Moodle site support request email is more and more used for spam - How to turn off?
A possible solution has been discussed in the German forum: https://moodle.org/mod/forum/discuss.php?d=436204#p1755393
In case you need help with the translation, just let me know.
In case you need help with the translation, just let me know.
Hi Otmar,
That is not currently a feature that can be disabled, the original intent being that it is common for people to have trouble accessing their account, and require support assistance. It is also protected by ReCaptcha if you enable that on your site, which was designed to be an extra anti-spam measure. However, given not everybody is able to enable ReCaptcha, or may have other reasons for not wanting the site support form to be available to all visitors, I have implemented more granular controls over that in MDL-74643, which should land for Moodle 4.1.
That is not currently a feature that can be disabled, the original intent being that it is common for people to have trouble accessing their account, and require support assistance. It is also protected by ReCaptcha if you enable that on your site, which was designed to be an extra anti-spam measure. However, given not everybody is able to enable ReCaptcha, or may have other reasons for not wanting the site support form to be available to all visitors, I have implemented more granular controls over that in MDL-74643, which should land for Moodle 4.1.
Got ReCaptcha and was still getting spam mails!
I am trying out now Mathias Giegers advice!
In Website-Administration look for supportpage and enter https://yourdomain.xx/index.php
I am trying out now Mathias Giegers advice!
In Website-Administration look for supportpage and enter https://yourdomain.xx/index.php
Hi Otmar,
That's an interesting/unfortunate outcome, I think there's a couple of things we can look at to try and troubleshoot further. Have you done any testing to confirm that ReCaptcha is working as expected, for example making sure it is appearing on the page, and that the contact form will not let you submit it unless you complete the ReCaptcha? Additionally, can you confirm that the spam emails you are receiving include the standard contact site support subject line ("Site support request - abc") and text at the top of the email (such as "Be careful with this message.The sender was not logged in ... etc etc")? Just trying to rule out problems with ReCaptcha itself (or things like caching), and also to determine that spammers are not just emailing your support email address directly.
That's an interesting/unfortunate outcome, I think there's a couple of things we can look at to try and troubleshoot further. Have you done any testing to confirm that ReCaptcha is working as expected, for example making sure it is appearing on the page, and that the contact form will not let you submit it unless you complete the ReCaptcha? Additionally, can you confirm that the spam emails you are receiving include the standard contact site support subject line ("Site support request - abc") and text at the top of the email (such as "Be careful with this message.The sender was not logged in ... etc etc")? Just trying to rule out problems with ReCaptcha itself (or things like caching), and also to determine that spammers are not just emailing your support email address directly.
The workaround you mentioned (setting supportpage as a redirect to your homepage) creates its own problems (if that is the only change you make). Primarily, the result is that you now have a support link live in your site, which will redirect all legitimate students, teachers etc who try to click on it straight back to the homepage. Usually they are only going to be clicking that when they have a problem, so combining that with an infinite loop of being redirected to the homepage when they try to reach out for assistance results in an fairly frustrating experience. If there is no other way to avoid this, I would suggest that someone with access to the relevant code removes the link from the footer menu, in addition to you setting the supportpage. While not helping users who need support, at least removing the menu item prevents further frustration from a non-working feature, while setting the supportpage will lock down the contact form page so it cannot be accessed directly.
If we can troubleshoot those earlier items though and there's some other solution, hopefully removing it completely can be avoided. One final option is also investigating whether you can set up spam protection on your inbox, so you can still effectively support legitimate emails, but avoid the others - though this is just a final though, and I don't want to assume which services are/aren't available to any specific host.
If we can troubleshoot those earlier items though and there's some other solution, hopefully removing it completely can be avoided. One final option is also investigating whether you can set up spam protection on your inbox, so you can still effectively support legitimate emails, but avoid the others - though this is just a final though, and I don't want to assume which services are/aren't available to any specific host.
Hello Michael,
I only have recapcha 2 and I was getting 5 of those emails the way you mentioned above!
Besides that I had about 10 fake registrations per day, mostly with russian emails, which I blocked!
The emails had nothing to do with my moodle system.
They were advertising only!
Have a nice day!
Otmar
I only have recapcha 2 and I was getting 5 of those emails the way you mentioned above!
Besides that I had about 10 fake registrations per day, mostly with russian emails, which I blocked!
The emails had nothing to do with my moodle system.
They were advertising only!
Have a nice day!
Otmar
Also the 4.1 docs Support contact highlights the three options now available.
In reply to Michael Hawkins
Ri: Re: How to turn off - moodle site support request ?
In reply to Chiara Di Terlizzi
Re: Ri: Re: How to turn off - moodle site support request ?
由Michael Hawkins發表於
Hi Chiara,
If you think there could be some benefit to that, it would be worth raising an improvement on Tracker so it can be voted on/considered for the backlog. I certainly don't see any obvious harm in implementing that.
I do think though that it's important to point out that that indexing is only going to affect visibility of that particular page on search engines, so I'm not sure that it would have any significant impact on reducing spam. That would be more of a "security through obscurity" measure, and it would be just as easy to crawl for Moodle sites using a different (indexed) page, and then once identified, directly navigate to the support page URL to see whether it's available to unauthenticated users.