User group permission: Force CAPTCHA on Contact Us

DragonByte Tech

Well-known member
Literally the very first Contact Us form submission we received after upgrading to XF2 was a submission calling into question the functionality of my manhood but helpfully offering me links to a place where I could purchase remedies :P

Of course, it is impossible to 100% stop every piece of spam, but I feel like optionally forcing CAPTCHA on the Contact Us form would serve as a bit more of a deterrent for any human manually bypassing captcha, and/or providing an additional chance for the CAPTCHA to correctly identify the current user as a bot, even if they are registered.

I've solved this @ DBTech by adding a small template modification that forces it for all users, but I feel like this would be an useful core feature while taking up minimal development / QA time :)


Fillip
 
Upvote 7
Are you saying someone registered and as a registered member they used the contact form? That’s fairly rare.

The CAPTCHA would have been displayed already if they were in fact a guest.
 
Are you saying someone registered and as a registered member they used the contact form? That’s fairly rare.
I'm not sure, here's the words from the email:
The following message has been sent from JafesCLump <miklefis@yandex.com> (IP: 5.164.230.26) via the contact form at DragonByte Tech | XenForo and vBulletin Mods & Addons.
(I don't think I need to censor the email address since it was a spammer?)

I don't know if the wording is different if the user is a guest vs a member, but there you go anyway. I do know we get the occasional registration that is clearly a human registering in order to manually bypass captcha - at least we did back on vB - so I just think it would be a nice feature to have that members who are not in our Customers user group have to complete the captcha again to use Contact Us.


Fillip
 
We're also experiencing this issue on an XF2 installation - Spammers registering and then using the contact form to spam without the captcha. Super annoying to deal with.
 
Since XF 2.1 we have at least started running the contact form content through the spam checking method we have - if stuff is getting through you may need to look into your anti-spam configuration - Akismet and spam phrases are particularly effective.
 
We're also experiencing this issue on an XF2 installation - Spammers registering and then using the contact form to spam without the captcha. Super annoying to deal with.

Are you still having this issue? How many are you getting a day? Is your contact us form the default XF one, or a custom one?

If it is the default one, would you like to test an XF2 addon that might just solve the bots that are targeting the form?
 
Top Bottom