No CAPTCHA reCAPTCHA installed, but start receiving spam mails again

[elund]

The module "No CAPTCHA reCAPTCHA" is installed on https://www.prospeed.dk and I have not recieved spam mails for more than a half an year. Suddenly without changing anything I started recieving russian spam mails a few days ago.

My host provider tells med that it is not enough to have a frontend implementation, because you can make a "POST" request directly to the url https://www.prospeed.dk/kontakt-os. So a validation must also be done in the backend.

Does "No CAPTCHA reCAPTCHA" by Thirty Bees do validation in the backend?

If yes, how do I troubleshoot?

If not, can anyone recommend another CAPTCHA module?

[datakick]

I've just went over the code and found one bug. If the Login attempts is set to non-zero number, the validation for Contact controller is always skipped. So make sure it's zero until this bug is fixed.

[datakick]

It does perform backend validation, but it depends on override. Please ensure that the override for ContactController is installed (you can use overridecheck module to do this), and that you do not have override disabled in settings.

[elund]

Nice - I didn't know this override check module, but looks like the nocaptcharrecaptcha override is active: Also override is not disabled in the settings:

[the.rampage.rado]

What theme do you use? With warehouse I have this issue on all TB shops and I was forced to uninstall this module and install one free module for PS instead.

[SLiCK_303]

I too am getting Russian emails, with nocaptcha/recaptcha insalled and running. You are not alone.....

[the.rampage.rado]

So as I suspected the module is faulty not my theme... :) Hope devs have time soon to check it and fix the override if needed because it's quality module and we need captcha everywhere not just on contact page. ;)

[the.rampage.rado]

Thank you @datakick - you are awesome as always!!! Will check and report back asap. I can report one more bug with 1.1.0 but it's not that important - it does not remove it's front override when uninstalling. One must manually delete it in order to install another module.

EDIT: Yes, it's working just as expected that way!!! Happy as hell!

[elund]

@datakick - My login attempts is already set to zero, so this doesn't help me. @the-rampage-rado - Which free PrestaShop module did you install instead of the Thirty Bees module? I use the Panda theme: https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme. @SLiCK_303 - did you get your spam problem fixed?

[datakick]

@elund it seems to me that the captcha is working on your site. I've just performed simulated attack -- tried to submit new message via curl, with invalid captcha validation token. My attack attempt was successfully intercepted by the captcha module, see the screenshot.

How many spams are you receiving?

PS: from your screenshot it's apparent that you are not using latest version of the module. Maybe that would help

[elund]

I received around 50 spam mails before my host provider stopped all mails from my shop. Is there a newer version than 1.1.0 of the module?

[the.rampage.rado]

@elund said in No CAPTCHA reCAPTCHA installed, but start receiving spam mails again:

@datakick - My login attempts is already set to zero, so this doesn't help me. @the-rampage-rado - Which free PrestaShop module did you install instead of the Thirty Bees module? I use the Panda theme: https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme. @SLiCK_303 - did you get your spam problem fixed?

Contact form anti-spam: reCAPTCHA and blacklist v1.1.4 - by Presta.Site

If when installing it tells you that it can't be installed that's because the module here is not removing it's override on uninstall and you have to manually delete it. You must go to override/controllers/front/ and delete contact-blah-blah... one.

[Batman]

On 12/26/2018 at 8:37 PM, datakick said:

I've just went over the code and found one bug. If the Login attempts is set to non-zero number, the validation for Contact controller is always skipped. So make sure it's zero until this bug is fixed.

I just installed this module and the bug is still there. Is there a newer version than 1.1.0?

Edited May 5, 2019 by schmuck-checker

[the.rampage.rado]

https://github.com/thirtybees/nocaptcharecaptcha

No, you can download the latest PRs but it will not be fixed with those. Just not use this function for now. The module works just fine w/o it.

And don't forget to use it on user creation form to avoid the issue with the spam registrations that plagues PS now (it's fixed by core updates but you should update the core for that).

