Trouble with spammers accessing Contact link

[PhilTaylor-Prazgod]

spammers are sending AUTOMATED emails through my Joomla 3.8 sites using a form captcha doesn't seem to work on.

I do not believe you. I believe the code. Facts are facts. If the Google reCaptcha is set up correctly then the form cannot be used to spam.

Clients are complaining (and asking, "Why don't we switch to Wordpress?"), so I'm just trying to fix the problem.

Your problem not Joomla's.

At my host, InMotion Hosting, advanced support has resorted to using htaccess to block certain links which don't even exist in our pathing structure(!)

Yes, pathetic webhosts like to do pathetic things.

Since I have about 80 active sites, rewriting htaccess every time we find this happening seems clumsy and heavy handed to me.

Then CORRECTLY set up your sites with Google reCaptcha version 2.x

So, back to a solution. Any other ideas anyone?

So have you stopped blaming Joomla for being vulnerable?

If you can PROVE that you have set up Google Recaptcha v2 correctly in your Joomla site, and you can PROVE that spammers are submitting that form, and passing the captcha, then I would be interested. However. I have investigated several of these today across many webhosts and many sites, and the traffic is all the same, and the solution, - well you dont like it, but is to set up the CAPTCHA correctly. As soon as that is done the traffic continues, but the form submissions are abandoned as they do not pass validation. I have repeated this on many sites on many servers globally in the last 24 hours. Facts.

[PhilTaylor-Prazgod]

You might also want to fix your incompatible template which is incompatible with the version of Joomla you have upgraded to.

This is leaking information (Information Disclosure) on every 404 page...

EG:
https://www.hummersportspark.com/radsasdfasdf

Warning: require_once(/home/[redacted]/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home/[redacted]/public_html/templates/gantry/error.php on line 85

[PhilTaylor-Prazgod]

You might also want to remove the sample data from your database manually - as at the moment your site is polluted with that too

https://www.hummersportspark.com/compon ... Itemid=435

[brian]

The problem as Phil has stated is that you have not deleted the sample test data.

That is why you have core joomla contacts, newsfeeds, weblinks on your site

Just because you dont have a menu link to something doesnt mean that a published item can not be loaded.

To start with your search box will reveal the sample data

And going to index.php?option=com_newsfeeds or index.php?option=com_contacts or index.php?option=com_weblinks will display any of that PUBLISHED sample data

So I am betting 100% that as I can see you are breezing forms for your contact form you forgot to unpublish/delete the sample data for the contacts as well and did not have capthca enabled on that component.

Finally if you check the links on your site that google has indexed you will see that google has indexed that sample data. So it can easily be found by anyone that way. (Not even commenting about duplicate content and SEO penalties).

[umbrellax2]

Brian,

Thank you for your constructive comments. I have done through and deleted the sample data (all I could find anyway). Not sure this will help with the spammer issue.

This may be unrelated, but can you tell me why I get this error on any non-existing link like http://www.HummerSportsPark.com/junk

Warning: require_once(/home/kupdaxqu/public_html/libraries/joomla/document/html/renderer/head.php): failed to open stream: No such file or directory in /home/kupdaxqu/public_html/templates/gantry/error.php on line 85

We are seeing this on a few of our sites. We use Gantry Template and Gantry 4 (both compatible with Joomla 3.8 I believe).

[brian]

It is as Phil said - you are using an old version of gantry. Version 4 is very old and you need to upgrade that http://gantry.org/downloads

You still have to delete the sample contacts
https://www.hummersportspark.com/compon ... Itemid=435

[mandville]

Clients are complaining (and asking, "Why don't we switch to Wordpress?"), so I'm just trying to fix the problem.

https://www.google.com/search?q=contact ... +wordpress

So, back to a solution. Any other ideas anyone?

disable send copy
compare send copy enabled with disabled
compare captcha on the above
use another contact form.

[brian]

@mandville the problem was that they were NOT using the core contact form. They are using breezing forms. Captcha is setup on breezing forms but not on the core contact form and there were sample contact pages still accessible.

[mandville]

thanks, got that from your posts which crossed with mine.

[umbrellax2]

Brian,

According to Rockettheme, Gantry 4 IS compatible with Joomla 3.8.

http://www.rockettheme.com/joomla-templ ... ity-matrix

(NOTE: I have deleted all the contact categories now - I had to rename them or it wouldn't delete them.)

But back to my question, any ideas on the error on missing links? I found a solution a while back, but now it's eluding me. ;-)

Thanks again!

[PhilTaylor-Prazgod]

Your TEMPLATE is not compatible.

Just DELETE the line that attempts to include

libraries/joomla/document/html/renderer/head.php

on line 85 of the file /templates/gantry/error.php

Simple.

[umbrellax2]

Phil,

Thank you. I finally did find the Rockettheme post on this.

http://www.rockettheme.com/forum/gantry ... rror-pages

Apparently they have updated all their templates EXCEPT the one we use, the Gantry 4 Base Template, which I assumed *wrongly* would be the most future-compatible.

I will again attempt to get reCaptcha working on that site, turn off the htaccess block to the link and see if it still allows spammer access.

[favdes]

We are having problems with spammers appearing to send messages through our Joomla sites as well. Has anyone come up with a solution yet?

We're just testing the removing the default contacts from each installation and things look good so far.

[umbrellax2]

We turned the Contacts Form off completely on all of our sites with this issue (Contacts/Options at the top right). Never used that form on any of the 120+ Joomla sites we've built. ;-)

To us, it is just another sneaky way to send spam emails if you haven't setup reCaptcha v2 specifically for Contacts.

[brian]

Hopefully you will check all those sites to make sure you don't have sample content still published on them as well

[umbrellax2]

Brian, I have checked about 15 sites now, only that one and one other had demo content. We'll keep an eye out. Thanks.