Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.To avoid spammers abusing this wonderful module, it'd be great if one could choose to enforce preview before submission (this stumps a lot of automated spammers) and maybe even add captchas to the submission process.
Comments
Comment #1
kbahey commentedI have been running feedback since I wrote it, and I have virtually no spam.
Turning on email address verification is almost a fool proof measure against any spam, but it has some overhead (slow, may not work on all servers).
Captcha is overkill for such a simple module (in my opinion). There was a discussion on the drupal-devel mailing list about it, to add it to all forms in Drupal, but this did not materialize.
This leaves the preview, which I am willing to add to the module. It would be helpful if this is added as an option (the administrator clicks on an option saying 'require preview'.
If you can provide a patch that does that (against the CVS version) , then I will be glad to include it in the repository.
Thanks for the suggestions.
Comment #2
spazfoxI would like to second the request for some additional spam protection. I received nearly a dozen email spams via this module today. The email verification didn't do much good because they used my domain name with random usernames (e.g., iszcdfhkl@mydomain.com). If the preview before submit would work, I'm all for it. Otherwise, I don't see why captchas wouldn't be a good option. This is a very useful module, but I'm going to be forced to disable it if I keep getting tons of spam from it.
Comment #3
kbahey commentedAre you sure a preview button would help? The spammers could just learn that and program their scripts/bots to click on it.
Captcha seems to be the best technical solution, and there is now a captcha module in the respository.
I am short on time, so anyone cares to make a patch?
Also, bear in mind that I want to phase out feedback by incorporating its functionality in Drupal core's contact module.
Comment #4
shiggi7 commentedI would like to second spazfox's comment - most days, I get a number of messages sent from open relays attempting to inject code to utilize the Feedback module to relay spam. These are always of the form gibberish@mydomain.com. A filter that disallows messages from mydomain.com would do the trick.
Comment #5
halftone commentedNo progress on this? I am getting 20 soams a day through feedback. A simple blacklist addition would stop this - if the body includes 'phrase' fail the mail. Tarpitting it would be even better, to punish the sender.
Comment #6
kbahey commentedHere is a solution http://drupal.org/node/76237
In short, install the captcha module, and modify it as per above so it would work for feedback, then enable feedback in captcha.