WordPress.org

Ready to get started?Download WordPress

Forums

Fast Secure Contact Form
Flood of Spam via email via Contact form (45 posts)

  1. dm13
    Member
    Posted 1 year ago #

    There is a sudden flood of spam coming to my email via the contact form, despite using a Captcha on the form. Askimet deems them as 'probably spam' which they are, but they are still being sent to my inbox.. about 30 a day for the last 2 weeks. Not sure how to stop this, or keep them from being emailed to me, without losing the legit contacts. Any help is appreciated. thanks

    http://wordpress.org/extend/plugins/si-contact-form/

  2. TAC28
    Member
    Posted 1 year ago #

    I've just started using this plugin and noticed there's an option to change "What should happen if Akismet determines the message is spam?" to block spam. It's in the Akismet section of the options.

    Not sure if that's what you mean?

  3. valoansdoneright.com
    Member
    Posted 1 year ago #

    I'm having the exact same problem with all 5 of my sites and it just started a couple of weeks ago. Is there a fix for this?

    Thanks,

  4. dm13
    Member
    Posted 1 year ago #

    I have found the box that allows you to ask Akismet to block potential spam emails from hitting your own email inbox, and it was checked off.. i unchecked it, saved, refreshed, re-checked it, saved.. still i am getting about 30 emails a day that Akismet marks as potential spam - in my gmail inbox... from all 4 of my wordpress sites! I have found others with the same issue - but not 'fix' so far... i am going to look at other contact form plugins and test a new one out on one site.. cant deal with the spam anymore. Something is not working obviously, and support for this plugin seems to be spotty :)

  5. a3med
    Member
    Posted 1 year ago #

    This started for me on about last Wednesday...when I went away for the holiday..via my phone must have gotten several spams and hour...
    Tried updating the plugin and changing user pass word for wordpress and for the db but that did not help...Think I may just disable it. Shame its great plugin.

  6. Steve-8361
    Member
    Posted 1 year ago #

    I always thought that a secure mail form meant that the recipient e-mail address is totally hidden from bots/spiders, both friendly and malicious. Are you saying that the malicious bot is emulating the form by filling in required fields, captcha code etc. and then sending the submit command.

  7. a3med
    Member
    Posted 1 year ago #

    Well there must be a reason we are all getting these spam contact emails...It is giving everything that is in form including refering page and ipaddress ect...

    One thing I did was remove the Powered By credit which can be done from the plugins admin.....I'm wondering if we are being hunted by that and not everyone getting it.

  8. dm13
    Member
    Posted 1 year ago #

    the weird thing is that i've had the form on my site for a year or more with no issues... AND i have two forms on the same site. (different forms, for different purposes) I am ONLY getting spammed on one form, NOT the other. I am going to try deleting the form, and creating a new one and see if that works. Would be nice if we could get some support from the form creator.

  9. ricahrd
    Member
    Posted 1 year ago #

    My Captcha difficulty was Medium so I have changed it to High to see if that makes any difference. I am getting about 2 per 24 hours and it started about a week ago. Will update with any difference that makes.

  10. jmaxwell123
    Member
    Posted 1 year ago #

    I have been getting pounded with spam from FS Contact Form too. I've set the captcha difficulty to high and it is continuing to come in. Any solution coming for this annoyance? This started in the last week.

  11. otter57
    Member
    Posted 1 year ago #

    Exactly the same problem as the posters above. It started a few weeks ago and is definitely getting worse. As with everyone else, it's through the FS Contact Form - a plugin that I love, and actually just made a donation to recently ;)

  12. a3med
    Member
    Posted 1 year ago #

    I was able to stop the flooding here's how.

    Put in dummy information for form #1

    Use any of the other forms #'s as it is spamming form 1 code.

  13. otter57
    Member
    Posted 1 year ago #

    Thanks to a3med for the suggestion. I have tried this and it doesn't seem to have stopped all spam. I'll see how it works for a day or two and report back if possible.

  14. kar3n2
    Member
    Posted 1 year ago #

    What do you mean by put in dummy information please?
    My spam has started about two weeks ago and building up from one a day to 4 or 5 now
    They must be auto bots that can read the captcha maybe???

  15. a3med
    Member
    Posted 1 year ago #

    use one of the other form creator sections 2,3,or 4.

    The thing is you cannot leave settings in form 1 completely blank..You have to put in some information IE dummy information, made up information....

  16. kar3n2
    Member
    Posted 1 year ago #

    these are the emails I keep receiving indicating they are most definitely coming through the contact form PLEASE DO NOT CLICK OR ATTEMPT TO VISIT ANY DOMAIN BECAUSE THIS IS SPAM AND THERFORE COULD BE DANGEROUS ( I have broken the link so they do not get a backlink from here)

    To: Webmaster

    From:
    Liasiagreence
    fantcyk.o83yiuil@gmail.com

    Message:
    nyosi abercrombie pas cher atksi polo ralph lauren bckgr
    http: //poloralphxlauren magasinns.webnode.fr/

    Sent from (ip address): 199.15.234.143 (199.15.234.143)
    Date/Time: October 19, 2012 1:47 pm
    Coming from (referer): http://pledgingforchange.com/about/contact
    Using (user agent): Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19
    (KHTML, like Gecko) Chrome/18.0.1025.1634 Safari/535.19 YE

  17. Stingraynut
    Member
    Posted 1 year ago #

    I am getting 4 or 5 spam emails a week - I assume the captcha is a set of images and some spammers have worked them out so the bots can post?

