Chinese spam from qq dot com through contact form

[cprats]

One of my sites has recently been flooded with spam mail through contact form, with some 10,000 emails from qq dot com addresses. As the system sends a confirmation message to the sender ("Your message has been correctly sent"), I had the same amount of outgoing mail, and the hosting company suspended outgoing mail from the domain. I installed the No Captcha reCAPTCHA module, and I also blocked all Chinese IP ranges through .htaccess, and this stopped the flood of junk mail. As this website is based in the US I could use the Captcha module with no worries about cookies and EU laws, but here is the question: what happens if one of my sites based in the EU is spam bombarded? Using cookies there would be quite more complicated, as I would need to block all cookies with a GPRD module, and wait and see if the visitor wanted to allow cookies on his computer of if he ever bothered to click the "accept" button on a bottom bar. Meanwhile, as cookies should be disabled for Captcha until visitor's acceptance, Chinese bots would be able to continue spamming with no limits, as Captcha would not display for them neither unless they accidentally clicked on the "accept cookies" button.

Is there a way to avoid sending the "Your message has been correctly sent" message when contact form is used?

[wakabayashi]

I can't answer your question.

But in general I would just use the working solution you have got. I believe you won't get any big problem, if you use the reCaptcha module in the eu.

 

[AndyC]

As a test try and remove email from from customer contacts in admin ... I've had to do that because as soon as I put a email address in there I get flooded with 100 + a day or 1 every 5 minutes.. I think it is down to your hosting like mine ...Am trying to move to another once I can find a decent alternative

 

[cprats]

I did a little hack with @datakick Blackhole for Bad Bots wonderful module and .htaccess again. Here is what I did to alternatively solve this issue without having to block large ranges of IPs:

I've changed the contact-us friendly url to domain.com/random-url

I've set disallow rules for bots under robots txt for the former url /*contact-us. Nothing better to get sure spambots will use that link than setting a disallow rule for it.

I've redirected domain.com/contact-us to blackhole for bad bots in .htaccess file and I've had some fun watching that pest being trapped there.

Here's the .htaccess code for if anyone needs it:

Redirect 302 /contact-us https://www.yourdomain.com/modules/blackholebots/blackhole/

(remember to change the /contact-us url for your contact page to anything else and to clear cache before making the redirect in .htaccess)

Edited February 21, 2020 by cprats

[Rhapsody]

Nemo has a blog post that works for preventing these types of spam.  It was written for PS but I am using it successfully in TB 1.0.8 as an override for ContactController.php

http://nemops.com/blocking-spam-emails-in-prestashop/#.Xm7Zx6hKiUk

[AndyC]

Sorry to drag up an old post.. I've just had a renew attack from qq.com on my main site ..Played around with some settings with no avail... So I thought I would try the TB nocaptcha again..After working i tout and getting it to work, I don't seem to be getting any of them anymore.

Out of curiosity can this cause any issues with your website , like slow it down or cause high traffic etc   

[datakick]

8 hours ago, AndyC said:

Out of curiosity can this cause any issues with your website , like slow it down or cause high traffic etc   

Bots roaming through your site and trying to submit forms will definitely consume some of the resources. There is not much you can do to prevent this (unless these bots come from the same IP address) That's a cost of running the website business, I'm afraid. 

[Traumflug]

There are tools like fail2ban to deal with such robots. Needs root level access on the server, though.

[Rhapsody]

FYI the override that Nemo developed for Prestashop in my post above has worked very well to stop spam messages on the contact form and is running on 3 shops with 1.1.x bleeding edge.  It stopped the qq dot com spam and others I was getting such as talkwithlead dot com.  I filter all .ru and .cn emails since on my shops there is no chance for legitimate traffic.  It also allows capturing key words to filter and kill such as the current list I occasionally edit in the override:

            $banned_in_email = ['.ru', 'qq.com', '.vn', 'talkwithlead.com', 'talkwithwebvisitor.com', '.club', '.cn', 'arteseo.co'];
            $banned_content = ['email marketing', 'quotation', 'SEO', 'advertising', 'Clicks', 'Guaranteed', 'diet', 'sex', 'prices', 'unlimited', 'medical'];
 

[AndyC]

mmmmmm weird .. Thought I would try send a message without ticking the box (yes I should have checked yesterday) and it still sends a message.. Works fine OK create and edit and log in brings up a error message.. TB's module

Edited May 12, 2020 by AndyC

[datakick]

1 minute ago, AndyC said:

mmmmmm weird .. Thought I would try send a message without ticking the box (yes I should have checked yesterday) and it still sends a message.. Works fine OK create and edit and log in brings up a error message.. TB's module

I'm sorry, but this is impossible to understand 🙂 At least for me. Could you please re-phrase it?

