Forums

abuse of form

webcase 05 Nov, 2018
Hi!

Our client has a contact form in place, made with Chronoforms v5: https://www.ovoudemolen.nl/contact
As you can see we have built in recaptcha.

The form sender (website mailer) is info@ovoudemolen.nl.
The form is addressed to secretariaat@ovoudemolen.nl.

Our client reported this morning that the form seems to be abused.
A mail was sent through the form, but it was addressed to a website user 'Angelique Nuijten'.

​[file=11168]email-form-abuse.jpg[/file]

It seems someone was able to change the addressee in the form.

Can you help me to determine what happened?

Regards,
Maurice
GreyHead 05 Nov, 2018
Hi Maurice,

Please check that the Check ReCaptcha action is correctly set up - it looks to me as if I can submit the form without checking the ReCaptcha box - it reloads the form but doesn't show any error message. Is that correct?

I'm not sure haw the To Email Name could be changed - how do you have the Email action configured?

Bob
webcase 05 Nov, 2018
Hi Bob,

The Check ReCaptcha should be working fine - it did when I configured the form some time ago, anyway.
I just checked: site & secret key are correct and in place.
I see what you mean: the form indeed refreshes and shows no error when ReCaptcha is not checked. Strange. In the ReCaptcha is a validation message in place however. Could this be an issue with SEF URL's in combination with the form embedded in an article?

The configuration of the e-mail action:
[Basic]
To: secretariaat@ovoudemolen.nl
[Advanced]
Dynamic subject: Onderwerp (=subject field (hidden) in form)
Dynamic from / reply to / name are also filled out with the form fields Name & E-mail.

Hope this makes sense.
GreyHead 05 Nov, 2018
Hi Maurice,

It could be an issue with the URL - please try adding a full Action URL directly in the Display Section action
https://my_domain.com/index.php?option=com_chronoforms5&chronoform=form_name&event=submit

Bob
webcase 06 Nov, 2018
Thanks Bob,

I'm not sure how to do this.😟

Instead, I have done the following.

Since I remembered having issues earlier with embedded forms, I now have a menu-item in place that opens the form directly:
https://www.ovoudemolen.nl/contactformulier?view=form

This way the validations work fine, also the check on the ReCaptcha.

When you fill out the form and click the send button, the thank you message shows.

BUT: the e-mail action seems not to work.
I have my own e-mail address in place in the 'to' field.
Also, if I look at the Setup tab, all seems fine with the E-mail action (all checks are green).

Do you have a trouble shooter for this?

ps. I know we're a bit off topic here, since the reason for this ticket was a presumable abuse of the form🙂
GreyHead 06 Nov, 2018
Hi webcase,

Please drag a Debugger action into the On Submit event, then submit the form and post the debug - including the 'dummy emails' results here.

Bob
webcase 06 Nov, 2018
[h3]Uw bericht is verstuurd.[/h3]

Data Array
Array
(
    [view] => form
    [chronoform] => Contact
    [event] => submit
    [naam] => Maurice
    [email] => mail@webcase.nl
    [onderwerp] => 
    [bericht] => Dit is een test
    [g-recaptcha-response] => 03AMGVjXizxqT2F2bjXpXbjR76cxsaUtHesT4c-PVEKZrtd_9zQ3GJzRbIPrgQe6G69pjOM_c9HQ_mPUJG22iN_uhfJiqM2e1bh6fZGjE25mR5g1J_eu3BjAWy8O4Se6DAYFTGoGcjHdnkhx27XM3llrknkHK30LdT7foWLg6TquoI20ePo6KrksnXuACdHAJukgu4TokvcWn_kLreJl-b3gudgaVMHR6TBFUPw59Ah_qFDAxx15BYZGKFVY3L44d1ERpHMyveQNj2O8CGStLlgfhTYTyPk0GsKQ
    [submit5] => Nu versturen
    [ip_address] => 84.82.157.198
)
Array
(
)

Errors
Array
(
)

Debug Info
Array
(
    [1] => Array
        (
            [Email] => Array
                (
                    [0] => An email with the details below was sent successfully:
                    [1] => To:m.molenaar@webcase.nl
                    [2] => Subject:
                    [3] => From name:Maurice
                    [4] => From email:mail@webcase.nl
                    [5] => CC:
                    [6] => BCC:maurice.molenaar@gmail.com
                    [7] => Reply name:Maurice
                    [8] => Reply email:mail@webcase.nl
                    [9] => Attachments:
                    [10] => Array
                        (
                        )

                    [11] => Body:
<div class="gform-all">
<div class="gform-section">
<div id="ftr-name" class="gform-line-tr">
<div class="gform-line-td">Dit bericht is verstuurd via ovoudemolen.nl.</div>
<div class="gform-line-td">&nbsp;</div>
<div class="gform-line-td"><label class="gform-label-left" for="name">Naam:</label></div>
<div id="ftd-name" class="gform-line-td">
<div id="fin-name" class="gform-input-container gform-input">Maurice</div>
<div class="gform-input-container gform-input">&nbsp;</div>
<div class="gform-input-container gform-input">E-mail:</div>
</div>
</div>
<div id="ftr-email" class="gform-line-tr">
<div id="ftd-email" class="gform-line-td">
<div id="fin-email" class="gform-input-container gform-input">mail@webcase.nl</div>
<div class="gform-input-container gform-input">&nbsp;</div>
</div>
</div>
<div id="ftr-subject" class="gform-line-tr">
<div id="ftd-subject" class="gform-line-td">Bericht:</div>
</div>
<div id="ftr-message" class="gform-line-tr">
<div id="ftd-message" class="gform-line-td">
<div id="fin-message" class="gform-input-container gform-input">Dit is een test</div>
</div>
</div>
<div id="ftr-submit5" class="gform-line-tr">&nbsp;</div>
</div>
</div><br /><br />IP: 84.82.157.198
                )

        )

)
webcase 06 Nov, 2018
And - MAGIC - all of a sudden this form with the debugger added is send to my address!
This topic is locked and no more replies can be posted.