Spam attack via contact form

[vsn]

Dear all, I am currently suffering under a heavy spam attack. The standard contact form is used filled with target email address and target message. After submitting it, a confirmation email is automatically sent out from the e-shop server to the target email address compromising my email address, domain and server IP. 

As a workaround I renamed contact form URL, this helps for a while. But as the contact form is a public URL it can be used again any time.

I am using google re-captcha v2. This does not help, they somehow overcome it. Re-captcha V3, which seems to be more advanced, does not work.

Any ideas???

[datakick]

38 minutes ago, vsn said:

Dear all, I am currently suffering under a heavy spam attack. The standard contact form is used filled with target email address and target message. After submitting it, a confirmation email is automatically sent out from the e-shop server to the target email address compromising my email address, domain and server IP. 

As a workaround I renamed contact form URL, this helps for a while. But as the contact form is a public URL it can be used again any time.

I am using google re-captcha v2. This does not help, they somehow overcome it. Re-captcha V3, which seems to be more advanced, does not work.

Any ideas???

There's a bug in captcha module that allows contact form submission when Login attempts settings is set to non-zero value. So this should be the first thing you should check.

[vsn]

It was indeed set to 1, just changed it back to zero. I will check it helps. Thanks!

 

Edited July 23, 2019 by vsn

[led24ee]

I remember this. For me solution was module : Contact form anti-spam: reCAPTCHA and blacklist v1.1.4

Also I use this this one too : Blackhole for Bad Bots v1.0.2

Edited July 23, 2019 by led24ee