diff --git a/pkg/controller/index/contact.go b/pkg/controller/index/contact.go index 450e099..fcb4088 100644 --- a/pkg/controller/index/contact.go +++ b/pkg/controller/index/contact.go @@ -88,6 +88,14 @@ func Contact() http.HandlerFunc { replyTo = currentUser.Email } + // We were getting too much spam logged-out: prevent logged-out bots from still posting. + if currentUser == nil { + log.Error("Blocked POST /contact because user is logged-out") + session.FlashError(w, r, "Our contact form is only for logged-in users, sorry!") + templates.Redirect(w, "/contact") + return + } + // Rate limit submissions, especially for logged-out users. if currentUser == nil { limiter := &ratelimit.Limiter{ diff --git a/web/templates/contact.html b/web/templates/contact.html index fabfd75..1a71f47 100644 --- a/web/templates/contact.html +++ b/web/templates/contact.html @@ -24,6 +24,29 @@
+ + {{if not .LoggedIn}} +

+ The open "contact us" form is now disabled for logged-out users - + we were getting way too much unsolicited spam from drive-by robots + that abuse any such open contact form they can find. +

+ +

+ If you have a {{PrettyTitle}} account, please log in + to it and then you can send a nice message to the website administrators + here on this page -- to give us feedback, ideas, criticism, or to report + a problem with the website or one of its members. +

+ +

+ For all outside inquiries, you can contact the website administrators + via e-mail. For general questions, send to support "at" + nonshy.com and for more serious stuff we also have a + standard abuse@ inbox on this domain. +

+ {{else}} +
{{InputCSRF}} @@ -116,6 +139,8 @@
+ {{end}} +