CalderaWP / Caldera-Forms

Drag and drop, responsive WordPress form builder.
https://CalderaForms.com
GNU General Public License v2.0
188 stars 163 forks source link

Anti-Spam Filter doesn't work properly #1725

Open thomasfrenken opened 7 years ago

thomasfrenken commented 7 years ago

I installed Caldera Forms a few weeks ago to give it a try. I really missed the function to add the Google reCaptcha that I used before. After a quick research on your page if find your statement: "Our default anti-spam is more effective".

Now to the problem: The last two days I received spam mails through the forms. So I'm not sure anymore about the efficiency of your anti-spam code. I know that I don't have the claim to get support as a free user. But I'm sure that you have an interest to make your product better.

Please see here the screenshots of the spam mail I've got through the contact from:

entry12

entry14

You can find the contact form here: http://electrozombies.com/contact/

I would be very grateful to hear from you regarding this topic and find together a solution.

Kind regards, Thomas Frenken

xtiechirinos commented 7 years ago

https://secure.helpscout.net/conversation/389641874/3351/

thomasfrenken commented 7 years ago

Another spam mail came through my contact form.

contact_form_screenshot

presswizards commented 5 years ago

Just a bump here... we tried using the built-in Honeypot field, but we're still receiving a ton of spam emails from the form. I've resorted to installing the Anti-spam plugin that adds back in Google reCaptcha, and spam has stopped. Please consider readding reCaptcha v3 or Invisible v2, it is much more reliable it seems.

JeePeeNL commented 5 years ago

And another bump here. I also started to receive a lot of spam, despite the honeypot being enabled.

I tried a create my own honeypot or spamfilter by:

1) Adding a hidden field that disables the submit button if something is entered. So if it is a bot that works on the code level rather then the actual visible form, it would still enter something in that field, the submit button is disabled and the form can't be send. It didn't work, I still received spam with the hidden field remaining empty. This means either . bots are smart enough to see in code that a field is hidden. . or they use the visible front end form to submit entries.

2) Then I tried a rule that disables the submit button if the body contains :// So if a url is entered in the body, you can't submit. That works for the visible form on the front end, but I still received spam with url's in them. This means: . it must be submitted by a bot that doesn't use the visible front end . and a bot can still submit even when the button is disabled on the visible form

3) I added a numeric field to the form labeled 3+4= and the submit button is disabled as long as the field doesn't contain 7 (this combined with the previous :// rule). I didn't receive spam messages since I have done this, but this isn't an ideal solution because you are adding something to a form that doesn't really make sense for humans.

On another website I use Contact Form 7, and when that form started to generate a lot of spam I installed the 'Contact Form 7 Honeypot' addon that stopped the spam right away. Could you have a look how they do it?

It would also help if you add an option to use the WordPress Admin » Settings » Discussion » Blacklist. So if the message contains a blacklisted word, simply show a (customizable) error like "Sorry, we couldn't send your message. Please send a regular e-mail or contact us by phone." Also requested here https://github.com/CalderaWP/Caldera-Forms/issues/2836

jeroenrotty commented 5 years ago

Caldera used to be very good at fighting spam, but over the last year (or longer) it doesn't do it anymore. I would strongly vouch to integrate reCAPTCHA again. At this time, an extra plugin is needed for it.