Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » Plug-in: zem_contact_reborn

#193 2006-02-07 06:13:24

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: Plug-in: zem_contact_reborn

Great plug-in.
Slowly learning it…

Thanks to all the chamanes that have reborned this plug-in with a white magic.. and a little magic dust…


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#194 2006-02-07 16:28:04

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: Plug-in: zem_contact_reborn

Hi,
i think I’m having some problems that maybe are related with this plug-in, but I really dont know.

Yesterday, I updated from 4.0.1 and plug-in dca_email_form to 4.0.3 and zem_contact (reborn), because an spammer sent SPAM maybe thru a hole in the dca_email_form. I also was receiving 10 or 20 e-mails by day, sent through my contact form, that were obviusly a kind of SPAM, because they were all sent from a non-existing email address of my own domain (like 2jlk298@mydomain.com or similar).

So, as I said, I upgraded to 4.0.3 and zem_contact reborn, hoping that those kind of e-mails will gooing to stop.

But today I have received new fake e-mails sent thru the new contact form.
You can see the emails content here (the 3 are different):
http://pastebin.com/543365
http://pastebin.com/543404
http://pastebin.com/543409

As I also said, they are always sent with a fake address of my own domain.

So, my first idea to stop this kind of abuse is: to exclude email addresses from @mydomain.com.
Is there anyway to do this?

Also, does anyone suffered this kind of attack with zem_contact?

thanks.

Last edited by maniqui (2006-02-07 16:32:01)


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#195 2006-02-07 22:05:32

Anton
Plugin Author
From: Alingsås, Sweden
Registered: 2004-11-16
Posts: 138
Website

Re: Plug-in: zem_contact_reborn

can anyone confirm that this scenario now works:
  1. enter some international characters, like åäö
  2. leave one required field out, so that an error occurs (and old data is prepopulated in filled-out fields)
  3. fill in missed fields and resubmitting the now completed form (with old åäö data that should not look scrambled)
  4. the resulting email shows “åäö” as it should in Outlook for Windows

anyone tried? i had to hack in som iso-8859-1 conversion stuff to make it (old sem_contact that is) work.

Offline

#196 2006-02-08 01:32:48

thebombsite
Archived Plugin Author
From: Exmouth, England
Registered: 2004-08-24
Posts: 3,251
Website

Re: Plug-in: zem_contact_reborn

I haven’t tried that Anton but “Reborn” now references your setting in “Preferences” if that’s any help. It should also retain any input data if an error is thrown.

As far as I am aware the only area where we are still having a problem with foreign characters is the “Select” drop-down list.

Maniqui – at the moment the plug-in only checks that it is a properly formated email address so if they are using your domain they will pass the test. I’ll have a word and see if there is anything that can be done about this. Those emails are weird. Wasn’t there any message?


Stuart

In a Time of Universal Deceit
Telling the Truth is Revolutionary.

Offline

#197 2006-02-08 14:00:50

-P-
Member
From: Finland
Registered: 2005-09-10
Posts: 211

Re: Plug-in: zem_contact_reborn

<blockquote> > maniqui wrote:

> Hi,
i think I’m having some problems that maybe are related with this plug-in, but I really dont know.

Yesterday, I updated from 4.0.1 and plug-in dca_email_form to 4.0.3 and zem_contact (reborn), because an spammer sent SPAM maybe thru a hole in the dca_email_form. I also was receiving 10 or 20 e-mails by day, sent through my contact form, that were obviusly a kind of SPAM, because they were all sent from a non-existing email address of my own domain (like 2jlk298@mydomain.com or similar).

So, as I said, I upgraded to 4.0.3 and zem_contact reborn, hoping that those kind of e-mails will gooing to stop.

But today I have received new fake e-mails sent thru the new contact form.
You can see the emails content here (the 3 are different):
http://pastebin.com/543365
http://pastebin.com/543404
http://pastebin.com/543409

As I also said, they are always sent with a fake address of my own domain.

So, my first idea to stop this kind of abuse is: to exclude email addresses from @mydomain.com.
Is there anyway to do this?

Also, does anyone suffered this kind of attack with zem_contact?

thanks.
</blockquote>

I have had similar problems on one of my domains I host during past two days. But that site runs on Wordpress and the spam subject is from it´s contact form that obviously uses wp plugin contact form so I believe these spam attacts are not releated only to zem_contact.

Only today I have received 600 hundred mail delivery notifications with my domains fake email addresses used. I contacted my ISP to exclude all the email addresses that are not in use de facto and I assume it works (well, does not prevent those email addresses beeing used but it stops my server receiving them).

Last edited by -P- (2006-02-08 14:02:05)

Offline

#198 2006-02-08 14:46:15

thebombsite
Archived Plugin Author
From: Exmouth, England
Registered: 2004-08-24
Posts: 3,251
Website

Re: Plug-in: zem_contact_reborn

I wonder if these are “bot” attacks, looking at the quantity P has received, in which case using the “checkbox” function may help. I can’t say I’ve seen any of these though it is probably a mistake to say so. ;)

Last edited by thebombsite (2006-02-08 14:47:29)


Stuart

In a Time of Universal Deceit
Telling the Truth is Revolutionary.

Offline

#199 2006-02-08 14:55:11

-P-
Member
From: Finland
Registered: 2005-09-10
Posts: 211

Re: Plug-in: zem_contact_reborn

You read my mind :) I was just about to add checkbox to all my TXP installations with contact form. Ones running with Wordpress, guess I just have to disable the contact forms for a moment.

I assume this is some kind of new security hole or something that bots have found, ability to some how use Textpattern or Wordpress contact forms to send spam.

Those emails that I personally received were not the actual spam but mail delivery failure notices. The poor person whose blog contact form was used, received actual spam.

Offline

#200 2006-02-08 15:08:17

tinyfly
Member
From: Dallas, Texas
Registered: 2004-05-10
Posts: 462
Website

Re: Plug-in: zem_contact_reborn

You know it would be great if zem_contact_submit could use html’s <button> element instead of the <input> element, or have that option.

Some thing like <txp:zem_contact_submit label="Send" button="yes" /> would output <button type="submit" name="zem_contact_submit">Send</button>.

Offline

#201 2006-02-08 15:09:45

thebombsite
Archived Plugin Author
From: Exmouth, England
Registered: 2004-08-24
Posts: 3,251
Website

Re: Plug-in: zem_contact_reborn

Bots are getting more clever by the minute. I take it the WP plug-in doesn’t have a similar function then. Maybe it’s time to wake the developer up. ;)

We are currently looking at adding a couple of empty “hidden” fields. When the form is sent it will only be accepted if the fields remain empty. If some really clever bot has filled them in… and combine that with a checkbox as well… maybe it will blow itself up.

@tinyfly – explain to me what the difference is please.

Last edited by thebombsite (2006-02-08 15:12:24)


Stuart

In a Time of Universal Deceit
Telling the Truth is Revolutionary.

Offline

#202 2006-02-08 15:24:41

tinyfly
Member
From: Dallas, Texas
Registered: 2004-05-10
Posts: 462
Website

Re: Plug-in: zem_contact_reborn

The only difference would be in targeting the element via css. If it is an <input> and you wanted to style your submit input differently than your text inputs then you have to use a class or id. If it is a <button> element then no class or id is neccessary. The current way works fine since you do have ids but it would be nice to have the option. Just good practice in general.

Also, could you add a class to any hidden inputs you add? like class="zemHidden" that way when I make inputs display:block; I can exclude the hiddens?

Last edited by tinyfly (2006-02-08 15:26:20)

Offline

#203 2006-02-08 16:19:20

tinyfly
Member
From: Dallas, Texas
Registered: 2004-05-10
Posts: 462
Website

Re: Plug-in: zem_contact_reborn

I am having a problem with show_input.

Here is the code I am using:
<txp:zem_contact to="myemail.com” form=“contact_form” show_input=“no” />@
<txp:zem_contact to="myemail.com” form=“contact_form” show_error=“no” />@

Everything seems fine except that but when I submit the form with no email the error message shows in the top area but so does a 2nd contact form.

Anybody else run into this?

Offline

#204 2006-02-08 16:44:06

tranquillo
Archived Plugin Author
Registered: 2005-03-07
Posts: 127
Website

Re: Plug-in: zem_contact_reborn

The problem arises because of the show_error attribute. It doesn’t work properly, yet. We didn’t wanted to change that before the select email function is implemented, because it could need some major change in the code structure.

Offline

  1. Index
  2. » Archives
  3. » Plug-in: zem_contact_reborn

Board footer

Powered by FluxBB