-
Posts
-
I added the privacy policy message checkbox to all contact forms on a few sites earlier today. It didn’t take long and the first spam messages came in (sent through the contact forms). The strange thing is that the privacy policy message is set to false. When I try that manually (checkbox not checked), the form cannot be submitted but somehow the bots can send messages through the forms.
Here are two of the spam messages (the full headers are in the private content field). These were sent through the forms of two different domains on different hosts.
—
Name: antonylawry0
Email: (Email address hidden if logged out)
Phone: 0477 31 59 74Your Message: This site really has all of the information I wanted concerning this subject and didn’t know who to ask.
I agree to the terms and conditions laid out in the Privacy Policy.: false
—
Name: jacquelinehunt8
Email: (Email address hidden if logged out)
Phone: 463 4678Your Message: It’s going to be ending of mine day, however before ending I am reading this enormous paragraph to increase my knowledge.
I agree to the terms and conditions laid out in the Privacy Policy.: false
—
Is there an explanation or even better a fix?
Hey essjb,
Thank you for using Enfold.
I’m not really sure how they’re getting past the contact form. Have you tried installing Sucuri? This article might help.
Best regards,
IsmaelThank you, Ismael. For now I will just enable the built-in captcha. We’re not getting too many of these messages and maybe the captcha will prevent it.
I just don’t understand how the form can be submitted with a false value and since the privacy policy message checkbox is an Enfold feature, I thought your devs might want to look into this.
Here is an Podcast from a lawyer about the risk to Implement a privacy checkbox in contact forms.
Hokuspokus… I know this podcast. He’s not talking about the checkbox in general but about asking the user to agree to the way the data is processed within the contact form. His opinion is that you don’t need to do this at all and that it can even do harm. Other “experts” say that you definitely need a checkbox and ask the user to agree to the way the data is processed within the contact form. Therefore we use a compromise of both opinions but everybody needs to make this decision for themselves. We probably won’t know which “experts” are right for 2-3 years :-)
I have the same problem as initially described. Although the checkbox is mandatory, I receive at least 10 spam emails a day with checkbox = false.
I tried it with and without visible captcha but it makes no difference. Any news on this?Hi,
These bots may bypass our javascript validation and so they’re able to send the form without ticking the checkbox. We’ll look into it and check if we can block this – but to be honest this is a low priority issue at the moment and it will take some time.
Best regards,
DudeAre there any news to this topic? We have the same problem and get many spam mails a day with checkbox = false
Hi seykom,
Please open a new thread and include admin login details in private so that we can have a closer look at your site.
Best regards,
RikardHi,
Have you tried the plugins mentioned above? What is the current theme version? Please upgrade to v4.5.
Best regards,
IsmaelHi,
Have you tried the plugins mentioned above? No
What is the current theme version? 4.4
Please upgrade to v4.5. DONE but still the same thingHi,
Thanks for the update. You should try those plugins or implement a google recaptcha widget in the contact form for added security.
// https://kriesi.at/support/topic/contact-form-attack/#post-1005828
Snippet: https://pastebin.com/zZXQaLwP
Best regards,
IsmaelHi!
Yes, you have to add it in the functions.php file. It would be better if you have a child theme or just install this plugin add the snippet in the custom functions panel.
// https://wordpress.org/plugins/my-custom-functions/
Cheers!
Ismael
- You must be logged in to reply to this topic.