[Vtigercrm-developers] webforms spammy content

nilay khatri nilay.spartan at gmail.com
Wed Jul 28 10:15:34 GMT 2021 

Ignore, that was because I changed the API keys but forgot to update the
HTML form :)

On Wed, Jul 28, 2021 at 3:24 PM nilay khatri <nilay.spartan at gmail.com>
wrote:

> Hi Ruben,
>
> I was working on rectifying the change requested. But while I tried the
> setup I am getting the captcha error "ERROR for site owner: Invalid key
> type".
>
> I have set up v2 reCaptcha, crm and html page on the same domain, copied
> the keys and updated on the config file, key is coming on the HTML page as
> well.
>
> Any idea what could be going wrong?
>
>
>
> On Tue, Jul 27, 2021 at 11:31 AM Prasad <prasad at vtiger.com> wrote:
>
>> Thanks Ruben. I did a quick review - can you please review the feedback
>> on code (minor).
>> Its ready to pick up once its done.
>>
>> If you are too caught up let me know.
>>
>> On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <
>> rulotec1 at gmail.com> wrote:
>>
>>> It appears that after the upgrade to 7.4 my changes to the webforms
>>> capture process were overwritten. So I guess the spammy content was in fact
>>> a bot.
>>>
>>> I've fixed it, cleaned up a bit and made a MR:
>>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>>>
>>> Even when the other captcha versión (v.1?) was in place, it wasn't
>>> correctly implemented as explained here:
>>> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>
>>>  Saludos
>>>
>>> Rubén
>>>
>>>
>>> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
>>> wrote:
>>>
>>>> That's the problem, technically and operationally!
>>>>
>>>> Technically bots can bypass your validations in different ways. This
>>>> when combined with the operational issue where 2 teams are involved,
>>>> website dev and crm dev teams, it becomes a pain to manage.
>>>>
>>>> However you can create abstraction such that the website team takes
>>>> care of client side validation and at CRM side we add event listeners to
>>>> sanitize/pre-process the form data.
>>>>
>>>> Potentially with this you can even map fields from Lead gen forms like
>>>> on FB, Insta, Webhooks data etc. to webforms :)
>>>>
>>>>
>>>>
>>>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>>>>
>>>>> We generally pre-process/sanitise/validate the form before submitting
>>>>> to
>>>>> the vtiger webform.
>>>>>
>>>>> Al
>>>>>
>>>>>
>>>>> On 24/07/2021 11:00, nilay khatri wrote:
>>>>> > This is one of the discussions carried upon earlier, where I pointed
>>>>> to
>>>>> > trigger events on webform submissions.
>>>>> >
>>>>> > This is one of the example situations where you want to add some
>>>>> sort of
>>>>> > filter before the webform gets submitted.
>>>>> >
>>>>> > Another scenario is where you might like to lookup if there is an
>>>>> > existing contact based on email/phone and link the form data.
>>>>> >
>>>>> > BDW, captcha support is still not fixed/updated for webforms since 3
>>>>> years.
>>>>> >
>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>>>> >
>>>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>>>> > <mailto:prasad at vtiger.com>> wrote:
>>>>> >
>>>>> >     Description text-area is capturing the incoming content as text
>>>>> and
>>>>> >     displaying it.
>>>>> >
>>>>> >     You can add a pre-save handler to pre-process and reject.
>>>>> >
>>>>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>>>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>>>> >
>>>>> >         Hi ,
>>>>> >
>>>>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>>>>> >         robot" checkbox.
>>>>> >
>>>>> >         However, lately I've been receiving leads in vtiger with a
>>>>> >         description like this:
>>>>> >
>>>>> >         Ideal para ti
>>>>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl
>>>>> >"><img
>>>>> >         src="
>>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>>> >         <
>>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>>> >"
>>>>> >
>>>>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>>>> >         /></a>
>>>>> >
>>>>> >
>>>>> >         This is how I see it in Vtiger:
>>>>> >
>>>>> >         image.png
>>>>> >
>>>>> >         Not sure whether that's a hacking attempt and if I should be
>>>>> >         worried. Shouldn't the webforms module filter html tags and
>>>>> such
>>>>> >         kind of contents?
>>>>> >
>>>>> >         Please share your thoughts!
>>>>> >
>>>>> >         Saludos
>>>>> >
>>>>> >         Rubén
>>>>> >         _______________________________________________
>>>>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>>>>> >
>>>>> >     _______________________________________________
>>>>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > http://www.vtiger.com/
>>>>> >
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210728/e2ed72a9/attachment-0001.html>

More information about the vtigercrm-developers mailing list