I’m using a form in my Drupal CMS to send data to phpList and it’s protected by Honeypot. Anyway the proprietary signup form of phpList (lists/?p=subscribe) is still publicly available, so shortly after launching I got over 20 spam signups per day. I tried to disable the list checkboxes with Javascript, so that the form can’t be sent, but with no effect.
Have you tried @DuncanC’s Captacha Plugin? Or seeing as you are using Durpal, is there a Captcha option for that?
But when there is a captcha in phpList will Drupal still be able to send the data?
I think the main problem is that the subscription link is publicly visible. This is because I didn’t manage to send the data with Drupal’s webform module by using an internal custom POST handler (I don’t understand why). Instead I had to add an action attribute with the subscription link to the form tag, so it’s in the source code.
@0711master If the subscription form is public then you won’t be able to stop a real person signing up. An automated bot will be able to submit the form but then phplist should reject the attempt so long as you have enabled notify spam
// notify spam
// when phplist detects a possible spam attack, it can send you a notification about it
// you can check for a while to see if the spam check was correct and if so, set this value
// to 0, if you think the check does it's job correctly.
// it will only send you emails if you have "Does the admin get copies of subscribe, update and unsubscribe messages"
// in the configuration set to true
define('NOTIFY_SPAM', 1);
You could try disabling the subscribe page, possibly you could then still submit through Drupal.
Ok, I’ll try it. I suppose this only works with define('USE_SPAM_BLOCK', 1);?
We already had the discussion about disabling the subscribe page in another thread (Block page root), but there was no suitable solution…