Facile Forms Spam Hack
Please see comments.
Some of my Joomla! sites use Facile Forms to manage their forms. This extension is getting a little aged and the developer has indicated he might not upgrade the code for new versions of Joomla!.
Recently, a Facile Forms user complained they were receiving form spam. (Form spam is similar to email spam only the spammer uses website forms to insure delivery to real users.) Facile Forms has a security code CAPTCHA to block form spam but obviously it was not working. So I removed the Facile Form CAPTCHA and implemented a different CAPTCHA.
This blocked a large portion of the form spam but a few were still trickling through. I found a short post indicating a hack that might help. It seems that Facile Forms does not do a check to ensure that the post is coming from a recently served page on your site and that the fields are validated only by javascript.
Short of replacing Facile Forms, which I shall do shortly, I hacked it. The hack varies slightly from the Meyer hack above.
Oracle Hack of Facile Forms
Add a line to the file components/com_facileforms/facileforms.process.php (at line 3081)
//hack to check referer; 1 line added if(stripos($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST'])===false) $this->suicide();
There are of course problems with this hack; referrer can be spoofed and not all clients send referrer headers. But it should cover my users until I get the extension replaced.
July 16th, 2008 at 11:56 am
DO NOT use the Facile Forms extension. It has been badly cracked and is no longer supported.
Forms in Joomla remain a tricky proposition, so I have implemented a custom solution on my supported sites. I am very pleased with my approach but it is not for novices.