Every new plone site as a /contact-info/ url with a generic email form on it.
Spambots can easily find this and use it spam the webmaster with malicious emails (specifically note that the 'subject' can be set in the email).
This old thread http://plone.293351.n2.nabble.com/modify-or-disable-site-contact-form-td7258555.html suggests that you can simply update the template so it is an empty page. However, this is not enough to prevent spam.
wget http://localhost:8080/contact-info --post-data "sender_fullname=d&[email protected]&subject=d&message=d&form.submitted=1"
Will still send email on the form handler.
How do you completely disable this form handler?
edit: I see you can modify the form handler script at:
/portal_skins/plone_form_scripts/send_feedback_site/manage_main
/portal_skins/custom/contact-info
To generate a custom handler script and replace the default actions. However, this doesn't really remove the page, it just makes it do nothing.
What you must customize is not the template but the end point the send_feedback_site
script.
Replace the whole script code with:
from zExceptions import NotFound
raise NotFound()
Or probably Unauthorized
is better.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With