WhatsApp Multi Agent spam breach detected
- Posted by semmerket (3) Offline
Hi,
I have created a Joomla site to one of my clients, that uses the WhatsApp Multi Agent plugin. Everything was fine until last January, 24th, when they started to receive several spams from the site. I´ve searched every plugin and module from the site to find out where the breach was. Then I found out that the spam was coming from the offline form from WhatsApp Multi Agent module.
I was using the version 1.6 that was happening to not show the form on the Joomla 5. So, I bought a new license to update the module. The form now shows correctly, but the spam persists.
I have Recaptcha v3 enabled in the plugin, but it seems to bypass it. When the form wasn´t showing because of the version 1.6 issue, the spammer was sending like hell! Because of this I wonder if there is some breach in the module´s code that allows a external spammer to send unauthorized emails.
Can you take I look on this, cause it is a serious flaw in the module?
Let me know if you need more details.
Kudos!
3 days 11 hours ago #1
by semmerket
I have created a Joomla site to one of my clients, that uses the WhatsApp Multi Agent plugin. Everything was fine until last January, 24th, when they started to receive several spams from the site. I´ve searched every plugin and module from the site to find out where the breach was. Then I found out that the spam was coming from the offline form from WhatsApp Multi Agent module.
I was using the version 1.6 that was happening to not show the form on the Joomla 5. So, I bought a new license to update the module. The form now shows correctly, but the spam persists.
I have Recaptcha v3 enabled in the plugin, but it seems to bypass it. When the form wasn´t showing because of the version 1.6 issue, the spammer was sending like hell! Because of this I wonder if there is some breach in the module´s code that allows a external spammer to send unauthorized emails.
Can you take I look on this, cause it is a serious flaw in the module?
Let me know if you need more details.
Kudos!
Please Log in or Create an account to join the conversation.
- Posted by TemplatePlazza (5287) Offline
Strange, the form already uses the standard secure Joomla mailer method. The form also has validation and utilizes reCAPTCHA 3, which is more difficult for bots to bypass. Additionally, the form uses cookies to limit email submissions to one message every five minutes.
Could you try increasing the threshold score of reCAPTCHA 3 and see if you still receive spam emails?
Also, could you please send a screenshot of the sample spam email header sent by the spammer? If possible, please send it to This email address is being protected from spambots. You need JavaScript enabled to view it.
3 days 9 hours ago #2
by TemplatePlazza
Could you try increasing the threshold score of reCAPTCHA 3 and see if you still receive spam emails?
Also, could you please send a screenshot of the sample spam email header sent by the spammer? If possible, please send it to This email address is being protected from spambots. You need JavaScript enabled to view it.
Please Log in or Create an account to join the conversation.