Blocked Senders Can Still Submit Support Tickets

[mikelegg]

I recently blocked an address in the support tickets area because it was just spam, but a week later I received more spam from the same address.

 

I noticed the problem when I tried to block the address again and received the error - "Spam Control Update Failed. This email address is already on the blocked email senders list"

 

Is there something else I have to do to actually stop a blocked address from submitting support tickets?

[Janko]

I recently blocked an address in the support tickets area because it was just spam, but a week later I received more spam from the same address.

 

I noticed the problem when I tried to block the address again and received the error - "Spam Control Update Failed. This email address is already on the blocked email senders list"

 

Is there something else I have to do to actually stop a blocked address from submitting support tickets?

 

i have the same issue... any solutions ?

[djseamus]

What gives?!?!?

 

Why have this feature if it doesn't work?

[m8internet]

Are you sure it is actually from that email address though?

If the email address has been spoofed then it will still get through

Sounds like only the from field is being scrutinised

[theman777]

I have the very same problem with a guy called Eric Jones well know as Spamer. 

His email address is blocked, but i get daily lots of emails from this guy.  Always using the same email. 

I just did a test and typed in by my self his email in the pre-sales Support-Ticket field and i could open easy a new support-Ticket with the so called "blocked" Email address. 

 

Would be very happy to find a solution to get rid of this guy. 

[Evolve Web Hosting]

Are you using reCaptcha? I think that would put a stop to it.

[brian!]

On 05/12/2020 at 08:42, theman777 said:

I just did a test and typed in by my self his email in the pre-sales Support-Ticket field and i could open easy a new support-Ticket with the so called "blocked" Email address. 

https://docs.whmcs.com/Spam_Control

Quote

WHMCS comes with spam control filters to reduce the amount of spam you receive.

The spam control features will allow you to block email address and keywords or phrases that appear in either the message subject or body. which pipe into the ticket system from email.

Messages that you receive via the contact or submit ticket pages are not subject to these spam controls. For those, we recommend using reCaptcha.

i'd go along with evolve - try recaptcha first if he's submitting these via the site... ultimately, if he is and RC doesn't help, then you could likely prevent specific email addresses from being used with a hook.

[theman777]

You right, we could solve the issue with other reCaptcha. Now we do not get from this guy Support-Ticket. 
thx  

[Evolve Web Hosting]

11 minutes ago, theman777 said:

You right, we could solve the issue with other reCaptcha. Now we do not get from this guy Support-Ticket. 
thx  

Glad to hear that fixed it. Have been seeing this from any site that has a form and no recaptcha. I don't believe this is a 'person' deliberately creating spam but a script used to spoof forms that don't have reCaptcha.

[Ramouz]

On 12/5/2020 at 3:42 AM, theman777 said:

I have the very same problem with a guy called Eric Jones well know as Spamer. 

His email address is blocked, but i get daily lots of emails from this guy.  Always using the same email. 

I just did a test and typed in by my self his email in the pre-sales Support-Ticket field and i could open easy a new support-Ticket with the so called "blocked" Email address.

This is funny! I searched on a search engine about this exact issue because we blocked that same spammer Eric Jones as he keeps emailing us with his rubbish and no matter how many times we've "blocked" his email address in the tickets, he can still submit contact form tickets. We have reCAPTCHA active there so that's not a solution. The real solution is WHMCS fixing this issue and allowing us to block such emails for good and not give us excuses about this bug. Also, we just added his multiple IP addresses to our firewall's block list. His IP(s) is from India.

[othellotech]

If it shows an IP address in the ticket then it came from the form, not from email, so blocking the mail will do nothing - you'll need to firewall off the spammers IP ranges

 

[bear]

On 12/25/2022 at 8:55 AM, Ramouz said:

Eric Jones as he keeps emailing us with his rubbish and no matter how many times we've "blocked" his email address in the tickets, he can still submit contact form tickets.

We've successfully blocked him by using phrases instead of email or IP. Just look for the domains he includes, and block the name itself (just the name, not the ".com") and a few others he uses. They will always have a link with one of them. Be creative, and he can be stopped.

[Ramouz]

On 1/14/2023 at 7:19 AM, bear said:

We've successfully blocked him by using phrases instead of email or IP. Just look for the domains he includes, and block the name itself (just the name, not the ".com") and a few others he uses. They will always have a link with one of them. Be creative, and he can be stopped.

Thank you for that! I gave up a bit on phrases as I think I still saw spam in the past (though I think subjects worked before) but I took your advice and added his domain without the TLD. Let's see if that works =).

WHMCS really needs to allow real spam protection and blocking/banning.

[HostMaria]

yep.. so tired of this Eric 😕  .. and, ocasionally there are new ones that manage to pop in..

[HostMaria]

On 1/14/2023 at 6:38 AM, othellotech said:

If it shows an IP address in the ticket then it came from the form, not from email, so blocking the mail will do nothing - you'll need to firewall off the spammers IP ranges

 

yep, there it is:

[bear]

6 hours ago, HostMaria said:

yep.. so tired of this Eric 😕  .. and, ocasionally there are new ones that manage to pop in..

