[Tips & Tricks] Send to a Friend SPAM

[mmcsus]

Spammers are using work at home jobs to spread their scum, in other words using real humans.

The "share" button or send to a friend is used by spammers more and more. (Copy & Paste)

The following should help prevent the "drones" from spreading the spammers scum.

This is only an example and can be used in the comment form or any form.

The problem is you do not want your customer not to be able to paste in some forms.

However the "send to a friend" form should not need to be pasted.

Edit your oc-content/themes/your_theme/item-send-friend.php

Find around line 77: (For bender 1.0)

  <div class="control-group">
                <label class="control-label" for="message">
                    <?php _e('Message', 'bender'); ?></label>
                <div class="controls textarea">
                    <?php SendFriendForm::your_message(); ?>
                </div>
  </div>

 
  Change to:
 
   

  <div class="control-group">
                <label class="control-label" for="message">
                    <?php _e('Message', 'bender'); ?></label>
                <div class="controls textarea" id="nopaste">
                    <?php SendFriendForm::your_message(); ?>
                </div>
     </div>

   
Edit your oc-content/themes/your_theme/js/global.js

At the very end add the following:

window.onload = function() {
 var nopaste = document.getElementById('nopaste');
 nopaste.onpaste = function(e) {
   e.preventDefault();
alert ("Pasting has been disabled to help prevent spam");
 }
}

Now when the drone tries to paste they will receive a message "Pasting has been disabled to help prevent spam"

Of course this is not fool proof but just another tool.

David

[strata]

Thanks for good tips mmcsus, will try it later 

[Hello]

nice  working file +1

[Gizmo]

thank you

[dev101]

Hi mmcsus,
thanks for this usefull mod (although I personally do not like paste disabling on any website, it is annoying).

One bug: I analysed page loading in serveral browsers (F12 web dev tools) and they all report same js error in the console, but everything appears to be working fine:

Code: [Select]

Uncaught TypeError: Cannot set property 'onpaste' of null

Just thought you should know about it.

Edit: look here, might be a solution to move script at the end of item-send-friend.php file, instead of global.js

Code: [Select]

<script>
window.onload = function() {
 var nopaste = document.getElementById('nopaste');
 nopaste.onpaste = function(e) {
   e.preventDefault();
alert ("Pasting has been disabled to help prevent spam");
 }
}
</script>

dev101

[design]

thanks

[plesk]

good evening
thank you for bender theme and the theme of France as you have a solution thank you

[zoopla]

Thanks!

[krahamath]

Thank you 

[volunteer]

thanks for this tip..

ideally would be nice to limit the use of contact forms by time

[Syed]

Can I use it on Contact Seller Form?

Regards

[whitehattracker]

Thanks for these tips. Unfortunately, years later looks like this trick is still going on.

Recent research by Imperva Incapsula (https://www.incapsula.com/blog/form-filler-bots-do-star-wars.html) has shown that many send-to-a-friend/share-to-a-friend social sharing modules are compromised.

Besides using all purpose bot filtering (yes, like the vendor sells) some other suggestions are "include a rate-limiting mechanism that will prevent an IP address from issuing unreasonable numbers of requests over a specific period of time. Other DIY solutions are to have all users fill in CAPTCHAs and to enforce registration as a prerequisite to sending out an email message"

In fact, according to Incapsula's research the same gambling sites are even using Star Wars novels to bypass content filters.   

[Aficionado]

Thanks for these tips. Unfortunately, years later looks like this trick is still going on.

Recent research by Imperva Incapsula (https://www.incapsula.com/blog/form-filler-bots-do-star-wars.html) has shown that many send-to-a-friend/share-to-a-friend social sharing modules are compromised.

Besides using all purpose bot filtering (yes, like the vendor sells) some other suggestions are "include a rate-limiting mechanism that will prevent an IP address from issuing unreasonable numbers of requests over a specific period of time. Other DIY solutions are to have all users fill in CAPTCHAs and to enforce registration as a prerequisite to sending out an email message"

In fact, according to Incapsula's research the same gambling sites are even using Star Wars novels to bypass content filters.

Next time post a clever SPAM, this is very obvious.