The "Contact Us" link you can display in forum footer. Do you not think it needs group permissions who can use it? I have it activated on my forum and quite a number of times now I've received spam emails via it from guests. Just watched a Russian spammer using it "spotted listed in who's online", seconds later email from them. I think group permissions are needed so you can rule out guests being able to use it sending you email junk from board.
I would hate to think how much it would get used by guests spammers if having a big board, going off how many spam emails I've got via it so far running a very small inactive forum with next to nothing going on. Or at least have that page so it uses anti-spam validation like forums do for guests.
Contact Us page needs group permissions
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Re: Contact Us page needs group permissions
https://area51.phpbb.com/phpBB/viewtopi ... 41#p265941
nickvergessen wrote:No, the page is linked on registration if the user is unable to solve the captcha.Meis2M wrote:Now I can see Contact page here in area51. It seems it's merged thanks. This system use captcha?
Member of the phpBB Development-Team
No Support via PM
No Support via PM
Re: Contact Us page needs group permissions
So then what is to stop spam bots from posting to the contact page once 3.1 goes gold?
Do not hire Christian Bullock he won't finish the job and will keep your money
Re: Contact Us page needs group permissions
Your "Contact Board Administration" extension? xDRMcGirr83 wrote:So then what is to stop spam bots from posting to the contact page once 3.1 goes gold?
- Dragosvr92
- Registered User
- Posts: 624
- Joined: Tue May 31, 2011 12:08 pm
- Location: Romania
- Contact:
Re: Contact Us page needs group permissions
"No, the page is linked on registration if the user is unable to solve the captcha."RMcGirr83 wrote:So then what is to stop spam bots from posting to the contact page once 3.1 goes gold?
Im guessing the Captcha that appears to guests that try to message the admin.
Previous user: TheKiller
Avatar on Memberlist 1.0.3
Avatar on Memberlist 1.0.3
Re: Contact Us page needs group permissions
I don't get this because I use Q/A and not Captcha for registration. So anyone sending email from board using Contact us doesn't need solve any Captcha image on my forum. Whether or not that then is linked to fact I use Q/A and not Image Captcha at registration, no idea?
But reading what you're saying here is as though you mean, if you use Captcha and not Q/A at registration, then that Captcha will be used for Contact Us page also, while Q/A doesn't get used on both if using that for registration - is that correct?
Further more... what I've spotted in Google Search is that it indexes Contact Us page as it's own page to hit, so if there's no anti-spam validation used on it, or permissions to exclude guests from using it. Then you're going to get a lot of spam over time because spam bots can easy search (target) that page out listed in google across lots of phphBB sites.
If honest, I'm a little bemused why you'd even add Contact Us page and not include anti-spam validation or group permissions with it. It's asking for spam to happen sent out by spam bots, you might as well just never use the feature, don't think using a mod to (add anti-spam) validation is the answer either. It should be their on that page stock, along with groups permissons also to decide if guests can even use contact us.
But reading what you're saying here is as though you mean, if you use Captcha and not Q/A at registration, then that Captcha will be used for Contact Us page also, while Q/A doesn't get used on both if using that for registration - is that correct?
Further more... what I've spotted in Google Search is that it indexes Contact Us page as it's own page to hit, so if there's no anti-spam validation used on it, or permissions to exclude guests from using it. Then you're going to get a lot of spam over time because spam bots can easy search (target) that page out listed in google across lots of phphBB sites.
If honest, I'm a little bemused why you'd even add Contact Us page and not include anti-spam validation or group permissions with it. It's asking for spam to happen sent out by spam bots, you might as well just never use the feature, don't think using a mod to (add anti-spam) validation is the answer either. It should be their on that page stock, along with groups permissons also to decide if guests can even use contact us.
Re: Contact Us page needs group permissions
I said before, one purpose of this form is to able to contact the board admin if you can't solve the captcha. So it can't be disabled for the guest and it can't be protected by a captcha.
Before the admin address email was exposed in this case so it was worse...
Before the admin address email was exposed in this case so it was worse...
Member of the phpBB Development-Team
No Support via PM
No Support via PM
Re: Contact Us page needs group permissions
Absolutely nothing. I'm using other forum software that has contact form, had to modify contact form code a bit because of huge amount of spam I was getting.RMcGirr83 wrote:So then what is to stop spam bots from posting to the contact page once 3.1 goes gold?
Contact form will be heavily spammed. Spammers don't care if they get to send their message to 1 user or whole forum, 1 user without catpcha is better than 0 because of captcha so they will spam contact form.
Formerly known as CyberAlien.
Free phpBB styles | Premium responsive XenForo styles | Iconify - modern open source replacement for glyph fonts
Free phpBB styles | Premium responsive XenForo styles | Iconify - modern open source replacement for glyph fonts
Re: Contact Us page needs group permissions
That! One solution that works for my sites is, that part of the form DOM (<form>, <input type="submit"> or the best is hidden field) is generated by JS. The best solution is to generate hidden field which makes form submission pass the php validation, or to generate action attribute of form tag by JS. I know, that this makes form unsubmittable to users with JS turned off, but I can imagine 99% webmasters be more happy with that, than inbox full of spam.Arty wrote:Contact form will be heavily spammed. Spammers don't care if they get to send their message to 1 user or whole forum, 1 user without catpcha is better than 0 because of captcha so they will spam contact form.