0004295: Spambots may target newsletter form - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0004295	Composr	newsletter	public	2020-06-25 02:20	2020-06-25 02:20

Reporter	Chris Graham	Assigned To	Chris Graham
Severity	Major-bug
Status	resolved	Resolution	fixed
Product Version	10.0.31
Fixed in Version	10.0.32

Summary	0004295: Spambots may target newsletter form
Description	A user has reported how the newsletter form is being hit by spambots, causing confirmation e-mails to go out to 'random' people. This is a bit unusual, as there's no message field for the bot to use to enter spam text to, while the bot also is smart enough to not fall in the spam blackhole that is present on all forms. Add CAPTCHA support to the newsletter module. Document the main_newsletter_signup block does not support CAPTCHA, so people know to just link to the module if spambots are a concern. (Adding CAPTCHA to the block would ruin the simplicity of the block as a quick signup option integrated into the UI).
Tags	No tags attached.

Time estimation (hours)
Sponsorship open

admin 2020-06-25 02:20 administrator ~0006613	Fixed in git commit 88f343570 (https://gitlab.com/composr-foundation/composr/commit/88f343570 - link will become active once code pushed to GitLab) A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). hotfix-4295, 2020-06-25 2am.tar (47,616 bytes)