 

[AndyC]

I've chosen tick box on google captcha ..on messages it still sends if I do not tick the google captch box when it should fail

 

[the.rampage.rado]

Do you have the latest version of recaptcha? Because all of them except the latest one had this bug where the user/bot did not need to check the box if BO settings of the module if you use the 'Login atempts' (it has to be 0)

The working version is 1.1.2. If you have it but it's still not working - please uninstall and delete the module folder (if present) then reinstall.

It stopped all spam from contact forms in all of my TB sites.

Edited May 12, 2020 by the.rampage.rado

[AndyC]

I had 1.1.2 already but downloaded a fresh copy in tried again with same result. ..Also just double checked to make sure I had removed code from old captcha from contact form

 

 

[the.rampage.rado]

Can you screenshot the settings of the module?
 

[datakick]

also, check that the ContactController override is installed. 

[AndyC]

8 minutes ago, the.rampage.rado said:

Can you screenshot the settings of the module?
 

Here we go ... Can't upload here so had to have a work around

https://ibb.co/CnFhQvF
https://ibb.co/54jYWRw

[datakick]

3 minutes ago, AndyC said:

Here we go ... Can't upload here so had to have a work around

https://ibb.co/CnFhQvF
https://ibb.co/54jYWRw

Looks ok. Please check the override.

On a totally unrelated note -- the image upload functionality should work again in the forum. Could you please check and confirm?

[the.rampage.rado]

That's strange! Can you have some other override from prior captcha modules?

[AndyC]

I have checked the other I was using and the snippet has definitely been removed from the contact form 

@datakick , yes image upload is working again

 

Apart from the standard tb stuff on every page this is what is in my form now ...mostly to stop qq.com and it's working as not received any since installing

I did remove some other stuff here in regards to the other module as well

class ContactController extends ContactControllerCore
{
    public function postProcess()
    {
        if(Tools::isSubmit('submitMessage')) {
 
            $message = Tools::getValue('message');
            $from = Tools::getValue('from');
 
            $banned_in_email = ['.ru', 'qq.com', '.vn', 'talkwithlead.com', 'talkwithwebvisitor.com', '.club', '.cn', 'arteseo.co'];
            $banned_content = ['email marketing', 'quotation', 'SEO', 'advertising', 'Clicks', 'Guaranteed', 'diet', 'sex', 'unlimited', 'medical'];
 
            foreach ($banned_in_email as $string) {
                if(strstr($from, $string))
                    $this->errors[] = Tools::displayError('This email address is not allowed');
            }
 
            foreach ($banned_content as $string) {
                if(strstr($message, $string))
                    $this->errors[] = Tools::displayError('Invalid Content');
            }
        }
        parent::postProcess();
    }

 

Edited May 12, 2020 by AndyC

[datakick]

If you have this override already installed, then installation of override from nocaptcharecaptcha will fail. That's because both overrides target the same method, and it's not possible to automatically merge the code. 

The good news (for tb developers at least) is that the module works correctly. The bad news is that it should report the failure of override installation -- that should be fixed. 

 

[AndyC]

what should be in contact over ride ... I installed on another site and all I got there was

<?php

class ContactController extends ContactControllerCore
{
}

 

[datakick]

31 minutes ago, AndyC said:

what should be in contact over ride ... I installed on another site and all I got there was

 

This module uses optional overrides, which means override is not installed during module installation. Instead, it's installed on demand when you toggle on the Contact form button in module settings. 

The resulting override file should contain these lines

[AndyC]

So sorry I was looking in root overrides.. Yes it contains those lines datakick 

[datakick]

8 hours ago, AndyC said:

So sorry I was looking in root overrides.. Yes it contains those lines datakick 

I don't know what that mean, root overrides.

The only location that thirtybees loads overrides from is

<root>/override/...

Does the file

<root>/override/controllers/front/ContactController.php 

contain the lines above? If so, then the module should work. Unless you have disabled overrides in your back office performance settings.

Another common reasons why overrides don't work is old file 

cache/class_index.php

In this file, thirtybees track information about all installed overrides files. Sometimes, this file get out of sync with reality (especially when you edit overrides manually)