-
Posts
-
Hallo Zusammen,
wieso bekomme ich über das kontaktformular von Enfold Spammails, trotz Rechenaufgaben captcha, aber vor allem haben die die Datenschutzbestimmungen gar nicht akzeptiert? Bekomme die Mails mit dem Hinweis false bei Datenschutzbestimmungen.
Gibt es da Hilfe?Danke und Gruß
KiMHello everybody,
Why do I get over the contact form of Enfold Spammails, in spite of arithmetical problem captcha, but above all, did not accept the data protection regulations? Get the mails with the note false for privacy policy.
Is there any help?Thanks and regards
KiMZudem finde ich es etwas seltsam, dass das Fragezeichen beim Rechencaptcha beim eingeben oder einfach nur auf das Feld klicken nicht verschwindet, sieht kaputt aus…
In addition, I find it a bit strange that the question mark in the Captcha when enter the answer or just click on the field does not disappear, looks broken …
Hi,
Thank you for the update.
Have you tried using the Google reCAPTCHA option instead of the default captcha question? It’s a much better form of protection compare to the default captcha. Please visit the documentation for more info.
// https://kriesi.at/documentation/enfold/contact-form/#activate-google-captcha
And you should install plugins like Sucuri or WordFence to enchance the overall security of the site.
Best regards,
IsmaelHi Ismael,
thank you for your answer but thats not really the point of my question(s).
1. Why is it possible to send a (Spam) Mail with not every * (required) information filled out?
2. Why does the question mark in the enfold capture not disappear so it looks broken if you use it?Anyway to your question:
Last time I tried reCaptcha it was not GDPR compliant.
I will check the plugins you recommended, thanks for this.Hi,
Thank you for the update.
1.) They probably found a way to bypass the captcha option. How? We don’t really know. It’s not really spam-proof, but it should be enough to prevent a lot of basic spam scripts. This is why you have to implement additional steps like installing a security plugin to protect the site against these scripts.
2.) Which question mark? Could you provide a screenshot?
Best regards,
IsmaelHi,
Thank you for the screenshot.
That is the default behavior of the captcha field. If you want to remove the question mark while typing on the input field, try to edit the config-templatebuilder > aviashortcodes > contact > contact.js file, look for this code around line 31:
send.button.on('click', checkElements);Below, add this code:
var captcha = form.find('.captcha'); label = form.find('.value_verifier_label'); captcha.focus(function() { var l = $(label.selector); var e = l.text(); l.text(e.replace("?", "")); });Best regards,
IsmaelVielen Dank! Teste ich bei Gelegenheit. Sollte man vielleicht auch in das nächste Update übernehmen? ist zwar kein Fehler, sieht aber wie einer aus ;)
Lieber Gruß
Thanks a lot, let me check that..
Maybe it should be in the next Update? it is not a really error, but it looks like ;)Best KiM
Hi,
Alright! Let us know if it helps. We’ll forward the request to the team for further considerations.
Best regards,
IsmaelHi Ismael,
I have the same issue since very long time now. And its reported in several threads.Some russian spammers have a method to send the form without checking the checkbox (proof see below)
nor solving the equation (most likely).Example of one e-mail received:
Name: Jessecug
E-Mail: (Email address hidden if logged out)
Betreff: кедр сибирский в подмосковьеNachricht: кедр сибирский крупномер
питомник кедров московская область
Ich stimme der Datenschutzerklärung zu: false
Another observation: I have changed the URL of the form – but that does not help – or at best only for some hours.
So guess they can search for the form. Can we avoid this?I think there must be a method – e.g. some injection to overrule the checks. I see the input tag refers to the URL of the page with the form itself. Where are these checks really implemented ?
Please have a look into that issue.
First we don’t want to use Google captcha as it tracks our visitors. Second, I think it will not help – as they have found a way to circumvent the checks!
br W.
Hi sthubertus,
Please open a new thread and include WordPress admin login details in private so that we can have a closer look at your site.
Best regards,
RikardAnd let me know the new thread, because I have the Same Problem and want to know the Solution! :-D
Best Regards
KimHi,
@sthubertus & @Blatze: Have you tried enabling the Google ReCAPTCHA option instead of using the default captcha? This should help prevent spams and unwanted emails. You could also install a security plugin such as WordFence to further enhance the site security.Best regards,
IsmaelIn Germany this is not really an option because of the DSGVO or in english GDPR…. it is not compliant..
Hi,
Thank you for the update.
When the Google ReCAPTCHA is enabled, we could set the Privacy & Cookie > Cookie Handling > Default Cookie Behavior to the third or fourth option to prevent the spam protection scripts from loading without user consent. This should be in compliance with DSGVO rule and policy.
Best regards,
IsmaelHi, I have activated re-captcha v2 and it seems to helps.
I am using 3rd option. ( user must opt-in, only nec. cookies are selected)
Wenn moving to the form – no Google cookie.
If captcha clicked, Google sets a cookie like:
NID:”204=u60MzEG2q5mw1cy5g9TqGpD0Asq-cnlG6NAkF2BZVN2AJDCNtG_TZBKTJz3a_ubEJRQQsksBikka4anskFZCEtRrNeEanbQ3K1GW1-ua6vffWMw3U4I4AMuWA0a09RTHolkyP-dQigw9HWD7iE1kHG2ZkVXv5VjRpAEBQrJiB7M”
with a long time-out
“Läuft ab / Höchstalter:”Wed, 05 May 2021 07:27:57 GMT””
To be compliant, at least I would need to have a googel consent button. But as GDPR requires deactivation per default, this would mean that per default (What I suppose most people would choose) then the contact forms would not work….
Not a nice solution.I kindly ask to check why the Math-captcha allows seemingly injection ( as the checkbox for agreement in this case is not checked and nevertheless the form is sent), and implement a honeybot.
br
WolfgangAnd Not only the Cookie is the Problem! I don‘t now which data google saves if someone visits the site!
Hi,
@sthurbertus: They probably created a script that is able to inject values to the default captcha and fake input fields which is a simple form of honeypot. To further protect the site, we recommend installing a security plugin, or using a different contact form with more security features.
@Blatze: Google will not be able to gather or save any data when the scripts are blocked, so setting the Default Cookie Behavior to the third or fourth option should be compliant enough with the DSGVO policy.If you have any additional questions at this time we kindly ask that you open them up in a separate thread. The longer threads get in the forum, they become more difficult to support as they tend to drift off topic and they also make it troublesome for users trying to search for solutions. Keeping threads relevant to their original inquiry ensures that we can keep better track of what has been resolved and that users can more effectively find answers to similar issues they might be experiencing.
Thanks!
Best regards,
Ismael
- The topic ‘Spam Mails’ is closed to new replies.