Wordpress contact form getting hammered by spambots

Avatar
  • Answered
Fast Secure Contact Form - akismet and small captcha enabled (but not honeypot). in the last year all my sites (so i guess my imh ip address?) has been blacklisted by only MSN. the last 2 times imh (i guess) contacted MSN and the block was removed in 24 hours. 12 days ago i put in a ticket to imh and the reply was (you should contact MSN and have them remove the block).

the spambots somehow get by akismet and somehow they read the captcha and correctly fill it in. fast secure contact form plugin author says "only enable honeypot if you know you're being spammed" but he recommends not using it in most cases but doesn't explain why. do you know if honeypot will slow down or hurt my sites? he said don't use honeypot with a cache plugin, which i've disabled a few months back because WP Fastest Cache conflicts with Ithemes Security but hope to reactivate WP Fastest Cache once that is resolved.

do you guys have any suggestions for me on how to stop the spambots? the forms on have on my 35 addon domains do have an 97% spam but i do get real customers too and they really like the form instead of emailing so i can't just deactivate forms.

the way i have it set up : my client barely has the ability to check his Hotmail/now Outlook so in FSCF i CC his email and my yahoo a copy of the filled out form. yahoo has never blacklisted but MSN has 3 times now. i never log in to imh email to read these which is the primary "To:" in FSCF.

when you guys are at an industry convention in hawaii, please tell MSN they should go after the spambots (criminals) and NOT blacklist the victims! what am i supposed to do?

thanks as always for your advice!
Avatar
JeffMa
To begin, Akismet is incredibly good at detecting spam so it may be as simple as Akismet not being properly configured with FS Contact Form. Within your WordPress dashboard, hover over Plugins and click on FS Contact Form. Then, click on the Security tab and find the checkbox labeled Check this and click "Save Changes" to determine if Akismet key is active, then click Save Changes. You should then see at the top of this page whether or not your Akismet license is active. In my experience (also according to stats on my most active site), Akismet was able to block over 99% of all spam that comes in. If Akismet is indeed activated and the license is active, I then recommend enabling the honeypot within FS Contact Form. The spead decrease is negligible (in the milliseconds) so I wouldn't worry much about it. Captchas can be bypassed incredibly easily nowadays and many spammers are able to purchase captcha completions for a fraction of a cent to be used with their bots. As for your caching, I recommend W3 Total Cache which is what I run on all of my sites. Our article on configuring W3 Total Cache should get you pointed in the right direction. With MSN blacklisting due to the forwarded spam, there's not really much that can be done with the exception of no longer forwarding the messages to them. Unfortunately, they will keep blacklisting as when the message comes from the server, their mail servers are unable to detect the cause for it and only see it as a spam message that comes from the server. My recommendation would be to simply set this to an account on the server or possibly another mail provider (although with another provider, you could possibly face the same issue). I hope this was able to answer all of your questions. If you need anything else, let us know.