"Contact Us" Spam

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
jbarr
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Mon Aug 29, 2005 6:40 pm

"Contact Us" Spam

Post by jbarr » Tue Feb 20, 2007 9:05 pm

Beginning 17-Feb-2007, I've been receiving spam messages from my "Contact Us" form. They are mostly innocuous, and the return email addresses are sometimes bogus. Obviously, I have to just "trash" these instead of marking them as spam (don't want my REAL feedback to be marked as spam.) It's not that annoying yet, but this could definitely become problematic if it increases too much.

I have seen "captcha" solutions mentioned elsewhere to help combat this, and they seem to be viable.

What are your experiences with this, and how do you suggest combating this?

dragonrider
Joomla! Ace
Joomla! Ace
Posts: 1070
Joined: Mon Aug 22, 2005 7:53 pm
Location: Ilkley, West Yorkshire, UK
Contact:

Re: "Contact Us" Spam

Post by dragonrider » Tue Feb 20, 2007 9:13 pm

I ended up having to write my own code, complete with CAPTCHA that worked on my Server launched from a get in touch link/page and with a random page name.

Also added a few bits of code to strip any html code out, just in case. So far, so good!

User avatar
Beat
Joomla! Guru
Joomla! Guru
Posts: 844
Joined: Thu Aug 18, 2005 8:53 am
Location: Switzerland
Contact:

Re: "Contact Us" Spam

Post by Beat » Tue Feb 20, 2007 9:25 pm

As there has been demand to extend Community Builder Captcha plugin for the joomla contact form, i checked if there were events generated in Joomla 1.0.12 core for a Joomla plugin, but no luck: no events available to add such a function cleanly to core Joomla 1.0.12...

Didn't check yet in Joomla 1.5, but as i understand there should be such a possibility.

(btw: Spam in CB installs has become such an anoyance that we decided to include this plugin into next cb version)...

I think there is a component on extensions site which patches joomla for this, but i don't recommend patches for security reactivity reasons.
Beat 8)
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team

pearlyred
Joomla! Intern
Joomla! Intern
Posts: 72
Joined: Sat Jan 06, 2007 8:58 am

Re: "Contact Us" Spam

Post by pearlyred » Thu Feb 22, 2007 6:31 am

Hi Beat!

Which parts of the CB install seem to be attracting so much spam?  I've recently installed it onto our site, but haven't made it live yet so haven't been exposed to it yet...

PR

jbarr
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Mon Aug 29, 2005 6:40 pm

Re: "Contact Us" Spam

Post by jbarr » Thu Feb 22, 2007 1:36 pm

Without having to install CB (I have no need for it) is there any other solution (maybe a "Contact Us" replacement that includes Captcha?

User avatar
FerretLife
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 157
Joined: Thu Aug 25, 2005 8:35 pm

Re: "Contact Us" Spam

Post by FerretLife » Thu Mar 01, 2007 5:48 pm

pearlyred wrote: Hi Beat!

Which parts of the CB install seem to be attracting so much spam?  I've recently installed it onto our site, but haven't made it live yet so haven't been exposed to it yet...

PR
One of my sites gets spam through the contact form daily. Annoying. I have tried the form component that Beat spoke of and could not get it to work or look right.

I do have Community Builder installed on that site, and had been getting "spam" registrations, almost daily. I installed their Captcha plugin, worked great!

Now if someone can just work some magic on the Contact Form Component!

User avatar
Beat
Joomla! Guru
Joomla! Guru
Posts: 844
Joined: Thu Aug 18, 2005 8:53 am
Location: Switzerland
Contact:

Re: "Contact Us" Spam

Post by Beat » Fri Mar 02, 2007 8:23 pm

pearlyred wrote: Hi Beat!

Which parts of the CB install seem to be attracting so much spam?  I've recently installed it onto our site, but haven't made it live yet so haven't been exposed to it yet...

PR
It's mainly registrations which attracted "spams", a poor trial to get noticed by spammers, as usually site admins delete such registrations anyway. CB 1.0.2 included a few anti-spam measures without hitting accessibility, which slowed down the amounts of spam for a few months, before bots "learned". Captcha plugin is an intermediate measure. Next CB release will include even more sophisticated anti-spam measures.
Beat 8)
www.joomlapolis.com <= Community Builder + CBSubs Joomla membership payment system - team
hosting.joomlapolis.com <= Joomla! Hosting, by the CB Team

pearlyred
Joomla! Intern
Joomla! Intern
Posts: 72
Joined: Sat Jan 06, 2007 8:58 am

Re: "Contact Us" Spam

Post by pearlyred » Sat Mar 03, 2007 10:29 pm

Ah ok.  When I go live I'll probably include something like the myVIPcode mod for phpBB on the registration page.  I used it on my phpbb install and spam registrations went from about 50 a month to about 2 per month, not bad :)  I'm not all that keen on captcha's.

