exim 4.91) (envelope-from <murachka94@inbox.ru>) id 1gqfSh-000Kac-71 for info@huesy.ch; Mon, 04 Feb 2019 15:43:03 +0100 To: info@huesy.ch Subject: Anfrage vom Kontaktformular X-PHP-Script: huesy.ch/index.php for 31.184.238.9 X-PHP-Filename: /home/huesy/public_html/index.php REMOTE_ADDR: 31.184.238.9 Date: Mon, 4 Feb 2019 14:43:03 +0000 From: MelissaPiose <murachka94@inbox.ru> Reply-To: MelissaPiose <murachka94@inbox.ru> Message-ID: <fafd96d686359696fd58b3cf84c9a0ab@huesy.ch> X-Mailer: PHPMailer 5.2.26 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_fafd96d686359696fd58b3cf84c9a0ab" Content-Transfer-Encoding: 8bit This is a multi-part message in MIME format. --b1_fafd96d686359696fd58b3cf84c9a0ab Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Es ist eine neue Anfrage über das Kontaktformular von www.huesy.ch eingegangen: MelissaPiose 85724521893 murachka94@inbox.ru Привет. Погода холодная, самое время заводить новые знакомства к весне. Не нужно штаны просиживать, давай с нами сюда --> http://meeting-club.online Ja, ich bin mit der Datenverarbeitung einverstanden. --b1_fafd96d686359696fd58b3cf84c9a0ab Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <div style="font-family: Arial; font-size: 12px;">Es ist eine neue Anfrage über das Kontaktformular von www.huesy.ch eingegangen:<br /><br /> MelissaPiose<br /> <br /> <br /> 85724521893<br /> murachka94@inbox.ru<br /> Привет. Погода холодная, самое время заводить новые знакомства к весне. <br /> Не нужно штаны просиживать, давай с нами сюда --> http://meeting-club.online<br /> Ja, ich bin mit der Datenverarbeitung einverstanden.<br /> </div> --b1_fafd96d686359696fd58b3cf84c9a0ab--[file=11559]huesy-chronoforms-2.png[/file]
[file=11560]huesy-chronoforms-1.png[/file]
Hi @all!
We have the same issue on our website since january 2019. I looked into it and found out that Google Captcha is actually not blocking the spam!
I loged into my admin console on https://www.google.com/recaptcha/intro/v3.html and saw that on the days we received spam the google captchas where right! I always log the IP-adress in the email-form (just posting it in the email body) and got on form here on January 11 for example: https://www.stopforumspam.com/ipcheck/176.36.21.189
Can you check if it is the same for you? Then we have contact google about this...
Best Regards
Philipp
We have the same issue on our website since january 2019. I looked into it and found out that Google Captcha is actually not blocking the spam!
I loged into my admin console on https://www.google.com/recaptcha/intro/v3.html and saw that on the days we received spam the google captchas where right! I always log the IP-adress in the email-form (just posting it in the email body) and got on form here on January 11 for example: https://www.stopforumspam.com/ipcheck/176.36.21.189
Can you check if it is the same for you? Then we have contact google about this...
Best Regards
Philipp
Well your one says it's FROM
murachka94@inbox.ruWhich suggests it wasn't sent by your site. Does the email you receive SAY it's coming from where you're expecting it to come from?
Thank you healyhatman! Maybe I don't quite understand your question.
The content in the e-mail also has parts of the form template. All e-mails come from .ru addresses. I'm sure they come in via the Chronoforms component. If I disable the form, then no SPAM emails come in.
The form sends a confirmation to the sender address. Because these .ru addresses don't work, every time an error message comes from the server. Therefore we always get two messages at the same time.
The form was created from the Chronoforms example template and slightly modified. I don't know what I could change.
Should I create a new form with Chronoforms 6? Will the problems with the latest version disappear?
Thank you for your help.
The content in the e-mail also has parts of the form template. All e-mails come from .ru addresses. I'm sure they come in via the Chronoforms component. If I disable the form, then no SPAM emails come in.
The form sends a confirmation to the sender address. Because these .ru addresses don't work, every time an error message comes from the server. Therefore we always get two messages at the same time.
The form was created from the Chronoforms example template and slightly modified. I don't know what I could change.
Should I create a new form with Chronoforms 6? Will the problems with the latest version disappear?
Thank you for your help.
I don't know sorry, but updating to the current version can't hurt. I also sell a V3 plugin on my site if you want to use reCaptcha V3 frictionless.
This topic is locked and no more replies can be posted.