SPAM from the contact form SPAM from the contact form
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

SPAM from the contact form

Started by KchoPrro, October 07, 2022, 08:41:55 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

KchoPrro

Hello friends;

I already had this SPAM problem with CPG 1.5.48. To solve it I had to disable the contact form.

Now I use CPG 1.6.20 and I have the same problem again, through the contact form (Active Capcha), I receive SPAM of this style (3 messages received yesterday):

Quote
This is a multi-part message in MIME format.

--b1_afafd8d8b6d2d88cac205c7aaeaf801e
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

Este correo electrónico fue enviado a 6-10-2022 23:22:21 utilizando el formulario de contacto en xxxxxxxxxxxxxxxxxxxxxxxxxxx/contact.php desde la dirección IP 45.139.122.241
El Anónimo llamado "kimmt18" con la direccion de correo qy11@akio24.officemail.in.net dijo:
Sexy teen photo galleries
http://latinaamor.energysexy.com/?rayna
ebony gay muscle porn free big women porn sites anil porn tube pain porn titles on cinemax nikki dial classic free porn




--b1_afafd8d8b6d2d88cac205c7aaeaf801e
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

Este correo electrónico fue enviado a 6-10-2022 23:22:21 utilizando el formulario de contacto en xxxxxxxxxxxxxxxxxxxx/contact.php desde la dirección IP 45.139.122.241<br /><br />
El Anónimo llamado &laquo;kimmt18&raquo; con la direccion de correo qy11@akio24.officemail.in.net dijo:<br /><br />
<div style="border:1px solid black">Sexy teen photo galleries<br />
http://latinaamor.energysexy.com/?rayna <br />
ebony gay muscle porn free big women porn sites anil porn tube pain porn titles on cinemax nikki dial classic free porn <br />
<br />
<br />
</div>

Any solution?  :-\

ron4mac

There is a captcha plugin that may be useful. It is broken for PHP 8, though.  But maybe, if you PM the author, he will fix it.

KchoPrro

Quote from: ron4mac on October 07, 2022, 12:31:03 PM
There is a captcha plugin that may be useful. It is broken for PHP 8, though.  But maybe, if you PM the author, he will fix it.

Thanks ron4mac. When I installed the plugin, it gave me problems. I have downgraded my PHP version to 7.4 and it has worked. I did some tests and everything is correct. I then upgraded the PHP version back to 8.1 and the plugin is still working fine. Now I just have to wait to see if this protection is enough.

Thank you  ;)

Joe Carver

I have started to take a look into updating the plugin. It might take some time though.

KchoPrro

Quote from: Joe Carver on October 11, 2022, 01:57:39 AM
I have started to take a look into updating the plugin. It might take some time though.

Thanks @Joe Carver  ;)

Joe Carver

Here is a Beta-level plugin.

It has been tested with CPG 1.6.20 and PHP 8. It is still in need of some more work, for
config settings, language, etc. and has not been tested with ecards. One odd behavior is
that it sometimes reopens on the Reg page after failing the captcha occasionally.

Please reply if it isn't working for you.

KchoPrro

Quote from: Joe Carver on November 30, 2022, 01:09:23 AM
Here is a Beta-level plugin.

It has been tested with CPG 1.6.20 and PHP 8. It is still in need of some more work, for
config settings, language, etc. and has not been tested with ecards. One odd behavior is
that it sometimes reopens on the Reg page after failing the captcha occasionally.

Please reply if it isn't working for you.

Thank you very much Joe. He apologizes for taking so long to respond.

I have installed the plugin and it works fine. I have not tried the eCard option, it is a feature that I have disabled in my CPG.

Attached the translation in Spanish (courtesy of Google). I have two doubts;

1- The plugin, once installed and added the reCAPTCHA keys, has no further configuration, correct?
2- Problem Solving CAPTCHA (problem_solving_captcha): v1.2 no longer works, should it be? I thought that both plugins could work simultaneously to strengthen security. In any case, if reCAPTCHA V2 is effective, it doesn't seem important that "Problem Solving CAPTCHA (problem_solving_captcha): v1.2" doesn't work, it will be easier for a user to contact using only reCAPTCHA.

Thanks for the work.

Joe Carver

You're most welcome. To answer:

  • Correct, no further configuration is needed.
  • Google only supports V2 & something called V3 now. Nothing about V1 is on the support pages now.

Thanks for the translation file, it will be added to the next release.

KchoPrro

Quote from: Joe Carver on December 19, 2022, 02:29:18 AM
You're most welcome. To answer:

  • Correct, no further configuration is needed.
  • Google only supports V2 & something called V3 now. Nothing about V1 is on the support pages now.

Thanks for the translation file, it will be added to the next release.

Thanks for responding, Joe.

Unfortunately, since I installed the plugin, SPAM has returned. Since December 18 these emails began to enter, practically one a day.

I guess the Google V2 capcha is not very difficult to crack for bored hackers with a lot of free time.

I will return to the previous protection with the phrases and answers, it seems more effective to me ;)

Joe Carver

Thanks for the report, unfortunately we are outnumbered in this fight...


  • There are bots/crawlers looking for submit buttons to deposit active / clickable links for SEO  and criminal distribution (like a squatting dog)
  • Search Google for reCaptcha Solving Service to see what we are up against

So, I invite you to try the quick and dirty mods to the plugin attached. It rejects any contact message that contains http or https. The error
message directs the user to go back and remove the text. No, this will not stop everything, but should make it somewhat more difficult for automated abuse.

The language is fixed within the codebase.php file. Look for those lines indicated at the top of the file. Again, this was done quick, but will be further developed
with the same applied to file Comments, where abuse gets incredibly bad.