XF 2.2 Block 'username validation' from contact form?

[frm]

I'm unsure if this is the intended result or not, but I have had a significant uptick in bots sending from specific username formats. Since they aren't registered, I figured I could set 'disallowed text in usernames' to include a string and/or have a regex for it.

However, these guests are still persistent; and with testing by me, it still allowed this username to send in a contact.

One would expect that it would check for disallowed usernames and reject the submission, but it doesn't seem to operate that way.

Unsure if this is a bug or if it's designed to allow any username in that field. If the latter, I'd like to see how others are handling the spam messages from there.

 

[TPerry]

Unsure if this is a bug or if it's designed to allow any username in that field. If the latter, I'd like to see how others are handling the spam messages from there.

By chance, are you using Askimet? I get contact spam sent, and Askimet has done a really decent job of filtering it out.

 

[djbaxter]

@Ozzy47 has a suite of antispam tools you might want to look at. They're not cheap but they work well. One of them is specifically for contact form spam.