Getting Spam Emails using JSON API URL

  • Hi,

    I’m using CF7 from years. However, from the form available on the given link, I receive 3-5 spam emails daily. Surprisingly, each of these requests has the value

    THE_WEBSITE_URL/wp-json/contact-form-7/v1/contact-forms/159/feedback

    for URL field using [_url] tag. While all other rest valid requests give the URL of the page where the form exists.

    I’m using Really Simple CAPTCHA plugin for spam protection. How do I protect such kind of spam emails submission?

    Thanks

    • This topic was modified 5 years, 2 months ago by Amit Sonkhiya. Reason: Remove hostname from JSON URL

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    FAQ > I get spam messages through my contact forms. How can I stop them?

    Thread Starter Amit Sonkhiya

    (@amitaits)

    Hi,

    I understand that reCaptcha implementation is a solution but it doesn’t apply in this case.

    I’ve already implemented Really Simple CAPTCHA plugin to the CF7 form.
    However, the spammers are sending me spams using the link:

    /wp-json/contact-form-7/v1/contact-forms/159/feedback

    It means they’re not sending me emails by filling the Contact Form.
    Rather, they are directly using the API path used by the CF7 plugin.
    I don’t have any other JSON API exposed.

    Thanks

    Hi there,

    I am facing exactly the same issue here and cannot find a solution. I coded a spam detection for the regular contact form on the website which works fine. However, spam comes in via the API. It can be seen by looking at the form “url” that has Amit’s structure: THE_WEBSITE_URL/wp-json/contact-form-7/v1/contact-forms/[formID]/feedback but not the “url” of the page like it is the case for non-spam responses.

    Is there any fix that works? I receive 2-3 spam responses per 10 minutes!

    Thanks,
    Hans

    Thread Starter Amit Sonkhiya

    (@amitaits)

    @hworrenscheid

    I feel the plugin author hasn’t made its API secured enough. Further, terribly posted a predetermined reply like a bot without understanding the question and context adequately.

    @takayukister Would you please look into the issue.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Getting Spam Emails using JSON API URL’ is closed to new replies.