How stop ticket spammer !!!!

[nimafire]

Hey

its near 1 week we have weird ticket that opens 3 times per day

i have attach today ticket:

ive check mailbox and these arent import by email, no email regard this receive in inbox and spam box

we have google captcha, ive also change it to whmc default type and nothing change

blocks ender isnt work and nothing block by whmcs

i cant find anything about these in whmcs activity log

[bear]

There is nothing in the email import logs for those?
 

[nimafire]

no nothing,

also no email store in inbox of account

seems it opens via system, like bypass capctcha

[bear]

Generally the email import grabs the message and deletes the copy on the server (if using POP import). If using the pipe method, it isn't stored on the mail server at all. I'd say your thought that they're visiting the page is correct, if it's not in the WHMCS mail import log. 

How do you know they're bypassing the Captcha, just because of the odd subjects and so on? If you have access, you might want to look through the server logs and find out who is hitting that form to submit, and see if that's something you can block.

[nimafire]

ive use FW method for importing email into ticket system.

so this is why ive say it might be bypassing captcha and opening ticket is the only way they send these tickets,

 

[bear]

The FW method is piping, and no messages should be saving to an email inbox unless you have some other mechanism in place to copy it there too.

[ITKoolKidd]

On 11/29/2019 at 12:53 PM, nimafire said:

no nothing,

also no email store in inbox of account

seems it opens via system, like bypass capctcha

I had a similar issue a couple weeks ago the tickets weren't coming in via email I searched every log and blocked every sender, the entire TLD (.ru) tickets kept coming. I finally blocked the IP and it stopped immediately. 

[nimafire]

these emails are not import by email, ive stop any piping and also remove email account from server, still receive these tickets.

these are sent from different ip and domain however ive block entire .ru domain in the past,

im think are they bypass captcha or theme code to send these tickets?

[brian!]

6 hours ago, nimafire said:

these emails are not import by email, ive stop any piping and also remove email account from server, still receive these tickets.

if piping is now disabled, and therefore clients need to come to the site to open a ticket, why not make the support departments client only - that means, that the user will need to login to open a ticket... which these spammers should be unable to do.

6 hours ago, nimafire said:

im think are they bypass captcha or theme code to send these tickets?

it's not impossible to bypass google captcha - there are plugins available to do that and I tried them on a v7.7 (or maybe v7.6) dev earlier in the year, and I could bypass it... the same probably applies to invisible v3 too - you could try switching the site to use v3 inviable instead and see if that makes any difference (i'm assuming you're still using the old v2 "not a robot" checkbox reCAPTCHA option).