Data Validation and reCaptcha still allowing SPAM through

tschoch 21 Jan, 2019
We are on Joomla 3.9.1 and the latest Chrono v5. Our forms have both reCaptcha v2 as well as data validation set for email address field and phone number. We are seeing large amounts of SPAM coming through with bogus data which shouldn't be passing due to the reCaptcha and field validations.
healyhatman 21 Jan, 2019
reCaptcha and field validation only stops automated tools, it won't stop a person sitting there and filling in the forms. What does "large amount of spam" constitute? And you're sure the reCaptcha is set up properly - you've tried to submit it without ticking the box?
tschoch 21 Jan, 2019
I should mention we are very proficient with Chronoforms and are using it on countless number of sites with the Unlimited license. We are seeing about 3,000 form submissions so far today... I don't think someone is filling it out manually.

The form has been tested many times and the front end validations are working for humans...
tschoch 21 Jan, 2019
https://www.clevelandmanagement.com/
healyhatman 21 Jan, 2019
Can you send me or post here an example spam email including the header
webhand 04 Feb, 2019
I have the same problem. Website (https://www.huesy.ch) is running on Joomla 3.9.2, Chrono Forms V5.0.17, reCaptcha V2, PHP 7.2. The reCaptcha works well for humans.

SPAM mails arriving every five to ten minutes with the following content for example:
In the meantime, is there any idea?

Thank you very much


*********

Return-Path: <murachka94@inbox.ru>
Delivered-To: info@huesy.ch
Received: from srv1.tophost.ch
	by srv1.tophost.ch with LMTP id 6O7bEHdPWFxhMAEA/BOfDg
	for <info@huesy.ch>; Mon, 04 Feb 2019 15:43:03 +0100
Return-path: <murachka94@inbox.ru>
Envelope-to: info@huesy.ch
Delivery-date: Mon, 04 Feb 2019 15:43:03 +0100
Received: from huesy by srv1.tophost.ch with local (Exim 4.91)
	(envelope-from <murachka94@inbox.ru>)
	id 1gqfSh-000Kac-71
	for info@huesy.ch; Mon, 04 Feb 2019 15:43:03 +0100
To: info@huesy.ch
Subject: Anfrage vom Kontaktformular
X-PHP-Script: huesy.ch/index.php for 31.184.238.9
X-PHP-Filename: /home/huesy/public_html/index.php REMOTE_ADDR: 31.184.238.9
Date: Mon, 4 Feb 2019 14:43:03 +0000
From: MelissaPiose <murachka94@inbox.ru>
Reply-To: MelissaPiose <murachka94@inbox.ru>
Message-ID: <fafd96d686359696fd58b3cf84c9a0ab@huesy.ch>
X-Mailer: PHPMailer 5.2.26 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_fafd96d686359696fd58b3cf84c9a0ab"
Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_fafd96d686359696fd58b3cf84c9a0ab
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

Es ist eine neue Anfrage über das Kontaktformular von www.huesy.ch eingegangen:
MelissaPiose


85724521893
murachka94@inbox.ru
Привет. Погода холодная, самое время заводить новые знакомства к весне. 
Не нужно штаны просиживать, давай с нами сюда --> http://meeting-club.online
Ja, ich bin mit der Datenverarbeitung einverstanden.


--b1_fafd96d686359696fd58b3cf84c9a0ab
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<div style="font-family: Arial; font-size: 12px;">Es ist eine neue Anfrage über das Kontaktformular von www.huesy.ch eingegangen:<br /><br />
MelissaPiose<br />
<br />
<br />
85724521893<br />
murachka94@inbox.ru<br />
Привет. Погода холодная, самое время заводить новые знакомства к весне. <br />
Не нужно штаны просиживать, давай с нами сюда --> http://meeting-club.online<br />
Ja, ich bin mit der Datenverarbeitung einverstanden.<br />
</div>



--b1_fafd96d686359696fd58b3cf84c9a0ab--
​[file=11559]huesy-chronoforms-2.png[/file]
​[file=11560]huesy-chronoforms-1.png[/file]
PhilippD 12 Feb, 2019
Hi @all!
We have the same issue on our website since january 2019. I looked into it and found out that Google Captcha is actually not blocking the spam!

I loged into my admin console on https://www.google.com/recaptcha/intro/v3.html and saw that on the days we received spam the google captchas where right! I always log the IP-adress in the email-form (just posting it in the email body) and got on form here on January 11 for example: https://www.stopforumspam.com/ipcheck/176.36.21.189

Can you check if it is the same for you? Then we have contact google about this...

Best Regards
Philipp
healyhatman 13 Feb, 2019
Well your one says it's FROM
murachka94@inbox.ru
Which suggests it wasn't sent by your site. Does the email you receive SAY it's coming from where you're expecting it to come from?
webhand 14 Feb, 2019
Thank you healyhatman! Maybe I don't quite understand your question.

The content in the e-mail also has parts of the form template. All e-mails come from .ru addresses. I'm sure they come in via the Chronoforms component. If I disable the form, then no SPAM emails come in.

The form sends a confirmation to the sender address. Because these .ru addresses don't work, every time an error message comes from the server. Therefore we always get two messages at the same time.

The form was created from the Chronoforms example template and slightly modified. I don't know what I could change.

Should I create a new form with Chronoforms 6? Will the problems with the latest version disappear?

Thank you for your help.

healyhatman 14 Feb, 2019
I don't know sorry, but updating to the current version can't hurt. I also sell a V3 plugin on my site if you want to use reCaptcha V3 frictionless.
This topic is locked and no more replies can be posted.