Forums / General Questions / prevent people from using contact us for spam

prevent people from using contact us for spam

Results 1 to 18 of 18
30 Mar 2008, 15:22
#1
gsdcypher avatar

gsdcypher

Totally Zenned

Join Date:
Feb 2007
Posts:
816
Plugin Contributions:
0

prevent people from using contact us for spam

What is the best way to prevent people from using the contact us form to send spam?

Thanks.
30 Mar 2008, 16:15
#2
stevesh avatar

stevesh

Black Belt

Join Date:
Feb 2005
Posts:
19,793
Plugin Contributions:
2

Re: prevent people from using contact us for spam

Zencart requires that a user be logged in to use the Contact Us form, so far as I know. That should stop most people. Are you having a problem with it?
30 Mar 2008, 20:38
#3
gsdcypher avatar

gsdcypher

Totally Zenned

Join Date:
Feb 2007
Posts:
816
Plugin Contributions:
0

Re: prevent people from using contact us for spam

Hi,

Yes I've had some spam from my contact us form.

Is there an admin setting to require a user to be logged in to use the contact us form?

I found something in the admin that said "Emails must send from known domain?" and I set that to yes, but I don't know if that helps or not...

Thanks.
31 Mar 2008, 03:26
#4
jeffey avatar

jeffey

Zen Follower

Join Date:
Aug 2006
Posts:
252
Plugin Contributions:
0

Re: prevent people from using contact us for spam

Captcha using TTF & GD mod works great for me.

It puts those admittedly annoying letters to type in before you submit a request. Annoying but necessary these days and this one at least provides readable letters every time.

http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=551
31 Mar 2008, 18:16
#5
saddlebred avatar

saddlebred

Inactive

Join Date:
Nov 2006
Posts:
56
Plugin Contributions:
0

Re: prevent people from using contact us for spam

I just started having this problem. I thought about adding one of the captchas, but I'm blind and despise the things, especially those that have no audio. If they have no audio, people with disabilites can not use them.
11 Apr 2008, 13:33
#6
tech_e avatar

tech_e

Zen Follower

Join Date:
Jan 2007
Posts:
159
Plugin Contributions:
0

Re: prevent people from using contact us for spam

stevesh:

Zencart requires that a user be logged in to use the Contact Us form, so far as I know. That should stop most people. Are you having a problem with it?

Are you sure about this? I can submit a message via the Contact Us form without being logged in. I am a new user using 1.3.8a.

Is there a way to set a flag so that a user must be logged in?
14 Sep 2009, 17:48
#8
jmcqueen avatar

jmcqueen

New Zenner

Join Date:
Oct 2004
Posts:
75
Plugin Contributions:
0

Re: prevent people from using contact us for spam

i really don't want to add a captcha. i just want to prevent URL spam at this point and am trying to add something like the following to the tpl_contact_us_default.php file, but cannot get it to work. anyone have any ideas on how to make it work? here is the code:

<?php
$SpamErrorMessage = "No Website URLs permitted";

if (preg_match("/http/i", "$contactname")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$enquiry")) {echo "$SpamErrorMessage"; exit();}
?>
11 May 2011, 21:08
#9
promofor avatar

promofor

New Zenner

Join Date:
May 2006
Posts:
1
Plugin Contributions:
0

Re: prevent people from using contact us for spam

Try

<?php
$SpamErrorMessage = "No Website URLs permitted";
if (preg_match("/http/i", "$contactname")) {echo $SpamErrorMessage; exit();}
if (preg_match("/http/i", "$email")) {echo $SpamErrorMessage; exit();}
if (preg_match("/http/i", "$enquiry")) {echo $SpamErrorMessage; exit();}
?>
12 May 2011, 12:02
#10
afo avatar

afo

Totally Zenned

Join Date:
Aug 2004
Posts:
6,800
Plugin Contributions:
0

Re: prevent people from using contact us for spam

I'd love to find a way to prevent all those "we'll enter your products for you" and "we'll drive new customers to your site" emails, but captcha won't help because they don't appear to be generated automatically. I could be wrong. If anyone has any ideas, I'd love to hear them.
09 Jul 2011, 02:14
#12
crunch avatar

crunch

Zen Follower

Join Date:
Mar 2009
Posts:
227
Plugin Contributions:
0

Re: prevent people from using contact us for spam

DrByte:

