Spam submissions received - No longer protecting

Created on 30 May 2024, 7 months ago
Updated 13 August 2024, 4 months ago

The Antibot module is no longer effective against certain types of form spam. It appears that some robots have managed to bypass its protection. Yesterday, we've been attacked with spam submissions from various IP addresses for one our websites. Is anyone else experiencing this issue?

Versions:
Antibot: 2.0.3
Drupal: 10.1.8
PHP: 8.1.27

πŸ› Bug report
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡¦πŸ‡ΊAustralia amit.sharma.aust

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @amit.sharma.aust
  • πŸ‡ͺπŸ‡ΈSpain tolivera

    We have the same problem.

    More than 3.000 submissions from a bot in 4 hours.

    Antibot: 2.0.3
    Drupal: 10.2.5
    PHP: 8.2.20

  • πŸ‡·πŸ‡ΊRussia Psi-fact0r

    I agree, few time ago my sites has multiple spam attack on webforms. This is sad. Try to find a solution...

  • πŸ‡¨πŸ‡¦Canada vladt

    I've created a patch which seems to resolve the issue for me - I've seen 0 spam submissions over the last 24 hours, down from 2/minute before applying it. This patch changes how the antibot_key is processed and passed to the client, so bots can't get to it without multiple processing steps.

  • I've seen a few bug reports where the fix has been to make the antibot_key scrambling more elaborate.

    I wonder: is it known why the existing input[name="form_token"] XSRF token doesn't accomplish the needed anti-forgery goal? Excuse me if this is a dumb question.

  • πŸ‡ΊπŸ‡ΈUnited States gallegosj

    Is this issue still active? Our forms have been getting bombarded in the last 24 hours.

Production build 0.71.5 2024