Spambots abuse Mautic Forms

Sorry, this service has the same level of problems regarding the compliance with GDPR. You only need to look on the privacy statement to find violating terms, e.g. for sharing / selling the collected data.

The other problems regarding US based services (CLOUD act, …) are the same as with Google actually.

This is a really nice “solution” @mrfromgermany. Even though it is not 100% safe.
I put that in place for one of our clients as well and it works great.
I don’t send a push notification via the bash script but i send a webhook to n8n which sends me a telegram message.
I will make a tutorial on Youtube for that to show how it’s done.
Until then here’s the script i wrote for that:

Save this script as bash on your server and make it executeable. I placed this script onto the server within the directory of the mautic user.

nano path/to/script/

Paste this code into it and replace everything to your needs:

dbhost=localhost #replace with IP of DB server if necessary
dbname=mauticdatabasename #Database name
dbuser=mauticdatabaseuser #Database username
dbpass=mauticdatabasepassword #Database password

subscount=$(mysql $dbname -h $dbhost -u $dbuser -p$dbpass -se "select count(*) as number from form_submissions where date_submitted >= DATE_SUB(NOW(),INTERVAL 60 minute)")

if (( $subcount > 200 )); then
    mysql $dbname -h $dbhost -u $dbuser -p$dbpass -se "UPDATE forms SET is_published = 0";
    curl -X POST -H 'Content-type: application/json' --data '{"mauticuser":"Instancename"}'; #write whatever you need into the data part between the curlybrackets

now make it executeable for the mautic user:

chown -R www-data:www-data /var/www/path/to/script
chmod -R 755 /var/www/path/to/script

execute the script with a cronjob:

* * * * * path/to/script/

Hope it helps someone as well. Let’s stay ahead of this problem and make Mautic safer :slight_smile: