Have you considered adding the Captcha plugin?
Yes, but I thought then I cannot send data from my Drupal form anymore?
@0711master You would need to manually add the Captcha html (as included by the plugin in the subscribe page) to your Drupal form.
See my comment to a similar question https://github.com/phpList/phplist3/issues/337#issuecomment-393109705
Thank you, I checked the link in your post. Unfortunately the plugin requires adding custom PHP which is only possible in Drupal through adding another plugin. This is not recommended for security reasons. Also why should I add an extra spam protection if the one in Drupal is already sufficient? It is the phpList form that is vulnerable, so for future releases maybe some of these points could be considered:
- Possibility to rename the VerificationCodeX field. I think this is the main reason why spam is possible, because everybody knows how to bypass the protection
- Possibility to rename subscribe form URL
- Possibility to change subscribe form ID
What are you referring to here by “the plugin”? Do you mean a Drupal plugin, not the phplist CAPTCHA plugin? The CAPTCHA plugin doesn’t require changes to php code.
Sorry, I was referring to Securimage (https://www.phpcaptcha.org/documentation/quickstart-guide/)