Support Forum

Every time that you post a problem, PLEASE add the Joomla and the extension's versions and revisions (for example: Joomla 3.3.6, Contact Enhanced 3.3.5), PHP version and Server's Operating System. If you only manage only one site it is easier if you edit your profile and just add that information to your signature. Don't forget to add a detailed description of the problem. If possible, write down all steps to simulate the problem.

Before submitting a new post, PLEASE make sure you are running the latest version, test in different browsers (IE, FF, Chrome,..) and clear Joomla and browser's cache after every change you make.

Also, most questions are already answered in our FAQ and in iFAQ and Contact Enhanced documentation pages.

× Contact Enhanced is a contact component manager created to replace Joomla! core contacts component and add lots of advantages and new features (see Features ) and it offers many plugins and modules for several different purposes,
Product page | Documentation Page

Contact form used for spamming

2 years 2 months ago #25971 by waitz
Hi

We've had one episode where we received around 2000 emails over the period of two days. All the emails where the same, titled "Thanks for your payment. Your payment has been approved.", but there is something that is very strange that we cannot figure how how happened:

None of the emails that are used in the contact form are known to us. But when I exported the recorded messages to a csv file, every row is connected with a user in our website. And this is alarming for us.

I have attached one row of the recorded messages csv file, and a screen shot of this particular contact form.

Can you shed any light on the matter?
Thank you
Rajan

This attachment is hidden for guests.
Please log in or register to see it.

Kristian Rajan | Joomla! 3.7.5 | Contact Enhanced 3.8.2

This message has an attachment file.
Please log in or register to see it.

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25972 by waitz
PS: The emails where all sendt via our contact form: humaniversity.com/contact

Kristian Rajan | Joomla! 3.7.5 | Contact Enhanced 3.8.2

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25973 by support
Dear Kristian,

I see you are using reCpatcha plugin. Were you already using Captcha to prevent robots from exploiting this form?

Best regards,

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25974 by waitz
Dear Douglas

Yes, we had the reCaptcha install at the time also.

Kristian

Kristian Rajan | Joomla! 3.7.5 | Contact Enhanced 3.8.2

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25975 by waitz
I've been in contact with our host to look in the log of a security application we have protecting the site, so how they/a robot managed to use the contact form is not actually the main reason I reach out to you.

I am trying to figure out how our website's registered users are connected to the 2000 registered messages in the backend and in the csv export.

Kristian

Kristian Rajan | Joomla! 3.7.5 | Contact Enhanced 3.8.2

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25976 by support
Kristian,

The registered user is only linked to a Recorded (saved) message if the user was logged in at the time of the form submission. Contact Enhanced just gets the current logged-in user's id (if there is one) using Joomla's framework.
If the robot was able to log in as a user, then it's not an issue related to Contact Enhanced, because Contact Enhanced does not have any login feature.

Is the Captcha setting in Contact Enhanced > Options set to Always or to "Show only if the user is not logged in"? In your case, I recommend setting the option to Always. See screenshot attached.

You might also want to try to test the "Time Form Submission" and enable the "Session Check" option. Then test your form.

Also, I recommend using a "Web Application Firewall" such as AdminTools Pro on all sites .

PS: I'm not affiliated in any way with Akeeba.

Best wishes
Attachments:

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25977 by waitz
Dear Douglas

I have set captcha options to Always, I have used AdminTools Pro for many years, and on host level we have Sucuri protecting the whole site.
I do not think Contact Enhanced is compromised, that is not where I am coming from at a all. I am also very aware that we have an old Joomla version, as we are in the process of moving to Wordpress.

I am just trying to figure out the csv export of the recorded messages. As you can see in the csv file I attached to the first post, which is 1 of the 2000 rows, my name and email address (@waitz.no) appears in the csv file in column C and D, but in the backend of CE, the contact form shows a yahoo address. The yahoo address appears in the csv file in column O, starting with Visitor information IP address etc.



So what I am trying to figure out: How is my user and email @waitz.no involved in this recorded message..?

Kristian Rajan | Joomla! 3.7.5 | Contact Enhanced 3.8.2
Attachments:

Please Log in or Create an account to join the conversation.

2 years 2 months ago #25980 by support
Dear Kristian,

I'm sorry. When you wrote "connected with a user" I automatically thought the linked user (from_id) was a user on your website. Now I see there's nothing to do with the from_id, because the E column is 0 (empty).

I've been investigating this now for a while now and I cannot find a cause for saving one email in the database and sending the email with another information.
Kind regards,

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum

Copyright © 2018 IdealExtensions.com. All Rights Reserved.

This site is not affiliated with or endorsed by the Joomla!™ Project. It is not supported or warranted by the Joomla!™ Project or Open Source Matters™. The Joomla!™ logo is used under a limited license granted by Open Source Matters™, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons and deriving aggregate information (analytics). This information is retained for a minimum of 1 and a maximum of 24 months.
Feedback