Dear Everyone,

I currently get a lot of contact us spam. It usually looks like this:
Nice...

*** Spam text removed ***

Would anyone have an idea how to get rid of this or at least put some sort of image verification setting on it. Thanks.

Unless you want to help this spammer it is better not to post the text of his spam. ;)

AdminCP -> vBulletin Options -> Site Name / URL / Contact Details -> Allow Unregistered Users to use 'Contact Us'

What vb version are you suing? 3.7.0 beta 4 now has the ability to add captcha to it and it works great. You can also set up a profile field question for the contact us so bots can't use it. That you can do even in 3.5.4 so it's good all the way up.

vBulletin 3.6 already has the buildin option to have a CAPTCHA on the Contact Us, maybe even already in 3.5.

No need for profile fields or such.

It wasn't in 3.5.4 and since I jumped straight to 3.7.0 beta 3, I wasn't sure about any versions in between. All he has to do then is get his public and private CAPTCHA keys (which are free) and he is all set.

All he has to do then is get his public and private CAPTCHA keys (which are free) and he is all set.
reCAPTCHA is a bit wonky for me...I myself would stick with normal CAPTCHA for the moment.

I found the NoSpam hack brought my Contact Us spam to standstill, as it was getting pretty bad. I use in combo with the CAPTCHA and haven't had to disable unregistered users from accessing it. The reason being, if there's a registration problem, there's not a lot of other ways to get a hold of me.

I believe a NoSpam-type modification has become standard in vBulletin as of 3.7.

I believe a NoSpam-type modification has become standard in vBulletin as of 3.7.

Yes, it has. ;)


reCAPTCHA is a bit wonky for me...I myself would stick with normal CAPTCHA for the moment.

reCAPTCHA works great on 3.7.0 beta 4. I haven't had a problem with it yet, knock on wood.

reCAPTCHA lets me put in any gibberish and still lets me through.

What version of vb are you using it on?

I was doing it through reCAPTCHA's website.

I just tested it on my site. It wouldn't accept garbage but it did accept a wrong spelling of both words.

--------------- Added 1202833409 at 1202833409 ---------------

Well, I wrote the reCAPTCHA people and this is the resaponce I got:


Boofo:
well, I just tried one and I got both words mispelled and it accepted
it.

Support:
This is because on the known word we allow one letter typos -- we've found it makes the user experience better. We don't grade based on the word we are attempting to read, however we do offline studies on user accuracy on this word (based on other people's responses). This allows us to use the reading word to detect abuse.


And here is the expanation:

From the description of how reCAPTCHA works:

"Each new word that cannot be read correctly by OCR is given to a user
in conjunction with another word for which the answer is already
known. The user is then asked to read both words. If they solve the
one for which the answer is known, the system assumes their answer is
correct for the new one."

So as long as you get the "known" word right, the other is assumed to
be correct. In your example one could surmise that 'Coat' is the known
word.

Having said this, when testing reCAPTCHA on my two sites that use it,
I have noticed that it accepts leading sub-strings of BOTH words as
correct. For example, for "surprise trouble", "surpris troubl" would
be deemed to be correct. This seems to apply if the sub-strings are
reasonably long, so "s t" would fail in this example. Has anyone else
noticed this behaviour? I am using a bespoke PHP implementation with
recaptchalib.php.

Weird, it seems to have fixed itself now. I retract my comments about reCAPTCHA :). Stop Spam, Read Books!

But you can still misspell in it. ;)

If bots can't get through, I don't care if I can misspell :p.

LOL My feeling exactly. If it didn't accept misspelled words, I would never be able to get past it.