I've had several attacks on my sites. It's more than annoying when you get 30 or more emails from your contact us page in a matter of hours. The spammers are using an automated system to send spam to multiple sites using the XOOPS contact us form. Since they're based on the same form with the same field names they can essentially fill out one form and send it to all the XOOPS sites they have on file.

I have a workaround for those using XOOPS 2.0.x:

In This file contact/contactform.php:

Change this line
$submit_button = new XoopsFormButton("", "submit", _CT_SUBMIT, "submit");

to this:
$submit_button = new XoopsFormButton("", "sitesubmit", _CT_SUBMIT, "submit");

(note: the new variable name - "sitesubmit" can be called anything you want and I suggest you create your own version of the name.)

Then on /contact/index.php

Replace this line:
if ( empty($HTTP_POST_VARS['submit']) ) {

with this line:
if ( empty($HTTP_POST_VARS['sitesubmit']) ) {

Remember. whatever you name the field must be the same in both places.

this will force the user to use the form on your site.

I hope this helps a few of you out there.

-Grazor

Great tip. Many thx. Should go into a 'How to combat spammers and hackers' section in the FAQ, IMHO.