0

I have a various joomla and static websites and messages from the contact form on those sites will be send to my mail.
lately i received various spams flooded my mail then i add captcha with those forms.now my mail is free from spammers.
But my question is how do they compromised my site?
its like 100 of mails within few minutes. so it cannot be done manually they must have added some kind of script.
how do they do it?
i searched google i cannot come up with good result.

m59
  • 43,214
  • 14
  • 119
  • 136
  • Related: [How to prevent robots from automatically filling up a form?](https://stackoverflow.com/q/2387496/1619432) – handle Apr 13 '18 at 10:42

1 Answers1

0

Your site is not compromised. The captcha simply prevents a bot from submitting the form over and over again. It's the same as if a human quickly filled out the form and clicked submit and did this over and over again. There's not any kind of a security breach. Captchas are pretty good at preventing bot spam.

One clever thing you could do is make a hidden input field and make it very appealing for bots to fill it out, no validation or anything and label and name like "Last Name", something that is common, but that you aren't already using. When the form is submitted that value will be sent to the server. Since a person couldn't have seen the input, the only way it will be filled out is if a bot found it in the document and filled it out. So, if you find this value, don't send the mail. More on this here (click).

m59
  • 43,214
  • 14
  • 119
  • 136
  • unless activating catcha. there is no way to stop spam? –  Jan 21 '14 at 06:49
  • @ShebasKhan Validating the form better can help a lot and possibly reduce the need for captcha. For example, if you have several required fields and validate the type of information in them - make sure an email is an email, a name is a name, etc. Unfortunately, bots are somewhat smart about that sort of thing. – m59 Jan 21 '14 at 06:55