User avatar
muddauber
Joomla! Ace
Joomla! Ace
Posts: 1618
Joined: Thu Jun 08, 2006 11:26 pm

Re: "Contact Us" Spam

Post by muddauber » Wed Apr 25, 2007 6:10 pm

Here's some more info from the HoneyPot Project.
I've kept up with them and have a server as a honeypot.
This could be helpful to the Joomla Community:

Monday, QuickLinks helped more people get involved with Project Honey Pot.
Tuesday, we announced we'd begun tracking a new online menace: Comment
Spammers. Today we make good on a promise we made when we first launched
Project Honey Pot more than two years ago: helping you stop spammers before
they even get your email address. In other words, today we launch http:BL.

In short, http:BL is a system where website owners can query Project Honey
Pot's data in order to determine whether a visitor to their site is a known
bad guy. If so, the visitor can be blocked, routed to a CAPTCHA or other
test, or sent directly to a honey pot. The system tracks search engines,
suspicious IPs, known harvesters, and known comment spammers through
Project Honey Pot's vast network of traps installed on websites in over 100
countries around the world. It returns the power over who is allowed onto a
website to the website's owner.

Learn more at:

http://www.projecthoneypot.org/5days_wednesday.php

Built around the existing DNS infrastructure, http:BL takes its inspiration
from traditional DNSBLs -- such as Spamhaus and SURBL -- that have been
used successfully to stop known spammers from connecting to mail servers.
Http:BL extends this same power to website administrators. The basic system
is free and, starting today, it is open to every active member of Project
Honey Pot.

Kenio
Joomla! Apprentice
Joomla! Apprentice
Posts: 28
Joined: Thu Jan 19, 2006 5:49 am
Location: Valencia - Venezuela
Contact:

Re: "Contact Us" Spam

Post by Kenio » Mon May 14, 2007 8:10 pm

I have no skills with php nor mysql but i am really upset about comment spammers at my forum...

I was looking for a solution and found Bad Bevaiour for Joomla!:
http://extensions.joomla.org/component/ ... Itemid,35/

It works pretty fine but its database is not up to date so a few spammers get my forums.

I did continue my search and found Project Honey Pot:
http://www.projecthoneypot.org

Obviously, it looks like a final solution but i have not experiencie to code a bot for joomla.

Finally, totally freak with the spam, I decided to try including some lines to my INDEX.PHP and amazing it works.

I copy and paste the lines i put at the very top of my index.php in order to pray for help to get those lines into a proper structure for a mambot:
----------
// My http:BL key
$apikey = 'YOUshouldPUTyourOWNkeyHERE';

// IP to test : your visitor's
$ip = $_SERVER['REMOTE_ADDR'];

// build the lookup DNS query
// Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpbl.org'
$lookup = $apikey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org';

// check query response
$result = explode( '.', gethostbyname($lookup));

if ($result[0] == 127) {
    // query successful !
    $activity = $result[1];
    $threat = $result[2];
    $type = $result[3];
   
    if ($type & 0) $typemeaning .= 'Search Engine, ';
    if ($type & 1) $typemeaning .= 'Suspicious, ';
    if ($type & 2) {
$typemeaning .= 'Harvester, ';
$kurl="http://www.inosanchez.com/stopspam.php";
header("location:$kurl"); }
    if ($type & 4) {
$typemeaning .= 'Comment Spammer, ';
$kurl="http://www.inosanchez.com/stopspam.php";
header("location:$kurl"); }
    $typemeaning = trim($typemeaning,', ');
}
----------
The only thing you need is a Honey Pot Key, don't worry it is free, and you can get it from:
http://www.projecthoneypot.org/httpbl.php

Those lines are working great but i'm totally sure they should not be placed like i did nor where i did.

Any guides or help to make a bridge of Honey Pot with Joomla! will be really apreciatted.

Thanks in advance for your help.
LA967.NET
WEB RADIO

dbuch
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Fri Sep 16, 2005 2:48 pm

Re: "Contact Us" Spam

Post by dbuch » Thu May 24, 2007 7:55 pm

I found a number of different ways to use honeypot but did not see any mention of adding this code in pages. Where did you find this and what is it doing exactly?

David

Kenio
Joomla! Apprentice
Joomla! Apprentice
Posts: 28
Joined: Thu Jan 19, 2006 5:49 am
Location: Valencia - Venezuela
Contact:

Re: "Contact Us" Spam

Post by Kenio » Fri May 25, 2007 6:11 am

When you add this code into index.php it will search for your visitors IPs at Honey Pot Database, if it finds a match as Harvester or Comment Spammer it should redirect the visitor to a Honey Pot Trap. Actually, i added a few more lines to caught even suspicious IPs.  It works, but i know this is not the right way to get Honey Pot into Joomla.  A mambot will be the right solution but I have no skills to develope it.

I found the info for those lines at http://www.projecthoneypot.org/httpbl_api.php

Any help to get those lines into a mambot will be very helpfull.
LA967.NET
WEB RADIO

dbuch
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Fri Sep 16, 2005 2:48 pm

Re: "Contact Us" Spam

Post by dbuch » Fri May 25, 2007 12:00 pm

So are you running this as well as bad behavior? How successful has this been for you?
David

dbuch
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Fri Sep 16, 2005 2:48 pm

Re: "Contact Us" Spam

Post by dbuch » Fri May 25, 2007 12:17 pm

Hello Kenio,

Your code has links to http://www.inosanchez.com/stopspam.php. Where do I get that file? And how can you tell that it is working?