Have you tried FormArmor? http://www.zen-cart.com/index.php?main_page=infopages&pages_id=27


Is Form Armor still supported? I do not see any reference to it on the referenced page. Thanks.
09 Jul 2011, 02:32
#13
wendyandmilo avatar

wendyandmilo

New Zenner

Join Date:
Jan 2010
Posts:
34
Plugin Contributions:
0

Re: prevent people from using contact us for spam

I put a regular old hand-coded contact form into an ez-page. The processing script is in an outside folder but the confirmation gets routed back to a Thank You ez-page. No captcha/verification and never any spam.
I've always had the same results putting forms into databases - never any spam.
At least by bots. Occasionally, I'll get the human-advertisements but that couldn't be avoided even with captcha.

I don't know whether that's a possibility for you...
15 Jun 2012, 17:47
#14
greenhat avatar

greenhat

Zen Follower

Join Date:
May 2007
Posts:
108
Plugin Contributions:
0

Re: prevent people from using contact us for spam

started getting a lot of spam recently via my "contact us" form. looked all over this forum and did not find a decent solution, so i started googling around.. Found this site:
nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/

and was able to get their solutions working with zen cart.
here are the changes that i had to make:

file: /store/includes/templates/your_template/templates/tpl_contact_us_default.php
need to add the invisible label and input field to the contact us form.

old code:
[PHP]<fieldset id="contactUsForm">[/PHP]

new code:
[PHP]
<fieldset id="contactUsForm">
<label class="inputLabel" style="display:none;" >Leave this empty:</label>
<input name="url" style="display:none;" />
[/PHP]


file: /store/includes/modules/pages/contact_us/header.php
need to check if this invisible url input field in the form has been filled out. Only send the message if the hidden field is blank.

old code:
[PHP]
// Send message
zen_mail($send_to_name, $send_to_email, EMAIL_SUBJECT, $text_message, $name, $email_address, $html_msg,'contact_us');
[/PHP]

new code:
[PHP]
// Send message
// if the url field is not set or set and is empty
if( !isset($_POST['url']) || ((isset($_POST['url']) && $_POST['url'] == ''))){
zen_mail($send_to_name, $send_to_email, EMAIL_SUBJECT, $text_message, $name, $email_address, $html_msg,'contact_us');
}
[/PHP]


made the change last night and so far i didn't get any spam messages, so this solution seems to work (i was getting about 20 per night lately).
good luck.
15 Jun 2012, 18:32
#16
greenhat avatar

greenhat

Zen Follower

Join Date:
May 2007
Posts:
108
Plugin Contributions:
0

Re: prevent people from using contact us for spam

ah.. yes.. same thing, i guess.. i wish i found that thread before , would have saved me a couple hours.
25 Mar 2018, 00:00
#17
caroleas avatar

caroleas

Totally Zenned

Join Date:
Feb 2009
Posts:
896
Plugin Contributions:
0

Re: prevent people from using contact us for spam

I followed these instructions but i noticed that the spam messages keep coming in. I am using 1.5.5 version of zencart. Is the process supposed to be different with this version?
01 Apr 2018, 11:37
#18
schoolboy avatar

schoolboy

Totally Zenned

Join Date:
Jun 2005
Posts:
10,324
Plugin Contributions:
0

Re: prevent people from using contact us for spam

The thread goes back many years, and the latest versions of ZC have a "hidden field" in the Contact-Us code. Bots will try to fill in this hidden field, and when they do, the code prevents form submission. This stops a lot of bot spam.

However... some bots are now written to find the code in ZC that relates to that hidden field, and they skip that field - resulting in successful form submission. There are ways to "re name" that hidden field, and doing so will stop the bots again.

[PHP]<?php echo zen_draw_input_field('should_be_empty', '', ' size="40" id="CUAS" style="visibility:hidden; display:none;" autocomplete="off"'); ?>[/PHP].

There is a new discussion about this on the forum. Do a forum search for should_be_empty .

Bear in mind that many spam organisations have armies of people manually using website contact pages. The only way to stop (much) of this is to use Cpanel IP-Deny and to list the rouge's IP addresses in the htaccess file.

You can also build filters in Cpanel mail settings that recognise common spam words (we filter out anything with Russian (AKA Cyrillic) or Chinese characters in it and any message containing Chinese or Cyrillic get deleted automatically at server level).

Be careful of filtering using words that legitimate senders may use... You will block them as well.