That 2nd one has been harassing forums also, but seems to have stopped as fast as it started. The same users that did that are now spamming something new (site called datebest), so be ready for that. 

On 1/14/2023 at 1:38 AM, othellotech said:

If it shows an IP address in the ticket then it came from the form, not from email, so blocking the mail will do nothing - you'll need to firewall off the spammers IP ranges

Unfortunately, our buddy Eric there uses a massive wide range of IPs, so that will take constant effort, and is not going to stop him, it will just cause a lot of spent time with little effect. Phrases catch them all once you set it up, with the only down side being if some legitimate client asks about the spammer's links. So far, none have here. 

[Ramouz]

1 hour ago, bear said:

That 2nd one has been harassing forums also, but seems to have stopped as fast as it started. The same users that did that are now spamming something new (site called datebest), so be ready for that. 

Unfortunately, our buddy Eric there uses a massive wide range of IPs, so that will take constant effort, and is not going to stop him, it will just cause a lot of spent time with little effect. Phrases catch them all once you set it up, with the only down side being if some legitimate client asks about the spammer's links. So far, none have here. 

Can you please provide more phrases to block him? At least the ones you added? I added his website link without the .com, I also added another spammer that is spamming us daily with "jasperai" and "jasper.ai" links. I added those but they still go through, weird enough.

[DennisHermannsen]

It's fairly easy to fix with a hook. The below will block a single address.

<?php
add_hook('TicketOpenValidation', 1, function($vars) {
    if($vars['email'] === 'something@example.com')
        return 'Piss off you dipshit';
});

You can also use it to block the same senders that you've configured in the spam settings:
 

<?php
use WHMCS\Database\Capsule;

add_hook('TicketOpenValidation', 1, function($vars) {

    $blockedAddresses = Capsule::table('tblticketspamfilters')
        ->where('type', 'sender')
        ->pluck('content')
        ->toArray();

    if(in_array($vars['email'], $blockedAddresses))
    {
        return 'Message';
    }

});

Hope that helps!

[bear]

On 1/18/2023 at 8:42 AM, Ramouz said:

Can you please provide more phrases to block him? At least the ones you added?

These have been working for us: 
"boostleadgeneration" / "Talk With Web Visitor" / "talkwithwebvisitor"
Just those phrases, no "quotes", in three separate rules. 

[Ramouz]

On 1/18/2023 at 5:59 PM, DennisHermannsen said:

<?php
use WHMCS\Database\Capsule;

add_hook('TicketOpenValidation', 1, function($vars) {

    $blockedAddresses = Capsule::table('tblticketspamfilters')
        ->where('type', 'sender')
        ->pluck('content')
        ->toArray();

    if(in_array($vars['email'], $blockedAddresses))
    {
        return 'Message';
    }

});

Hope that helps!

That's absolutely brilliant! It worked wonderfully! I tested legit and blocked emails and the blocked ones receive the error and legit ones (not in Spam Control emails) pass through. Thank you so much!

I wrote a nice message to make them think about their behaviour. Maybe one day, they might consider that and get an honest job =).

WHMCS should learn from this! That's how you do spam control.

Edited January 26, 2023 by Ramouz

[DennisHermannsen]

Just now, Ramouz said:

WHMCS should learn from this! That's how you do spam control.

I imagine that WHMCS doesn't do this is because it introduces a small issue. If you accidentally block a legit address, clients will have no way of getting in contact with you. I forgot to mention that in the above post.
If a client's email address is compromised and sends a lot of spam to your support inbox, you could end up blocking the sender address.

But, in case you know what you're blocking, you shouldn't face any issues.

[bear]

16 minutes ago, Ramouz said:

That's how you do spam control.

Until the email address they use changes. Then you need to block again. 😉 (and again)

[Ramouz]

40 minutes ago, DennisHermannsen said:

I imagine that WHMCS doesn't do this is because it introduces a small issue. If you accidentally block a legit address, clients will have no way of getting in contact with you. I forgot to mention that in the above post.
If a client's email address is compromised and sends a lot of spam to your support inbox, you could end up blocking the sender address.

But, in case you know what you're blocking, you shouldn't face any issues.

True. I went through my blocked emails list, just in case, after adding this hook.

Your hook doesn't auto block emails so that's up to us, and it only blocks those emails from being used in contact forms, correct? So, there shouldn't be any real issue there. No one will open a ticket using our hostname's email. Not that I have that blocked.

26 minutes ago, bear said:

Until the email address they use changes. Then you need to block again. 😉 (and again)

Correct, sadly. But, at least it blocks those recurring ones.

I haven't seen Eric use another email apart from those 3 I have of him. If he does, and others do, I'll have to change my message and the hook to a "success" message instead, and they'll think it was approved.

[bear]

To each his own. Screencap below showing all but one blocked from Eric by phrases (the lone email block was manual).

 

[Ramouz]

51 minutes ago, bear said:

To each his own. Screencap below showing all but one blocked from Eric by phrases (the lone email block was manual).

 

Hmm.. Where in WHMCS can I access that page to see the Recently blocked messages? I never knew about that. I'd like to see if it stopped anything using the keywords added recently.