Jump to content
mikelegg

Blocked Senders Can Still Submit Support Tickets

Recommended Posts

I recently blocked an address in the support tickets area because it was just spam, but a week later I received more spam from the same address.

 

I noticed the problem when I tried to block the address again and received the error - "Spam Control Update Failed. This email address is already on the blocked email senders list"

 

Is there something else I have to do to actually stop a blocked address from submitting support tickets?

Share this post


Link to post
Share on other sites
I recently blocked an address in the support tickets area because it was just spam, but a week later I received more spam from the same address.

 

I noticed the problem when I tried to block the address again and received the error - "Spam Control Update Failed. This email address is already on the blocked email senders list"

 

Is there something else I have to do to actually stop a blocked address from submitting support tickets?

 

i have the same issue... any solutions ?

Share this post


Link to post
Share on other sites

Are you sure it is actually from that email address though?

If the email address has been spoofed then it will still get through

Sounds like only the from field is being scrutinised

Share this post


Link to post
Share on other sites

I have the very same problem with a guy called Eric Jones well know as Spamer. 

His email address is blocked, but i get daily lots of emails from this guy.  Always using the same email. 

I just did a test and typed in by my self his email in the pre-sales Support-Ticket field and i could open easy a new support-Ticket with the so called "blocked" Email address. 

 

Would be very happy to find a solution to get rid of this guy. 

Share this post


Link to post
Share on other sites
On 05/12/2020 at 08:42, theman777 said:

I just did a test and typed in by my self his email in the pre-sales Support-Ticket field and i could open easy a new support-Ticket with the so called "blocked" Email address. 

https://docs.whmcs.com/Spam_Control

Quote

WHMCS comes with spam control filters to reduce the amount of spam you receive.

The spam control features will allow you to block email address and keywords or phrases that appear in either the message subject or body. which pipe into the ticket system from email.

Messages that you receive via the contact or submit ticket pages are not subject to these spam controls. For those, we recommend using reCaptcha.

i'd go along with evolve - try recaptcha first if he's submitting these via the site... ultimately, if he is and RC doesn't help, then you could likely prevent specific email addresses from being used with a hook.

Share this post


Link to post
Share on other sites
11 minutes ago, theman777 said:

You right, we could solve the issue with other reCaptcha. Now we do not get from this guy Support-Ticket. 
thx  

Glad to hear that fixed it. Have been seeing this from any site that has a form and no recaptcha. I don't believe this is a 'person' deliberately creating spam but a script used to spoof forms that don't have reCaptcha.

Share this post


Link to post
Share on other sites
On 12/5/2020 at 3:42 AM, theman777 said:

I have the very same problem with a guy called Eric Jones well know as Spamer. 

His email address is blocked, but i get daily lots of emails from this guy.  Always using the same email. 

I just did a test and typed in by my self his email in the pre-sales Support-Ticket field and i could open easy a new support-Ticket with the so called "blocked" Email address.

This is funny! I searched on a search engine about this exact issue because we blocked that same spammer Eric Jones as he keeps emailing us with his rubbish and no matter how many times we've "blocked" his email address in the tickets, he can still submit contact form tickets. We have reCAPTCHA active there so that's not a solution. The real solution is WHMCS fixing this issue and allowing us to block such emails for good and not give us excuses about this bug. Also, we just added his multiple IP addresses to our firewall's block list. His IP(s) is from India.

Share this post


Link to post
Share on other sites

If it shows an IP address in the ticket then it came from the form, not from email, so blocking the mail will do nothing - you'll need to firewall off the spammers IP ranges

 

Share this post


Link to post
Share on other sites
On 12/25/2022 at 8:55 AM, Ramouz said:

Eric Jones as he keeps emailing us with his rubbish and no matter how many times we've "blocked" his email address in the tickets, he can still submit contact form tickets.

We've successfully blocked him by using phrases instead of email or IP. Just look for the domains he includes, and block the name itself (just the name, not the ".com") and a few others he uses. They will always have a link with one of them. Be creative, and he can be stopped.

Share this post


Link to post
Share on other sites
On 1/14/2023 at 7:19 AM, bear said:

We've successfully blocked him by using phrases instead of email or IP. Just look for the domains he includes, and block the name itself (just the name, not the ".com") and a few others he uses. They will always have a link with one of them. Be creative, and he can be stopped.

Thank you for that! I gave up a bit on phrases as I think I still saw spam in the past (though I think subjects worked before) but I took your advice and added his domain without the TLD. Let's see if that works =).

WHMCS really needs to allow real spam protection and blocking/banning.

Share this post


Link to post
Share on other sites
On 1/14/2023 at 6:38 AM, othellotech said:

If it shows an IP address in the ticket then it came from the form, not from email, so blocking the mail will do nothing - you'll need to firewall off the spammers IP ranges

 

yep, there it is:

qDjEyrE.png

Share this post


Link to post
Share on other sites
6 hours ago, HostMaria said:

yep.. so tired of this Eric 😕  .. and, ocasionally there are new ones that manage to pop in..

AELaT6h.png

That 2nd one has been harassing forums also, but seems to have stopped as fast as it started. The same users that did that are now spamming something new (site called datebest), so be ready for that. 

