You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
NOTE: This post was created on 2022-12-18 on the Kryptronic eCommerce Community facebook page, which has been replaced with this forum. All facebook support content was migrated into this forum in April 2024.
Graham:
I'm getting a tedious spammer constantly sending me their junk via the Contact Form on my site.
Obviously the Captcha isn't stopping them, but they keep using the same email address.
I want to add a bit of code that says "If email address is XYZ then..." and either skip past the bit where it sends the contact message via my email address or (perhaps) just put up page with a message saying their message is rejected.
Anyone know how I could do this and where?
Rob:
Who’s the email hosted by? If it‘s your own domain, you may be able to add a rule in the email set up to bin any emails for the address. Or, if you can get the IP address, you can just ban the IP address in .htaccess. You can ban IP ranges or whole countries. To prevent a recent spam issue from one source, I just banned all Russian IP addresses and it virtually stopped.
Graham:
They're using a fake gmail address (it bounced when I tried to reply once).
What I want to do is to intercept the sending of the message if someone uses that email in the Contact form and do something else instead.
Kryptronic:
Rob had a great suggestion for banning the IP with the .htaccess file. You can also ban IPs within the software. Settings are in System / Component / Settings / Security.
Rob:
In the CORE_Mail.php file there is a check_address function which is run when a contact form is submitted to check the email address. You could probably just change the first line from "if (empty($address)) " to "if (empty($address)||$address=='dodgy@gmail.com')". Obviously use your own email address first and test it. This is a hack and would be overwritten in any update.
Graham:
Thanks, I'll take a look at that.
Graham:
If I changed the code like below, would that work?
if ($address=='dodgy@gmail.com') {
$message = "Message rejected due to spam";
$result = $this->RaiseError($message);
if ($this->debug) {$this->debugger("check_address: {$message}");}
return $result;
} // End of if statement.
Rob:
Should do, but you wouldn't want to change the current code. You could add that block of code before the if(empty($address))... The only difference would be the message in the debug if you had that enabled, which you wouldn't. The $message wouldn't be displayed frontend.
Graham:
Yes, sorry, I meant to copy and edit the code so I could add it as a separate check.
Rob:
If you wanted a message displayed frontend, you would need to edit CORE_Frontend/ext/contact.php to check for the email address and return with an error message. Not sure if you want to display an error message frontend as the spammer would then just use a different address. Better just to stop the message being sent and spammer not knowing it had failed.
Graham:
Good point, although it's tempting to have "F*** Off Spammer!" appear in big flashing red letters! 🤣
Offline