Spam support tickets

[cocabean]

I get around 10-20 Spam support tickets a day.

 

Example:

 

Subject

 

"ZoMXIYZVEuYazey"

 

Message

 

[[spam URLs removed, so we don't help them]]

 

Any advice how to stop these?

 

Thank you.

[scurrell]

Spam filtering on your mail server?

[cocabean]

Spam filtering on your mail server?

 

It is not my email, it is the support ticket system that it is getting spammed.

 

I know WHMCS has "Support Ticket Spam Control"

 

But each time it is a different sender, different subject and different phrase so I don't know what I can do.

[WHMCS John]

If these are being submitted via your website they will have an IP Address at the bottom of the message. Do you have captcha enabled? Setup > General Settings > Other tab.

[cocabean]

Didn't really want to activiate this but guess I will have to, thanks.

[cocabean]

Sorry to bump this up but I have a question is there a way to enable the captcha for only the contact form? I don't wish for it to be on where people search for domains as this is really annoying for users.

 

Thanks

[harveygwa]

i get these same emails. only to my support tecket system. i had an idea on how to stop this but dont know how to do it or if it can be done.

 

all the subjects have a "# " befor all the random letters.

 

is their a way that you could use a wild card in the whmcs spam control filter to stop all emails with a " # " in the subject from getting though.

 

also most of the email address end in " .jp " ??

 

just an idea dont know if it can be done

[jeremyhaber]

I actually disabled the ability to start tickets through email. Now clients in my installations of WHMCS have to start tickets through WHMCS. Any emails attempting to start tickets will just be ignored.

[nexthost]

I am also getting these spam emails, at least 5 a day, via support tickets via whmcs.. something needs to be done about it, I believe it's a new bot out there. catcpha isn't any good as, you need re-catchpa my buddy created the code to get past catchpa which is rather neat, but annoying for most people.

[m8internet]

If they are sent by email, then they should be matched against a specific customers account to be accepted

Therefore it sounds more like they are being processed by the supportticket.php form

 

Setup the support ticket system to require customer login

[WIS hosting]

I also have Captcha enabled, and still receiving spam in version 4.5.2.

I only allow tickets being created in WHMCS and not piped by mail.

 

Maybe WHMCS can take a look again to the Captcha as it doesn't seem to work anymore against new bots.

[Mustang]

Same problem here,

 

Captcha enabled and spam tickets coming through the website.

 

Maybe a math question against spam?

[Ashley.S.]

It is also starting to annoy me and my staff now, and no they are NOT coming in via email, they are actually manually visiting the contact link and submitting a ticket and we can't go blocking every single email/ip subject used by them...

 

Time for a better Captcha selection me thinks...

[WHMCS John]

Reaptcha is available in version 5.0 which should prove more robust.

[Ashley.S.]

Reaptcha is available in version 5.0 which should prove more robust.

 

That's great news to hear John

[mannnq]

Reaptcha is available in version 5.0 which should prove more robust.

 

Any solution for now?

[yaimomda]

i got problem same everybody.

 

https://www.keycaptcha.com work better recaptcha, please add to whmcs 5.

[bear]

Frankly, that's awful and leaves out sight impaired users.

[Ashley.S.]

If you really want to throw a spanner in the works, there is always solve media http://www.solvemedia.com/

 

What might be better at some point could be a system that allows a choice so WHMCS users can use something of their own choice so they are not forced to choose between a basic one or ReCaptcha for example

Edited October 22, 2011 by Ashley.S.

[Cygnostik]

I've been seeing this same kind of spamming but at least in my case there are a couple of points that make it especially difficult...

 

If you look close you'll notice they're being submitted as sales tickets. In my case I only take support & sales tickets from existing customers so I'm forced to assume these are coming from the pre-sales page which is obviously for people who can't log-in.

 

It is specifically just this one pre-sales contact page which should be able to have some kind of security feature enabled...

 

Also, I don't know what's up with all the people who make stupid remarks like "block the IP address" but since nobody else has bothered to respond to them: Infuriatingly, each message is always from a totally different IP address. Usually a totally different network, spread across many countries.

 

The subject of the spam I've been getting doesn't have the # symbol in it and in fact every single part is totally randomized. :-(

[Blueberry3.14]

I'm not sure if it's a bug in v5.0.2 or intended behavior, but the reCaptcha doesn't display on the domain checker until AFTER the user has clicked a button. Then there's an error message, as if they've done something wrong.

 

At this point I'm willing to deal with a little more spam (most as submitted by humans hired to do so, rather than bots) in order to not piss off and annoy potential customers.

[lance]

blueberry3.14 there is a patch for recaptcha, this in the v5 patches section

 

post #10 at http://forum.whmcs.com/showthread.php?t=43291

[Blueberry3.14]

blueberry3.14 there is a patch for recaptcha, this in the v5 patches section

 

post #10 at http://forum.whmcs.com/showthread.php?t=43291

 

And I applied the patch when it first came out. No change, the issue/bug is still happening. Only now my bug report has been deleted, so someone else can take the time to write the next one.

[nexthost]

I'm getting 20 spam emails a day, this sucks.

[alinford]

One option is to make it so that only logged in users can use the submit ticket option, and have users that are not logged in use an email link instead. Your mail server should catch the spam, while users would still be able to submit tickets without the captcha enabled.