Zencart requires that a user be logged in to use the Contact Us form, so far as I know. That should stop most people. Are you having a problem with it?
It puts those admittedly annoying letters to type in before you submit a request. Annoying but necessary these days and this one at least provides readable letters every time.
I just started having this problem. I thought about adding one of the captchas, but I'm blind and despise the things, especially those that have no audio. If they have no audio, people with disabilites can not use them.
Zencart requires that a user be logged in to use the Contact Us form, so far as I know. That should stop most people. Are you having a problem with it?
Are you sure about this? I can submit a message via the Contact Us form without being logged in. I am a new user using 1.3.8a.
Is there a way to set a flag so that a user must be logged in?
i really don't want to add a captcha. i just want to prevent URL spam at this point and am trying to add something like the following to the tpl_contact_us_default.php file, but cannot get it to work. anyone have any ideas on how to make it work? here is the code:
<?php
$SpamErrorMessage = "No Website URLs permitted";
if (preg_match("/http/i", "$contactname")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$enquiry")) {echo "$SpamErrorMessage"; exit();}
?>
I'd love to find a way to prevent all those "we'll enter your products for you" and "we'll drive new customers to your site" emails, but captcha won't help because they don't appear to be generated automatically. I could be wrong. If anyone has any ideas, I'd love to hear them.
I put a regular old hand-coded contact form into an ez-page. The processing script is in an outside folder but the confirmation gets routed back to a Thank You ez-page. No captcha/verification and never any spam.
I've always had the same results putting forms into databases - never any spam.
At least by bots. Occasionally, I'll get the human-advertisements but that couldn't be avoided even with captcha.
I don't know whether that's a possibility for you...
started getting a lot of spam recently via my "contact us" form. looked all over this forum and did not find a decent solution, so i started googling around.. Found this site:
nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/
and was able to get their solutions working with zen cart.
here are the changes that i had to make:
file: /store/includes/templates/your_template/templates/tpl_contact_us_default.php
need to add the invisible label and input field to the contact us form.
old code:
[PHP]<fieldset id="contactUsForm">[/PHP]
new code:
[PHP]
<fieldset id="contactUsForm">
<label class="inputLabel" style="display:none;" >Leave this empty:</label>
<input name="url" style="display:none;" />
[/PHP]
file: /store/includes/modules/pages/contact_us/header.php
need to check if this invisible url input field in the form has been filled out. Only send the message if the hidden field is blank.
new code:
[PHP]
// Send message
// if the url field is not set or set and is empty
if( !isset($_POST['url']) || ((isset($_POST['url']) && $_POST['url'] == ''))){
zen_mail($send_to_name, $send_to_email, EMAIL_SUBJECT, $text_message, $name, $email_address, $html_msg,'contact_us');
}
[/PHP]
made the change last night and so far i didn't get any spam messages, so this solution seems to work (i was getting about 20 per night lately).
good luck.
I followed these instructions but i noticed that the spam messages keep coming in. I am using 1.5.5 version of zencart. Is the process supposed to be different with this version?
The thread goes back many years, and the latest versions of ZC have a "hidden field" in the Contact-Us code. Bots will try to fill in this hidden field, and when they do, the code prevents form submission. This stops a lot of bot spam.
However... some bots are now written to find the code in ZC that relates to that hidden field, and they skip that field - resulting in successful form submission. There are ways to "re name" that hidden field, and doing so will stop the bots again.
There is a new discussion about this on the forum. Do a forum search for should_be_empty .
Bear in mind that many spam organisations have armies of people manually using website contact pages. The only way to stop (much) of this is to use Cpanel IP-Deny and to list the rouge's IP addresses in the htaccess file.
You can also build filters in Cpanel mail settings that recognise common spam words (we filter out anything with Russian (AKA Cyrillic) or Chinese characters in it and any message containing Chinese or Cyrillic get deleted automatically at server level).
Be careful of filtering using words that legitimate senders may use... You will block them as well.
Moderation
Destination thread ID and reason are required when shown.
Report Post
Tell staff why this post should be reviewed.
Manage cookie preferences
Our cookie policy has been updated, so we need you to review your preferences and consent again.