[Vtigercrm-developers] webforms spammy content

nilay khatri nilay.spartan at gmail.com
Wed Jul 28 09:54:28 GMT 2021 

Hi Ruben,

I was working on rectifying the change requested. But while I tried the
setup I am getting the captcha error "ERROR for site owner: Invalid key type
".

I have set up v2 reCaptcha, crm and html page on the same domain, copied
the keys and updated on the config file, key is coming on the HTML page as
well.

Any idea what could be going wrong?



On Tue, Jul 27, 2021 at 11:31 AM Prasad <prasad at vtiger.com> wrote:

> Thanks Ruben. I did a quick review - can you please review the feedback on
> code (minor).
> Its ready to pick up once its done.
>
> If you are too caught up let me know.
>
> On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <
> rulotec1 at gmail.com> wrote:
>
>> It appears that after the upgrade to 7.4 my changes to the webforms
>> capture process were overwritten. So I guess the spammy content was in fact
>> a bot.
>>
>> I've fixed it, cleaned up a bit and made a MR:
>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>>
>> Even when the other captcha versión (v.1?) was in place, it wasn't
>> correctly implemented as explained here:
>> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>
>>  Saludos
>>
>> Rubén
>>
>>
>> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
>> wrote:
>>
>>> That's the problem, technically and operationally!
>>>
>>> Technically bots can bypass your validations in different ways. This
>>> when combined with the operational issue where 2 teams are involved,
>>> website dev and crm dev teams, it becomes a pain to manage.
>>>
>>> However you can create abstraction such that the website team takes care
>>> of client side validation and at CRM side we add event listeners to
>>> sanitize/pre-process the form data.
>>>
>>> Potentially with this you can even map fields from Lead gen forms like
>>> on FB, Insta, Webhooks data etc. to webforms :)
>>>
>>>
>>>
>>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>>>
>>>> We generally pre-process/sanitise/validate the form before submitting
>>>> to
>>>> the vtiger webform.
>>>>
>>>> Al
>>>>
>>>>
>>>> On 24/07/2021 11:00, nilay khatri wrote:
>>>> > This is one of the discussions carried upon earlier, where I pointed
>>>> to
>>>> > trigger events on webform submissions.
>>>> >
>>>> > This is one of the example situations where you want to add some sort
>>>> of
>>>> > filter before the webform gets submitted.
>>>> >
>>>> > Another scenario is where you might like to lookup if there is an
>>>> > existing contact based on email/phone and link the form data.
>>>> >
>>>> > BDW, captcha support is still not fixed/updated for webforms since 3
>>>> years.
>>>> >
>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>>> >
>>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>>> > <mailto:prasad at vtiger.com>> wrote:
>>>> >
>>>> >     Description text-area is capturing the incoming content as text
>>>> and
>>>> >     displaying it.
>>>> >
>>>> >     You can add a pre-save handler to pre-process and reject.
>>>> >
>>>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>>> >
>>>> >         Hi ,
>>>> >
>>>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>>>> >         robot" checkbox.
>>>> >
>>>> >         However, lately I've been receiving leads in vtiger with a
>>>> >         description like this:
>>>> >
>>>> >         Ideal para ti
>>>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl
>>>> >"><img
>>>> >         src="
>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>> >         <
>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>> >"
>>>> >
>>>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>>> >         /></a>
>>>> >
>>>> >
>>>> >         This is how I see it in Vtiger:
>>>> >
>>>> >         image.png
>>>> >
>>>> >         Not sure whether that's a hacking attempt and if I should be
>>>> >         worried. Shouldn't the webforms module filter html tags and
>>>> such
>>>> >         kind of contents?
>>>> >
>>>> >         Please share your thoughts!
>>>> >
>>>> >         Saludos
>>>> >
>>>> >         Rubén
>>>> >         _______________________________________________
>>>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>>>> >
>>>> >     _______________________________________________
>>>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > http://www.vtiger.com/
>>>> >
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210728/9fc4b230/attachment.html>

More information about the vtigercrm-developers mailing list