Prestashop: New spam prestashop 1.7

Thanks for opening this issue! We will help you to keep its state consistent

Hey @okom3pom

Unfortunately I don't think this can be solved by PrestaShop on its own. Recaptcha is quite advanced, I can't see how we could do better ourselves.

Of course, should you decide to venture in that direction, that would be a business opportunity for you :)

Let me clarify, I don't think this can be solved by developing a custom captcha. But other alternative approaches could be explored. If you can think of one, we would be open to consider it.

I thinks problem come from bad implementation of captcha modules.
The captcha checking should be done in hook actionDispatcher to be sure it will be executed before all others actions to prevent sending email or database operations.

I use another captcha @ttoine said me to open an issue

I think we can close the issue if it's ok when module use the good way.

_Of course, should you decide to venture in that direction, that would be a business opportunity for you :)_

I am a merchand :)

Since a few days I am receiving an increase quantity of emails from the contact form on our PS webshop that only has some randow charaters as a message. Each day a few at least. Usually 2 contact form emails with identical email adresses. When I look in the BO customer service messages there is a 2nd message showing to/from the same email address . What can be the use or mis-use of this ?

Hi @frevab

You should install a captcha module to avoid spam, if you have already one, you should try another more robustly

Since a few days I am receiving an increase quantity of emails from the contact form on our PS webshop that only has some randow charaters as a message. Each day a few at least. Usually 2 contact form emails with identical email adresses. When I look in the BO customer service messages there is a 2nd message showing to/from the same email address . What can be the use or mis-use of this ?

@PierreRambaud could it be used to create a registry of existing customers ?

For example, you have a database of 1 million stolen emails, you want to check if they have customer accounts into myshop.com, so you use the contact form to give you an hint whether or not the customer is registered inside this shop ?

@florine2623 could you close the issue if there is no change required ?

For a few days I am receiving an increased quantity of emails from the contact form on our PS webshop that only has some random characters as a message. Each day a few at least. Usually 2 contact form emails with identical email addresses. When I look in the BO customer service messages there is a 2nd message showing to/from the same email address. What can be the use or misuse of this?

@PierreRambaud could it be used to create a registry of existing customers?

For example, you have a database of 1 million stolen emails, you want to check if they have customer accounts into myshop.com, so you use the contact form to give you a hint whether or not the customer is registered inside this shop?

@matks Nope, the contact form is not checking if the email exists in the database or not.

I'm closing this issue since no change is required :wink:

I don't really agree no changes is required. I am using PS some 8 years now and never an issue like this with the contact form.

However I do remember a solution on the forum to have not a default email address which makes the misuse easy.
I have tried to add a third contact to be used in the contact form (besides customer service and webmaster) so that customer service is not the default one but cannot set the default value for this anywhere I could find. Or can the contact form be amended so that the default contact is blank and visitor/customers have to select at least one of them manually before sending a message?

I hate captcha myself and often leave the websites I visit using them as they get more complicated over time and are not visitor friendly. I have see simple ones with like where you have a answer a simple calculation like 3+9= but don't know if they will work or are available for PS.
I only read that most captchas don't work and they don't stop misuse of the contact form. I now and then get messages using the contact form of people offering SEO services but they don't seem to be automated messages.

I find it interesting to find out why these apparant automated messages only have these random character in the message body and nothing else. Why should anyone bother sending them unless they result in something.

Perhaps hey trigger some mass spam sending as I often get undeliverable emails with the remark than the IP it was sent from is on a black list. I send messages through php from back office so IP is from the hosting server.

@frevab I added some blank lines in your message to make it more readable 😅 I hope you don't mind

@PierreRambaud closed this issue because this is a bug tracker and right now we see nothing we can do. A bug tracker goal is to keep a list of things to be done, an open issue like this "explore the reason for spam" is not something we can easily fix, we cannot assign someone to him and ask him "please fix this" 😉 but this does not mean we don't care. We are currently doing the same as you: monitoring this last spam trend and trying to understand what is the goal behind them. Because indeed so far we cannot see how the attacker is expecting to get any money from this 😅

If we can understand what the attacker is trying to obtain we cant protect it. But without understanding the attacker intention I dont see what we can do :/

I hate captcha myself and often leave the websites I visit using them as they get more complicated over time and are not visitor friendly. I have see simple ones with like where you have a answer a simple calculation like 3+9= but don't know if they will work or are available for PS.

Modern captcha are no more visible for end-users.

For example Google Recaptcha v3 : https://www.google.com/recaptcha

You can find PrestaShop modules to integrate it on PrestaShop Addons marketplace and free modules on PrestaShop Forums (use free modules at your risk and peril)