Contact Us form Spam

[catsma_97504]

I finally found time to step through all the addons and upgrades to get my store running 1.5.4. Everything is working great, however, I am now getting inundated with spam from the Contact Us form.

Changed the template pointer to use the built-in form; however, this isn't helping. After poking around this forum for a couple of hours, I've decided to change the default email subject line to verify this form is actually being used. Time will tell with the next few submissions.

Any other ideas on how to stop this garbage? I've overlooked important emails because of all the Contact Us spam.

[mc12345678]

In times past the biggest issue is that the template offered a menu option to "quick" fill the contact us information and process through the contact us header... That form typically did not include the honey-pot... Add to it, users wrongly thought that if they used css to hide the form that it wouldn't be available to bots...

The other thing is that it may be (and I've heard a similar story) that previously something was happening, but the store owner didn't know about it. Now with the increase in security, the store owner is the recipient of all the spam instead of someone else or something else happening...

(Heard before, I didn't have this spam when I was on the old version and it only started once I upgraded...)

A link to the site in question would help to provide additional guidance...

Other "philosophies" adopted have been to gather the information on the first page, then pass that on to a second page where I think another honey pot was and it required selecting the submit/accept button... Kind of a two part review of submission that worked for some of the heavier hit sites...

Also what template is/was being used?

[catsma_97504]

My store is found at store.everythingaquatic.net.

Template was and still is Preston Elite from Picaflor Azul, although I am considering other templates since this one doesn't support mobile options. As I already stated I dumped the megaheader contact form and replaced it with a link to the built-in Zen Cart form.

Thank you for your time and suggestions.

[mc12345678]

My store is found at store.everythingaquatic.net.

Template was and still is Preston Elite from Picaflor Azul, although I am considering other templates since this one doesn't support mobile options. As I already stated I dumped the megaheader contact form and replaced it with a link to the built-in Zen Cart form.

Thank you for your time and suggestions.

Well whatever was done about the "mega menu", was incomplete.. Went to home page, view source of page and found the following contact_us information which is likely a primary source of your spam:

I've removed all reference to zenid and the scrambled code representing the security token.

Code:

<li class="contactus-li right"><a href="index.php?main_page=contact_us">Contact Us</a></li>

<!--        <li class="contactus-li right"><a href="http://store.everythingaquatic.net/contact_us" class="drop">Contact Us</a><!-- bof contact form -->
                       
            <div class="dropdown_2columns">
                
                <div class="col_2 firstcolumn">
                    <h2>Have a Question?</h2>
                    <p>Your short message goes here.            </p>
                   
                     <div id="contact_form">
                    
                        <div class="message">
                            <div id="alert"></div>
                        </div>
                        <form name="contact_us" action="http://store.everythingaquatic.net/contact_us?action=send" method="post"><input type="hidden" name="securityToken" value="" />                        
                            <label for="contactname">Name<span class="required"> *</span></label>
                            <input name="contactname" type="text" id="contactname" size="30" value=""  /> 
                            
                            <br class="clearBoth" />
                            <label for="email">Email<span class="required"> *</span></label>
                            <input name="email" type="text" id="email" size="30" value="" />
                            
                            <br class="clearBoth" />
                            <label for="enquiry">Message<span class="required"> *</span></label>
                            <textarea name="enquiry" cols="40" rows="3"  id="enquiry"></textarea>
                                
                                
                            <div class="form_buttons">
                            <input type="submit" class="button" id="submit" value="Submit" />
                            </div>
                        
                        
                        </form>
                    
                    </div>

                </div>
            
            </div>
              
        </li><!-- eof contact form -->

[mc12345678]

My store is found at store.everythingaquatic.net.

Template was and still is Preston Elite from Picaflor Azul, although I am considering other templates since this one doesn't support mobile options. As I already stated I dumped the megaheader contact form and replaced it with a link to the built-in Zen Cart form.

Thank you for your time and suggestions.

It could be made responsive if 1) there is not already a responsive equivalent in the downloads or 2) apply the responsive template add-in which will make it mobile friendly.

[catsma_97504]

Thanks for pointing that out. I've found the code and deleted it. Hopefully that will put an end to this madness!