[Batman]

Thanks for the fast reply. Yes, I've set the login attemps to zero.

I had a lot of russian spam mails and this was very annoying. There was a lot of russian text but I don't know what these mails are for. I just deleted them. But I had no spam registrations so far.

[the.rampage.rado]

Yes, TB was not affected because the spammer was searching for PS shops but it's (was until the recent changes) principally the same system so could be affected. But with this free module you're OK.

If you want to use PS you have to pay for the previliege because there's no free captcha module for registrations.

[Batman]

Thank you for your fast reply. Yes, it's pretty cool that it's a free module on TB. But how can I know if I'm affected or not?

[the.rampage.rado]

If you are you will receive tons of new registrations with one of the names being a web address.

The thing is they have spam list and use a bot to crawl our sites and abuse the forms. They had the same thing for contact form an year ago but it got fixed and now they exploited that PS sends welcome email to the new customers.

Now the names are scrutinized little bit harder and this exploit is fixed but this module will help you battle this type of spam when they decide to not use URLs in the names.

[DRMasterChief]

Hello,  maybe we should try to implement another hurdle for the spammers and use their own ideas....  e.g. the name (and maybe other fields too)?  Not sure, but could it be possible in thirtybees to check the fields by a simple code like this if they contain 'forbidden words'  like http?

(preg_match("/http/",$justanexample)

What does devs say to this?  @Traumflug 

[the.rampage.rado]

@datakick since your last update to this module I had no issues. In the past few days I'm getting spam on only one of my 3 shops.

 

Module version: 1.1.2 (with 0 at login settings, but it should be fixed, right?) But I had 'disable captcha when logged in. Could a bot keep a cookie?

Edited August 11, 2021 by the.rampage.rado

[datakick]

13 hours ago, the.rampage.rado said:

@datakick since your last update to this module I had no issues. In the past few days I'm getting spam on only one of my 3 shops.

 

Module version: 1.1.2 (with 0 at login settings, but it should be fixed, right?) But I had 'disable captcha when logged in. Could a bot keep a cookie?

How many spams do you get?

I personally have one spammer as well, but I'm almost sure it's not automated script. From access logs it looks like somebody do this manually. And there's not much I can do about that.

I have set up Conseqs module rule to block sending contact_form email to customers, so this spam attempts do not bother me much, as I'm the only one who actually receive the spam emails. 

[30knees]

20 hours ago, the.rampage.rado said:

@datakick since your last update to this module I had no issues. In the past few days I'm getting spam on only one of my 3 shops.

 

Module version: 1.1.2 (with 0 at login settings, but it should be fixed, right?) But I had 'disable captcha when logged in. Could a bot keep a cookie?

I'm also getting lots of spam these past days, also using Module v 1.1.2.

[bhtoys]

I'm also getting at least two spam emails a day from my shop. 
Never used to... only been happening for a week or so now. 

 

[the.rampage.rado]

On 8/12/2021 at 9:39 AM, datakick said:

How many spams do you get?

I personally have one spammer as well, but I'm almost sure it's not automated script. From access logs it looks like somebody do this manually. And there's not much I can do about that.

I have set up Conseqs module rule to block sending contact_form email to customers, so this spam attempts do not bother me much, as I'm the only one who actually receive the spam emails. 

It might be just the case. Too busy these days to search the logs but will find time asap.

One or two emails a day.

[the.rampage.rado]

Today I managed to be on my PC when this happened:

212.107.27.6

Blocked, will see if I would need to ban the whole country.

 

Also, american IPs are browsing for out of stock items. When the email is registered for notification does TB send out an email? @datakick do you have any stats if this feature is used at all? I imagine very little people use it.

Edited August 13, 2021 by the.rampage.rado

[led24ee]

On 8/13/2021 at 12:58 PM, the.rampage.rado said:

Blocked, will see if I would need to ban the whole country.

I found this for whole country (I think this language will not problem) https://prog.olsztyn.pl/iptools/