On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Hi everybody,

    I have a simple Formit form [[+name]], [[+email]], [[+text]]. It works fine when I try to use it on a website.
    However I (form recipient email) receive mysterious messages that come FROM an admin email address (admin email address for this MODX installation!). These messages formatted like my quick email chunk, have a correct subject line (as specified in Formit code) but there's no user data, just Formit placeholders as in a code chunk. The messages look like this:
    Inquiry from: [[+name]] ([[+email]])
    Message:
    [[+text]]


    Formit code is here:
    [[!FormIt?
       &hooks=`spam,email,redirect`
       &emailTpl=`message-tpl`
       &emailTo=`recipient@gmail.com`
       &emailSubject=`A mail from my site`
       &redirectTo=`1`
    ]]


    So the questions - where are these coming from and why? Is it a security risk, spam related, do I loose my mail?
    Please help smiley !
      it is all about jazz
    • I think this could be the ghost of QuickEmail, though it's weird that it would use the FormIt subject and tags. On one site, I got messages from QuickEmail even after disabling it. It eventually stopped and I never did figure out why I was getting them.

      Lots of email extras will use the emailsender System Setting if they get a blank "email from" address.

      OTOH, I guess it could be someone trying to hack your FormIt email form, though I don't think that's likely.

        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • Thank you for quick reply, BobRay,

        These emails come periodically 2-3 a day since website launch a week ago. There were only couple proper emails (from real users). Also, this is not my first MODX website; I've done dozens. I often re-use the same form code (most sites are similar in structure/purpose). There's no such a problem on other sites.

        Here is the form page http://markusrutzmusic.com/contact-and-booking.html

        This is my main concern:
        Quote from: BobRay at Dec 01, 2017, 02:19 AM
        OTOH, I guess it could be someone trying to hack your FormIt email form, though I don't think that's likely.

        I wonder if someone had a similar experience and what can be done to enhance security of your Formit form.

        Thanks
          it is all about jazz
        • maybe you can include the

          [[FormIt?...
          ..
          &emailFrom=`address@domain.com`
          &emailFromName=`the Website name`
          ..
          ]]
          


          maybe you can add some validation in the form before it's able to be sent, like:

          [[FormIt?..
          ..
          &validate=`name:required:minLength=^3^,
          email:email:required,
          fakefield:blank`
          ..
          ]]
          
            Addict since 2012....