Jump to content

Welcome, Guest!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  • 0
elund

No CAPTCHA reCAPTCHA installed, but start receiving spam mails again

Question

The module "No CAPTCHA reCAPTCHA" is installed on https://www.prospeed.dk and I have not recieved spam mails for more than a half an year. Suddenly without changing anything I started recieving russian spam mails a few days ago.

My host provider tells med that it is not enough to have a frontend implementation, because you can make a "POST" request directly to the url https://www.prospeed.dk/kontakt-os. So a validation must also be done in the backend.

Does "No CAPTCHA reCAPTCHA" by Thirty Bees do validation in the backend?

If yes, how do I troubleshoot?

If not, can anyone recommend another CAPTCHA module?

Share this post


Link to post
Share on other sites

17 answers to this question

Recommended Posts

  • 1

I've just went over the code and found one bug. If the Login attempts is set to non-zero number, the validation for Contact controller is always skipped. So make sure it's zero until this bug is fixed.

0_1545852824274_f6117b6d-fe48-42c9-9969-1af971d61f98-image.png

  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0

It does perform backend validation, but it depends on override. Please ensure that the override for ContactController is installed (you can use overridecheck module to do this), and that you do not have override disabled in settings.

Share this post


Link to post
Share on other sites
  • 0

Nice - I didn't know this override check module, but looks like the nocaptcharrecaptcha override is active: 0_1545841138874_46c8cd22-6807-4013-a216-3f0740fedc18-image.png Also override is not disabled in the settings: 0_1545841207384_3d1af6b1-8ad8-4b60-955f-258aa39e29b5-image.png

Share this post


Link to post
Share on other sites
  • 0

So as I suspected the module is faulty not my theme... :) Hope devs have time soon to check it and fix the override if needed because it's quality module and we need captcha everywhere not just on contact page. ;)

Share this post


Link to post
Share on other sites
  • 0

Thank you @datakick - you are awesome as always!!! Will check and report back asap. I can report one more bug with 1.1.0 but it's not that important - it does not remove it's front override when uninstalling. One must manually delete it in order to install another module.

EDIT: Yes, it's working just as expected that way!!! Happy as hell!

Share this post


Link to post
Share on other sites
  • 0

@datakick - My login attempts is already set to zero, so this doesn't help me. @the-rampage-rado - Which free PrestaShop module did you install instead of the Thirty Bees module? I use the Panda theme: https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme. @SLiCK_303 - did you get your spam problem fixed?

Share this post


Link to post
Share on other sites
  • 0

@elund it seems to me that the captcha is working on your site. I've just performed simulated attack -- tried to submit new message via curl, with invalid captcha validation token. My attack attempt was successfully intercepted by the captcha module, see the screenshot.

How many spams are you receiving?

0_1545860241966_07d1b9d4-84c2-4a7b-8ae8-c69e128087e7-image.png

PS: from your screenshot it's apparent that you are not using latest version of the module. Maybe that would help

Share this post


Link to post
Share on other sites
  • 0

I received around 50 spam mails before my host provider stopped all mails from my shop. Is there a newer version than 1.1.0 of the module?

Share this post


Link to post
Share on other sites
  • 0

@elund said in No CAPTCHA reCAPTCHA installed, but start receiving spam mails again:

@datakick - My login attempts is already set to zero, so this doesn't help me. @the-rampage-rado - Which free PrestaShop module did you install instead of the Thirty Bees module? I use the Panda theme: https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme. @SLiCK_303 - did you get your spam problem fixed?

Contact form anti-spam: reCAPTCHA and blacklist v1.1.4 - by Presta.Site

If when installing it tells you that it can't be installed that's because the module here is not removing it's override on uninstall and you have to manually delete it. You must go to override/controllers/front/ and delete contact-blah-blah... one.

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
On 12/26/2018 at 8:37 PM, datakick said:

I've just went over the code and found one bug. If the Login attempts is set to non-zero number, the validation for Contact controller is always skipped. So make sure it's zero until this bug is fixed.

0_1545852824274_f6117b6d-fe48-42c9-9969-1af971d61f98-image.png

I just installed this module and the bug is still there. Is there a newer version than 1.1.0?

Edited by schmuck-checker

Share this post


Link to post
Share on other sites
  • 0

https://github.com/thirtybees/nocaptcharecaptcha

No, you can download the latest PRs but it will not be fixed with those. Just not use this function for now. The module works just fine w/o it.

And don't forget to use it on user creation form to avoid the issue with the spam registrations that plagues PS now (it's fixed by core updates but you should update the core for that).

Share this post


Link to post
Share on other sites
  • 0

Thanks for the fast reply. Yes, I've set the login attemps to zero.

I had a lot of russian spam mails and this was very annoying. There was a lot of russian text but I don't know what these mails are for. I just deleted them. But I had no spam registrations so far.

Share this post


Link to post
Share on other sites
  • 0

Yes, TB was not affected because the spammer was searching for PS shops but it's (was until the recent changes) principally the same system so could be affected. But with this free module you're OK.

If you want to use PS you have to pay for the previliege because there's no free captcha module for registrations.

Share this post


Link to post
Share on other sites
  • 0

If you are you will receive tons of new registrations with one of the names being a web address.

The thing is they have spam list and use a bot to crawl our sites and abuse the forms. They had the same thing for contact form an year ago but it got fixed and now they exploited that PS sends welcome email to the new customers.

Now the names are scrutinized little bit harder and this exploit is fixed but this module will help you battle this type of spam when they decide to not use URLs in the names.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×