Tagged: CONTACT FORM, enfold, mandatory fields, spam
-
AuthorPosts
-
February 7, 2018 at 6:14 pm #909332
Hello,
A client of mine has been receiving spam through the Enfold contact form.
Required fields were not filled in. The spam mail shows the following text:By sending this contact form, I agree that the personal details I have entered (first and last name, e-mail address, country, subject and message) will be stored and used exclusively in processing my request. My personal details will be treated with strict confidentiality and will not be passed to third parties.: false
All contact forms use captcha. Scan summaries show no infected files.
Please find your login credentials below. Thanks for your assistance.
February 7, 2018 at 8:52 pm #909396Hey hasbeat,
Can you please post for us the different licenses of the theme per domain, so we can go through?
Thank you very much
Best regards,
BasilisFebruary 8, 2018 at 8:24 pm #909928This reply has been marked as private.February 10, 2018 at 10:54 pm #910658Hi,
Thank you very much for that, we do appreciate it a lot!
I am going here
https://www.klotz-ais.com/contact-form/and testing the forms and I cant see any issue related to it or any problem when trying to submit, so there is no JS error.
To move forward can you please show us an email, so we can see a bit more how it comes?Best regards,
BasilisFebruary 12, 2018 at 11:02 am #911005This reply has been marked as private.February 12, 2018 at 8:10 pm #911309Hi,
Hm, that looks strange because no other field is selected.
It seems to be that they have just closed the messages as a scan and emailed, so they can create a spam flow to the server provider.
That happens to all the domains?Best regards,
BasilisFebruary 13, 2018 at 8:29 am #911564This reply has been marked as private.February 13, 2018 at 9:45 pm #911906Hi,
That is really strange.
not sure where the issue is comming from – what we can suggest is to re-create the capctcha from the google api.Best regards,
BasilisFebruary 14, 2018 at 8:53 am #912139This reply has been marked as private.February 14, 2018 at 8:40 pm #912461Hi,
how you enabled your API key? Just change it from there so we can test if that could help!
Best regards,
BasilisFebruary 19, 2018 at 1:15 pm #914229This reply has been marked as private.February 20, 2018 at 3:36 am #914638Hi,
I can’t submit the details in the contact form when the mandatory fields are empty. How are you doing it? Are you receiving the email even without a form submission?
Best regards,
IsmaelFebruary 20, 2018 at 8:08 am #914729This reply has been marked as private.February 20, 2018 at 8:49 pm #915004Hi,
It simply cant be from the form.
The point is that they are doing it from the source. They scan your source of the code and they are going from there to send messages.
There is not a lot we can do from out side right now.
You need to investigate, find the IP and block it…Best regards,
BasilisFebruary 26, 2018 at 5:40 pm #917900This reply has been marked as private.February 28, 2018 at 8:32 am #918851Hi,
They can get around with the contact form validation by editing the shortcodes.js file directly in the browser sources panel. This block of code checks if the fields are valid.
if(send.validationError == false) { if(form.data('av-custom-send')) { mailchimp_send(); } else { send_ajax_form(); } }
You can send the form without filling in the fields by removing the validator.
if(form.data('av-custom-send')) { mailchimp_send(); } else { send_ajax_form(); }
I don’t know what they will accomplish by doing that but it’s possible.
Best regards,
IsmaelFebruary 4, 2019 at 2:23 pm #1062685Hello,
one of our customers is having the same issue: From time to time, the contact form is being send without filling out the defined mandatory fields. We’re using the most recent versions of everything (WordPress, Enfold, Plugins).Can you please have a look at this?
- This reply was modified 5 years, 9 months ago by jochenmaier.
February 4, 2019 at 6:16 pm #1062775Hi there,
a client just informed me that they have exactly the same issue. Form being sent with passing the mandatory fields and captcha. Is this something we need to worry about from a security standpoint? Is there a fix for that behavior or is this a technique every form can be tricked with? This feels not ok.Best,
ThorstenFebruary 6, 2019 at 5:12 am #1063449Hi,
@jochenmaier: Which of the mandatory fields are sent without being filled? Are you receiving any kinds of spam emails?
@hyperbrand: No, it’s not really that critical. Worst case scenario is you’ll receive a lot of spams from automated scripts or bots. You can install a more secure contact form plugin like Contact Form 7 plus the the Google reCAPTCHA extension or the Honeypot plugin.
// https://contactform7.com/recaptcha/
// https://wordpress.org/plugins/contact-form-7-honeypot/We might release a spam protection feature for the theme’s contact form aside from the default captcha field, but it’s still under consideration because users have to generate a new pair of API key from Google, which proves to be troublesome after the last time they introduced the map API keys.
// https://www.google.com/recaptcha/intro/v3.html
Best regards,
IsmaelFebruary 6, 2019 at 9:21 am #1063529Hi Ismael,
thanks for your reply.
Which of the mandatory fields are sent without being filled?
>> The only mandatory field, that is being filled out, is “Einwilligung zur Verarbeitung meiner personenbezogener Daten.”
>> All the other mandatory fields e.g. Name, E-Mail, … are not being filled out.Are you receiving any kinds of spam emails?
>> yes.Thanks!
February 6, 2019 at 11:21 am #1063561Hi,
@jochenmaier: Thank you for that info. How long have you been receiving these spam emails? Would you mind if access the WP dashboard and you file server? Please create a new ticket or thread and post the necessary login details in the private field.Best regards,
IsmaelFebruary 6, 2019 at 1:15 pm #1063598Hi all,
similar behavior over here. The first checkbox regarding GDPR is mandatory. The second Checkbox is optional. None of the other form fields are being sent.
Ich habe die Datenschutzerklärung gelesen und stimme der Verwendung meiner Daten im Rahmen meiner Anfrage zu.: false
Ich möchte darüber hinaus regelmäßig per E-Mail über Wildnis in Deutschland informiert werden. Über (Email address hidden if logged out) kann ich diese Zusage jederzeit widerrufen.: false
@Ismael: To avoid spam protection because of user convenience is the way to go then? I think that is not what I as a customer expect from a theme developer. Telling a client the theme developer might consider fixing a spam problem with his contact form is embarrassing. Turning away from your responsibility to fix/optimize the spam protection of Enfold just feels bad. Sorry, but that’s how your response comes across.Best,
ThorstenFebruary 6, 2019 at 6:32 pm #1063715Hello Ismael,
please find more information in the private content section.
We receive Spam from time to time since about 3-4 weeks.
BR, Jochen- This reply was modified 5 years, 9 months ago by jochenmaier.
February 7, 2019 at 11:15 am #1064017Hi,
@hyperbrand: I’m sure you’re fully aware of the captcha option in the contact form element and I think it counts as spam protection, so I’m not sure why you’re saying we are avoiding this. Yes, it’s basic but that is enough for most users and that is actually what you’ll get from a lot of themes available in the market. We are just considering adding more security features but even that will not ensure that you’ll prevent these spams because everything can be hacked nowadays, it’s just a matter of time.
@jochenmaier: Please transfer your details to another ticket or thread because the original poster here will be able to see it. Let’s continue there.Best regards,
IsmaelFebruary 7, 2019 at 11:19 am #1064020Hi,
@jochenmaier: Please include the login details of your file server so that we can add or edit files.Best regards,
IsmaelFebruary 7, 2019 at 11:39 am #1064033February 8, 2019 at 7:23 am #1064434Hi,
@jochenmaier: Thanks. Let’s continue on that thread.I’ll be closing this thread for now. Please feel free to open a new thread if necessary.
Best regards,
Ismael -
AuthorPosts
- The topic ‘Receiving spam through contact form’ is closed to new replies.