Spam in email forms

[jamina1]

All of a sudden, our site is being innundated with spam mails through our "request quote" page.

Is there any way we can stop this from happening?

[cowboyfred]

I am starting to get some of them also.

[schoolboy]

Try using a CAPTCHA feature (see the downloads).

Make sure you do not put your e-mail address into the html/php code anywhere on your site.

[DrByte]

The contact-us page built-in to Zen Cart is designed to not allow people to submit inquiries unless they're logged in to an account. This at least deters a majority of spambots.

You might try customizing your request-quote page to operate similarly.

[cowboyfred]

thanks guys. working on installing a Captcha now.

[chansuresh]

I tested the contact us form and am able to send an email without logging in as a customer. Can someone point to me if there is a place in admin where this option is turned on/off. Or please point me to the code that prevents unauthorized emails -- perhaps I deleted it by mistake during customization.

I am currently not having spam in the Contact Us page, but from the home page where I put in some links to forms for "suggest a product". Before I install Captcha, can someone tell me if this is specific to "Contact Us" or can be used anywhere on the site and for all contact forms.

Thanks Much

[DrByte]

The contact-us page built-in to Zen Cart is designed to not allow people to submit inquiries unless they're logged in to an account. This at least deters a majority of spambots.

You might try customizing your request-quote page to operate similarly.

I must correct my prior statement.

The Contact Us page does not restrict comments from being submitted by non-logged-in-customers.
However, the Tell-A-Friend page/form *does* do this restriction if the switch is enabled in the admin area (and is enabled by default).

[tlyczko]

Two questions:

1) Which of the four (4) captcha options in the downloads section is the most easily installed??

2) Doesn't ZC have any form validation included in the contact and other forms?? If not, how does one include form validation??

Thank you, Tom

[Website Rob]

1) It's a good question to ask about various Captcha scripts and which one works best, with Zen Cart or otherwise. I'm not familiar with the Cpatcha mods for Zen Cart but testing must be done with any Captcha script; many are easily circumvented.

2) The Spam problem mentioned in this thread is not a problem with validation but more so with field input / checking. Zen Cart allows for sending Admin eMails for example, to more than one address. Although this requires the use and availability of CC & BCC, the code for certain pages (Contact & Tell a Friend) could be rewritten to not include those eMail features.

OR

Go with a Hoster that has Spam prevention of any Form already setup. Ask your Hoster if they provide that Service within their Firewall script.

<comment>
Speaking of which, tried to include code a Hoster could use within their Firewall but came up against either; the Firewall settings for the Server that hosts this Forum or protection within the vBullten script itself. One of them prevents the use of BCC code on a Forum Web page. Good to know.
</comment>


At one time it was quite the rage for Spammers to search the Web for Forms that allowed sending eMails using BCC but were insecure to the point where Spammers could use them to send their Spam. Spammers loved it. They are left blameless whilst the account Owner / Hoster takes the hit for sending Spam because it "did" come from their account / Server.

Sounds like Spammers are still doing it.

[tlyczko]

Website Rob,

Your comments are good ones, but ZC's form processing leaves something to be desired if the end users have to do the anti-spam work.

At the very least, the built-in form validation could be: 1) no blank fields; 2) no HTML of any kind; 3) only valid characters (not worry about format, just prevent characters that would be invalid for a particular kind of field, such as no colons in an email, for example, or no semicolons in a name field.

I will try to check if my hosting has any spam control; unfortunately their support has deteriorated in the past year, time will tell.

Thank you, Tom