Spammer - WHMCS not blocking

[StarburstHost]

We have a problem with a spammer using the ticket system, even though reCapcha is enabled.

email is eric.jones.z.mail@gmail.com

His email is also blocked in WHMCS, but somehow he keeps submitting tickets.

Keywords he is using are also blocked.

Any ideas?

When I click on Block Sender, I get

Spam Control Update Failed
This email address is already on the blocked email senders list

 

Edited May 18, 2021 by StarburstHost
Addition

[string]

Spam Control only checks imported mails. It doesn't check anything if the ticket is created via the ticket form.

You would need to create a hook to block the email address from submitting tickets. Ideally you would return not an error message, but a success message so that he does not adjust his method.

[StarburstHost]

Well that spam feature is useless then. 😕

I'll try & lookup how to do that hook.

[brian!]

17 hours ago, StarburstHost said:

Well that spam feature is useless then. 😕

are they using the same IP each time they submit? if so, you could block their IP via your hosting panel, or even htaccess.

also, do a Google search on that email address - you're are not alone and seems to have a similar outlook.com address too.

17 hours ago, StarburstHost said:

I'll try & lookup how to do that hook.

the hook itself is nothing special...

<?php
add_hook('TicketOpenValidation', 1, function($vars) {
	if ($vars['email'] == "eric.jones.z.mail@gmail.com") {
		return "Go away you little spammer!";
	}
});

similarly, you could see if his website is mentioned in the ticket message and block them that way too.

if you can identify an IP (or block) for this spammer, then i'd probably go down that road... the problem with validating the ticket is that if they really want to spam you, they'll just change the email address/message to get past the check (even if you faked it to look like a success message).

[StarburstHost]

Brian,

Thanks. Will get that setup. Funny than just stopping the entry.

They keep using different IP's to post from.

Still curious how they keep getting past the reCaptia also.
Unless it's not a bot, but someone overseas cutting & pasting.

[UnwilfulExpenditure]

Bloody Eric! Yes, different emails/ips are used by (It would seem, same person/group) But the same name! I removed the contact form and sent the link into tickets then the tickets started! I wrote something similar but without an abundance of funnies! Kudos! 

[earthgirlllc]

I have a Zap at Zapier I use to close these tickets: https://zapier.com/shared/83b885be9efa744ae0f00f89a92b2c09ce346e61

[Epesi]

On 5/19/2021 at 3:59 PM, brian! said:

the hook itself is nothing special...

<?php
add_hook('TicketOpenValidation', 1, function($vars) {
	if ($vars['email'] == "eric.jones.z.mail@gmail.com") {
		return "Go away you little spammer!";
	}
});

similarly, you could see if his website is mentioned in the ticket message and block them that way too.

if you can identify an IP (or block) for this spammer, then i'd probably go down that road... the problem with validating the ticket is that if they really want to spam you, they'll just change the email address/message to get past the check (even if you faked it to look like a success message).

If you are completely new to this: in your WHMCS installation directory create a file ericjonesspam.php in directory /includes/hooks
with the content @brian! provided.

Thank you and I confirm that it works.

Janusz

[WHMCS John]

Hi all,

To help block these automated submissions we recommend enabling Google Invisible reCaptcha on the following forms:

• Contact Form
• Ticket Submission

https://docs.whmcs.com/Google_reCAPTCHA#Enabling_Invisible_reCAPTCHA

 

These messages are not being imported in via email, meaning the Spam Control filter rules do not apply.