Spammers are abusing the Contact Us form
While dirtroadcentury.com uses Recaptcha to prevent spam, some clever bastards have figured out how to get around it. As a result, our Slack channel, and my personal email, is getting blown up with spam messages creating a bunch of noise that drowns out legitimate Contact Us requests.
Quick and Dirty Solution Proposal
Since the majority of the spam is caused by two sources, and are relatively similar, we should be able to cut down on the amount of spam by checking for various key words and email address when validating the form.
This can be done in a couple different ways. The ideal way would be writing a form validator that checks the sender of the message, and the body of the message for contents similar to known spam messages and email addresses, and fail the validation accordingly. We could just quickly filter out spam directly from the
routes.py file, but I would prefer to have a proper validator to keep the
routes.py file clean.
Here are some screenshots of the typical spam I see coming through.
A few details to note:
- Eric Jones spam is always similar, and always comes from an email that contains that name.
- Some spam uses the
Namefield to contain all of the spam message. Having a length limit on this field could be useful.
Flask WTForms: https://flask-wtf.readthedocs.io/en/0.15.x/
Custom Form Validators using WTForms: https://wtforms.readthedocs.io/en/2.3.x/validators/#custom-validators