On 1/14/2023 at 1:38 AM, othellotech said:

If it shows an IP address in the ticket then it came from the form, not from email, so blocking the mail will do nothing - you'll need to firewall off the spammers IP ranges

Unfortunately, our buddy Eric there uses a massive wide range of IPs, so that will take constant effort, and is not going to stop him, it will just cause a lot of spent time with little effect. Phrases catch them all once you set it up, with the only down side being if some legitimate client asks about the spammer's links. So far, none have here. 

Share this post


Link to post
Share on other sites
1 hour ago, bear said:

That 2nd one has been harassing forums also, but seems to have stopped as fast as it started. The same users that did that are now spamming something new (site called datebest), so be ready for that. 

Unfortunately, our buddy Eric there uses a massive wide range of IPs, so that will take constant effort, and is not going to stop him, it will just cause a lot of spent time with little effect. Phrases catch them all once you set it up, with the only down side being if some legitimate client asks about the spammer's links. So far, none have here. 

Can you please provide more phrases to block him? At least the ones you added? I added his website link without the .com, I also added another spammer that is spamming us daily with "jasperai" and "jasper.ai" links. I added those but they still go through, weird enough.

Share this post


Link to post
Share on other sites

It's fairly easy to fix with a hook. The below will block a single address.

<?php
add_hook('TicketOpenValidation', 1, function($vars) {
    if($vars['email'] === 'something@example.com')
        return 'Piss off you dipshit';
});

You can also use it to block the same senders that you've configured in the spam settings:
 

<?php
use WHMCS\Database\Capsule;

add_hook('TicketOpenValidation', 1, function($vars) {

    $blockedAddresses = Capsule::table('tblticketspamfilters')
        ->where('type', 'sender')
        ->pluck('content')
        ->toArray();

    if(in_array($vars['email'], $blockedAddresses))
    {
        return 'Message';
    }

});

Hope that helps!

Share this post


Link to post
Share on other sites
On 1/18/2023 at 8:42 AM, Ramouz said:

Can you please provide more phrases to block him? At least the ones you added?

These have been working for us: 
"boostleadgeneration" / "Talk With Web Visitor" / "talkwithwebvisitor"
Just those phrases, no "quotes", in three separate rules. 

Share this post


Link to post
Share on other sites
On 1/18/2023 at 5:59 PM, DennisHermannsen said:

<?php
use WHMCS\Database\Capsule;

add_hook('TicketOpenValidation', 1, function($vars) {

    $blockedAddresses = Capsule::table('tblticketspamfilters')
        ->where('type', 'sender')
        ->pluck('content')
        ->toArray();

    if(in_array($vars['email'], $blockedAddresses))
    {
        return 'Message';
    }

});

Hope that helps!

That's absolutely brilliant! It worked wonderfully! I tested legit and blocked emails and the blocked ones receive the error and legit ones (not in Spam Control emails) pass through. Thank you so much!

I wrote a nice message to make them think about their behaviour. Maybe one day, they might consider that and get an honest job =).

WHMCS should learn from this! That's how you do spam control.

Edited by Ramouz

Share this post


Link to post
Share on other sites
Just now, Ramouz said:

WHMCS should learn from this! That's how you do spam control.

I imagine that WHMCS doesn't do this is because it introduces a small issue. If you accidentally block a legit address, clients will have no way of getting in contact with you. I forgot to mention that in the above post.
If a client's email address is compromised and sends a lot of spam to your support inbox, you could end up blocking the sender address.

But, in case you know what you're blocking, you shouldn't face any issues.

Share this post


Link to post
Share on other sites
16 minutes ago, Ramouz said:

That's how you do spam control.

Until the email address they use changes. Then you need to block again. 😉 (and again)

Share this post


Link to post
Share on other sites
40 minutes ago, DennisHermannsen said:

I imagine that WHMCS doesn't do this is because it introduces a small issue. If you accidentally block a legit address, clients will have no way of getting in contact with you. I forgot to mention that in the above post.
If a client's email address is compromised and sends a lot of spam to your support inbox, you could end up blocking the sender address.

But, in case you know what you're blocking, you shouldn't face any issues.

True. I went through my blocked emails list, just in case, after adding this hook.

Your hook doesn't auto block emails so that's up to us, and it only blocks those emails from being used in contact forms, correct? So, there shouldn't be any real issue there. No one will open a ticket using our hostname's email. Not that I have that blocked.

26 minutes ago, bear said:

Until the email address they use changes. Then you need to block again. 😉 (and again)

Correct, sadly. But, at least it blocks those recurring ones.

I haven't seen Eric use another email apart from those 3 I have of him. If he does, and others do, I'll have to change my message and the hook to a "success" message instead, and they'll think it was approved.

Share this post


Link to post
Share on other sites

To each his own. Screencap below showing all but one blocked from Eric by phrases (the lone email block was manual).

 

phrase-blocking.png

Share this post


Link to post
Share on other sites
51 minutes ago, bear said:

To each his own. Screencap below showing all but one blocked from Eric by phrases (the lone email block was manual).

 

phrase-blocking.png

Hmm.. Where in WHMCS can I access that page to see the Recently blocked messages? I never knew about that. I'd like to see if it stopped anything using the keywords added recently.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated