Spam bot attacking my site

10 replies · opened Apr 18, 2019

Ssoluser1Apr 18, 2019

Hi,

Recently we started to get LOTS of spam contacts from our page.
We have google recaptha installed (v2) however it still happens.

www.chromasol.com is our site.

All the emails I receive contain a name (numeric) and a random email address, eg:

Name 5cb83f92ad7a5
Email example-email@gmail.com

It doesn't contain a message (which is a required field)

Please help... we are getting swampped!!!!

Thanks

Ssoluser1Apr 18, 2019

I just tried to update to Google Re-Captha v3

I changed the codes on index and and now I get an error saying: ERROR for site owner: Invalid key type

Ssoluser1Apr 18, 2019

Pleeeese help... we are being swamped!!!

Ssoluser1Apr 18, 2019

I've been trying to understand how the BOT workds and added some other fields... including teh bot-check

See attached... they are setting it to "1" which surely must mean a BOT... but still getting through.

I must be doing something wrong...

PLEASE HELP!

Ssoluser1Apr 18, 2019

Hello? We are getting swamped with spam. Can you help?

SSemicolon WebSTAFFApr 19, 2019

Hello,

Thanks for your Patience!

We have checked out your Page and the issue appears to be with the Codes on the Page. There are several HTML Validation Errors on your Page: https://validator.w3.org/nu/?doc=http%3A%2F%2Fwww.chromasol.com%2F and also the LG-contactform-botcheck appears to be included twice on the Page which might be causing these issues. The reCaptcha appears to be working fine for us. Please make sure that you check all the HTML related errors and other Customized Code errors on your Page so that there are no unexpected issues.

Additionally, the Latest Version of the include/form.php is incredibly secure against SPAM and Our Live Previews uses the same versions which have reduced the SPAM to 1%! So we highly recommend you to make sure that all the Default Codes from the Package are used.

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

Ssoluser1Apr 20, 2019

Hi,

I have followed you instructions and I am still getting spam... lots of it

Is there an easy way to block all where name has a number in it??

Eg of SPAM:

Form Response
Name
5cbb1c3b6c497
Email
sjessamine68@gmail.com

This Form was submitted from: http://chromasol.com/

SSemicolon WebSTAFFApr 21, 2019

Hello,

We are really not sure about the SPAM you are receiving but we can assure you that it is not related to the Canvas Template. Additionally, there have been no reports of SPAM since the New Updates. We recommend you to kindly renew your reCaptcha Keys but if you are facing the issues, please provide us with the include/form.php File via Dropbox so that we can check it out and point you to the possible issues with the codes. Thanks for your Patience.

Meanwhile, do let us know if we can help you with anything else or if you find any further issues with Canvas.

Ssoluser1Apr 23, 2019

Hi,

We have previously been using wordpress without any issue with spam. We changed to Canvas because we wanted something more manageable and lightweight.

We are now getting crazy amounts of spam. I have regenerated the reCaptcha keys but no difference.

It is though it is completely ignoring the checks in form.php as it doesnt even fill out all the required fields.

I have tried renaming things, changing directories.

Here is the form.php

https://www.dropbox.com/s/r7ongu133yuor2t/form.php?dl=0

Please help

Ssoluser1Apr 24, 2019

Hi,

I have managed to stop the SPAM however the solution makes me worry about how they are attacking in teh first place.

I created a copy of the form on index and made a copy of Form.php calling it form_.php.

In the new form_.php I set up a dummy email address.

I then commented out the new form in Index.

However, teh result is the bot that is doing the SPAM pick up the new (commented) form and processes it... ignoring the real form.

WHY???????????????????

SSemicolon WebSTAFFApr 25, 2019

Hello,

Thanks for your Patience!

We have been actively checking Our Codes for a while. Honestly, there are no reports of SPAM Attacks on any of our User's websites after upgrading the codes to the new include/form.php File. So, your Website is definitely an exception because if reCaptcha cannot protect SPAM, then there is a Serious Issue.. Now there can be different causes for this:

  1. Your servers are not secure enough to combat SPAM when passing through the Mail Servers.

  2. The SPAM bots have been using a Browser with JS turned off which causes the required Fields to not work correctly.

In order to fix this, you can simply add the following code:

if ( empty( $_POST['template-contactform-message'] ) || empty( $_POST['template-contactform-message'] ) ) {
	echo '{ "alert": "error", "message": "Some Fields in the Form are empty. Please try again." }';
	exit;
}

just after if( $_SERVER['REQUEST_METHOD'] == 'POST' ) { Line of code in the include/form.php File which will force the user to Fill up these fields.

Hope this Helps!

Let us know if we can help you with anything else or if you find any further issues.

Have the same question, or something new?

Sign in to the Canvas dashboard to reply or open your own topic. Canvas owners get direct help from the SemiColonWeb team.

Reply on the dashboard