At the moment i have the aheadoccasional.php in the public html directory and your code in index.php. Should I do both?

David

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: "Contact Us" Spam

Post by toubkal » Fri May 25, 2007 8:22 pm

Obviously this thread has begun to look at some more serious methods of preventing contact form spam, but I thought it worth mentioning that I stopped the vast majority of the spam that I was receiving, simply by adding a few words into the banned words parameter of the contact form menu item parameters.

For those who do not wish to implement a code based solution, it may be worth drawing your attention to the banned word parameter as a very simple first step to try.
Do you want the answer to be as vague as your question?

Kenio
Joomla! Apprentice
Joomla! Apprentice
Posts: 28
Joined: Thu Jan 19, 2006 5:49 am
Location: Valencia - Venezuela
Contact:

Re: "Contact Us" Spam

Post by Kenio » Sat May 26, 2007 1:07 am

dbuch, I was using both:  Honey Pot and Bad Behaviour... I quit Bad Behaviour because it has no way to supervise what it's doing.  You should get into phpMyAdmin to see what Bad Behaviour is banning and i rather not touch anything there to prevent a mess, i just have no skills at all with mysql.

I know Honey Pot is working because you actually can look at http://www.projecthoneypot.org/bsc_X19t ... UmX19ieT0x to see which IPs marked as Comment Spammers were caught in my trap and http://www.projecthoneypot.org/bsh_X19t ... UmX19ieT0x for Recent Harvesters caught.

http://www.inosanchez.com/stopspam.php is my trap, is a file that Honey Pot creates for each website in order to detect spiders or bots trying to spam your site.  You can create your own trap at http://www.projecthoneypot.org/manage_honey_pots.php

Just remember, in case you want to ad those lines to your index.php you must replace your own key at:
$apikey = 'YOUshouldPUTyourOWNkeyHERE';
You can get your own key at:  http://www.projecthoneypot.org/httpbl_configure.php

You do not need to create your own trap but you must create your own key because sharing of Access Keys with other users is forbidden by the Project Honey Pot Service Agreement.  You can keep the link to my trap or change it to yours.

I sugeest you to create your own honey pot (trap), upload it to your site.  Creates invisible links to your trap (just for spiders not to humans, more info at http://www.projecthoneypot.org/linking_instructions.php ), create your own key and then insert those lines to your index.php

Just take a full tour at http://www.projecthoneypot.org and read, read till death...
LA967.NET
WEB RADIO

User avatar
PakWaan
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Thu Mar 09, 2006 12:38 am
Location: Florida, USA

Re:

Post by PakWaan » Fri May 16, 2008 7:09 pm

I have found that adding the words "http" and "www" in the banned words list for both the banned subject and banned text list eliminated all of the spam - it won't let anyone type in a web address on the contact form, and then it does them no good to send you anything.

User avatar
muddauber
Joomla! Ace
Joomla! Ace
Posts: 1618
Joined: Thu Jun 08, 2006 11:26 pm

Re: Contact Us Spam

Post by muddauber » Fri May 16, 2008 7:48 pm

Great idea PakWaan! And easy to implement. Thanks Kenio on the Honeypot info and links.
I'll check that out.

I know the problem exists and we need to continue to come up with solutions to
make our sites useful and not exploited.
Has it actually given you information that will help you block problems?

wildside
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 199
Joined: Mon Aug 20, 2007 6:46 pm

Re:

Post by wildside » Mon Jul 07, 2008 7:13 am

Hi all,

I found this topic whilst searching for ways to avoid spam to my Joomla! sites through the contact forms. and used the advice to add "http" and "www" to the banned words...

Spam stopped immediately...But... So did all other mail from the contact form.. On checking this I am getting the message "your email contained banned words" every single time even if the banned word is not in the list set in the parameters...

If I remove all the words from the settings and save I can then go to the front end and use the contact form... If there is a word in the banned word area of the contacts parameters then no emails at all are sent... It doesn't seem to matter if the banned word is written in the contact form or not...

Could anyone else confirm this? Right now I have removed my banned word list and am open to spam again...

Clive

User avatar
PakWaan
Joomla! Intern
Joomla! Intern
Posts: 68
Joined: Thu Mar 09, 2006 12:38 am
Location: Florida, USA

Re: Re:

Post by PakWaan » Mon Jul 07, 2008 12:23 pm

wildside wrote: I used the advice to add "http" and "www" to the banned words...Spam stopped immediately...But... So did all other mail from the contact form..
That's strange. It works fine for me on 1.0.15, I get mail from the site almost every day.

Image

wildside
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 199
Joined: Mon Aug 20, 2007 6:46 pm

Re:

Post by wildside » Tue Jul 15, 2008 12:22 pm

Hi all,

Sorry, I am in the wrong board as I am running 1.5.4 version...

Clive


Locked

Return to “Security - 1.0.x”