Contact Us Form Spam

[Alfuzzy]

Hello everyone,

For about the last 1-2 weeks...my site Contact Us form has been getting spammed pretty heavily...when previously we were getting zero Contact Us spam.

I read somewhere that the Xenforo Captcha settings (found in the "User registration" area)...are supposed to protect the Contact Us form as well...just like it does for new registrations. Can anyone confirm this? The Xenforo AdminCP doesn't seem to make this clear.

I'm using Q&A Captcha...and using questions that bots shouldn't be able to answer too easily...but the Contact Us form is still getting spammed a lot.

I know there is a paid-for add-on product to help with Contact Us form spam...but honestly I've been spending a lot on my site lately...and don't have the budget to purchase an additional add-on at the moment.

Is there a free method to add some anti-spam protection for the Contact Us form?

Thanks

 

[MisakiTaro]

There is a paid add-on made by @Ozzy47

[OzzModz] Contact Us Spaminator

Sick and tired of your inbox getting flooded with spam coming from the "Contact Us" system on your xenforo install(s)? You've tried everything and still it persists? You even shut off the "Contact Us" form to guest visitors? You need the...

xenforo.com

 

[Alfuzzy]

There is a paid add-on made by @Ozzy47

[OzzModz] Contact Us Spaminator

Sick and tired of your inbox getting flooded with spam coming from the "Contact Us" system on your xenforo install(s)? You've tried everything and still it persists? You even shut off the "Contact Us" form to guest visitors? You need the...

xenforo.com

Yes I am aware of this (thank you)...I mentioned I was aware of a paid-for add-on in my original post.

Was hoping to find a free solution for Contact Us form spam.

Thanks

 

[MisakiTaro]

Yes I am aware of this (thank you)...I mentioned I was aware of a paid-for add-on in my original post.

Was hoping to find a free solution for Contact Us form spam.

Thanks

You may create a firewall rule form CloudFlare.

 

[Alfuzzy]

You may create a firewall rule form CloudFlare.

Yes with internet searches I came across this possible solution as well. Unfortunately a person needs an account with Cloudflare ($$$) to have the Cloudflare firewall to be able to add firewall rules.

 

[MisakiTaro]

Yes with internet searches I came across this possible solution as well. Unfortunately a person needs an account with Cloudflare ($$$) to have the Cloudflare firewall to be able to add firewall rules.

You can add 3 firewall rules for free.

 

[Alfuzzy]

You can add 3 firewall rules for free.

Yes...you are correct. With the free Cloudflare plan 3 rules are free. This could be a free solution.

I kinda don't want to complicate things with Cloudflare at the moment. I've had an account with a CloudFlare competitor...and life was more complicated with both a CloudFlare firewall & a host server firewall.

Thanks

 

[whynot]

I'm using Q&A Captcha...and using questions that bots shouldn't be able to answer too easily...but the Contact Us form is still getting spammed a lot.

Is there a free method to add some anti-spam protection for the Contact Us form?

Disable your current Q&As, create-activate new ones.

 

[Alfuzzy]

Disable your current Q&As, create-activate new ones.

Thanks for the suggestion. I do this occasionally...I guess I will have to add new Q&A questions.

The other problem is...if dealing with "real humans:...I think it's difficult to block the average human when they have access to the internet...and if they don't know the answer to a question...they can look it up. Plus if the Q&A captcha is too complex for legitimate website visitors...then that makes things a hassle for them.

I know a suggested strategy for Q&A captcha is use Q&A that's specific for the website topic. But still...real human spammers who may not know the answer...can search for the answer via search engines.

Any specific Q&A captcha questions anyone is willing to share that have worked for them would be great...or maybe a general formats for Q&A questions that can be adapted to different websites wold be great as well.

Thanks

 

[whynot]

I know a suggested strategy for Q&A captcha is use Q&A that's specific for the website topic. But still...real human spammers who may not know the answer...can search for the answer via search engines.

Sorry, there is no defense against it.
I search for the answer, find it, contact you.

A bot cannot search easily for the answer.
Human spammer searching for the answer, found it, puts to his bots database and his bot can easily spam you.
Change the Q/A, his bot is dead.

 

[Paul B]

Any specific Q&A captcha questions anyone is willing to share that have worked for them would be great.

That would defeat the purpose.

Use a single question and make it specific to your site.

Otherwise enable hCaptcha.

 

[Alfuzzy]

Otherwise enable hCaptcha.

Thanks Brogan.

Regarding hCaptcha. I'm not seeing that as an option in the Xenforo AdminCP.

All I see are:

• reCAPTCHA v2
• question & answer CAPTCHA
• textCAPTCHA
• Solve Media
• KeyCAPTCHA

Thanks

 

[Paul B]

Ahh, you need to be running the latest version.

 

[Alfuzzy]

Ok...I see. I'm on 2.1...must be a 2.2 feature.

Thanks