Spam from the default Joomla form

Spam from the default Joomla form

In recent days there has been a trend in spamming which uses the default form in Joomla! and spam is sent using it. Most of the users only hide this default form, however, hiding it is not enough because it can be easily viewed (and spammers know that) at the link: After entering this link in the browser, the following form appears (it is worth noting that often there is no reCapcha security!):

As a result of sending spam to randomly generated e-mails (often non-existent), users receive mail delivery failure notices (often from addresses: Mailer-Daemon @) about an attempt to deliver a message that has not arrived at the sender’s address because such e-mail does not exist. Interestingly, these verses do not go to the e-mail address given in the form but for the one that was given in the Joomla configuration. In the latest version of Joomla, after hiding the form, it does not appear under the link above, but it is not synonymous with the fact that you cannot access it in another way. There is a possibility of disabling this form. In the Joomla admin panel:
1. Go to Components → Contacts → Categories

2. Find the categories with the form and then go to “Published items”

3. Then click on the green checkmark. This page will not be published then, which will not be visible. The following link will give 404 error.

4. An alternative to this solution is the change of Access. To do this, click on “Title” and on the right side, change Access to “Special” and accept the changes. After this change, the following link will appear under the link: “Error You do not have permission to view this part of the site”.

This is an inconvenience for users of the Joomla system, which has increased in recent days. It is always worth remembering to ensure proper configuration and security of your system. In the analysis of the problem with spamming, we would like to thank Michał Trzepizur (,


Leave a Reply