Metadata
- Source
- BI-1
- Type
- Bug
- Priority
- Major
- Status
- To Do
- Resolution
- N/A
- Assignee
- Jonathan Hung
- Reporter
- Jonathan Hung
- Created
2019-04-05T06:48:31.424-0400 - Updated
2019-04-05T07:09:37.704-0400 - Versions
- N/A
- Fixed Versions
- N/A
- Component
- N/A
Description
Unsecured contact forms on the website are allowing spam bots and other agents to abuse the forms and send unsolicited emails.
In particular this page seems to be susceptible.
Comments
-
Jonathan Hung commented
2019-04-05T07:01:08.886-0400 Adding Recaptcha to vulnerable forms should reduce the amount of unsolicited emails on these forms. In adding Recaptcha to these forms, a number of issues came up:
- Privacy - Contact Form 7 5.1 and later uses Recaptcha V3 exclusively which monitors user activity across all served pages on the site, not just the contact forms, and send data back to Google. This will invalidate any statements of privacy on the BIG IDeA website.
- Recaptcha V2 Plugin - In order to use the older Recaptcha V2 (the traditional "I'm not a Robot" and select the matching images), a separate 3rd party plugin needed to be downloaded and activated on the site to add this functionality.
- Formatting issues caused by Easy Lazy Loader plugin - A plugin called "Easy Lazy Loader" was causing the form submit button to render outside of its Form element after a Recaptcha is added to the form. This also caused an invisible Recaptcha text field to be rendered visibly causing confusin. To avoid this issue, the Easy Lazy Loader plugin was disabled.
So far only this form is secured: https://bigidea.one/submit-a-design-challenge/
Other forms should be secured with Recaptcha. @@Alan Harnum is there any reason we wouldn't want to add Recaptcha to all open, public forms?