    I will try using form 2, thanks for the idea. Is there anyway to fix this properly?

    It's the best WP contact form

    Rob

  18. kar3n2
    Member
    Posted 1 year ago #

    The spam was coming from each of my forms 1,2,3, so I presume they can get through easily no matter which form they are using. I have taken some rather drastic action and totally blocked Thailand from emailing ... the IP address is always the same, but keeps changing at the end of it ( last 3 numbers).. sorry if there is anyone in Thailand who wishes to contact me genuinely but they will have to find me on twitter or g+ ....

  19. leadology
    Member
    Posted 1 year ago #

    I am having the same problem across one of my sites in particular. ON this site, they are mainly hitting the form on one page but they are doing it all day long. I use captcha and have never had a problem. Now I have gone from medium to high setting on captcha and adding email address a second time. NOthing is working and not even slowing it down. Please help Mike. Thank you:-)

  20. kar3n2
    Member
    Posted 1 year ago #

    i think what we have got to understand is that these are humans that sit all day long spamming. They paste rubbish into the text areas and I am going ot say that even thought thier email address looks false it will be a real email address. IF you have set your contact forms or email with an auto response ie SORRY OUT OF OFFICE TILL MONDAY then they have got your real email address and this can then be sold onto mailing lists.

    I think this is the only reason they do it... they must be able to collect thusands of auto responding email addresses like this and I feel there is little we can do about it

  21. benmoreassynt
    Member
    Posted 1 year ago #

    This isn't human - I'm 99% sure it is automated, and that somehow the Captcha is broken. I've also seen this form being spammed for the last week or so. The emails I am gettkng are very similar to the ones above - ie they're coming from the same people.

    Althoug hAkismet can catch the spam -that's not the point. The spam should not be able to get around the captcha. Any other solutions (eg using Form #2) are temporary hacks, and not fixes.

    So .. Fast Secure Contact Form is NOT secure, and needs an urgent fix.

  22. Stingraynut
    Member
    Posted 1 year ago #

    I agree with benmoreassynt I've seen the same thing On a Joomla installation - the captcha's had been cracked and then I guess progammed into spambots.
    We need a new test if the person is human and it needs to be randon generated so it can't be cracked.
    I moved to Form 2 and so far no spam.

  23. Mike Challis
    Member
    Plugin Author

    Posted 1 year ago #

    I have done some research on this:

    There are a few types of spam you will receive:

    Human spammers - they actually visit your form and fill it out including the CAPTCHA.

    Spambot probes - sometimes contain content that does not make any sense (jibberish). Spam bots will try to target any forms that they discover. They first attempt an email header injection attack to use your web form to send spam emails. After failing that, they simply submit the form with a URL or embedded HTML, hoping someone will be phished or click the link.

    Blackhat SEO spammers - looking for blog comment forms, contact forms, Wikis, etc. By using randomly generated unique "words", they can then do a Google search to find websites where their content has been posted un-moderated. Then they can go back to these websites, identify if the links have been posted without the rel="nofollow" attribute (which would prevent them contributing to Google's algorithm), and if not they can post whatever spam links they like on those websites, in an effort to boost Google rankings for certain sites. Or worse, use it to post whatever content they want onto those websites, even embedded malware.

    Human captcha solvers - The thing is that it's easy and cheap for someone to hire a person to enter this spam. Usually it can be done for about $5 for 1,000 or so form submissions. The spammer gives their 'employee' a list of sites and what to paste in and they go at it. not all of your spam (and other trash) will be computer generated - using CAPTCHA proxy or farm the bad guys can have real people spamming you. A CAPTCHA farm has many cheap laborers (India, far east, etc) solving them. CAPTCHA proxy is when they use a bot to fetch and serve your image to users of other sites, e.g. porn, games, etc. After the CAPTCHA is solved, they use a bot to post your form.

    How to stop it?

    Change the URL of your form: - This should immediately eliminate all spam sent directly to your form by spammers who have the URL of your webmail script in their databases. This could only be temporary if they come back to find it again, or maybe they wont.

    Filter Spam With Akismet – The Akismet plugin comes pre-installed with WordPress now. First you will need to make sure that Akismet is activated using your WordPress.com API key. Once activated, Akismet helps to filter spam comments but it can also be used with Fast Secure Contact Form to label as "Spam" or block contact form submissions. There is a setting for this on the form edit page, and you can select to block or keep the messages.

    Install Bad Behavior Plugin – The bad behavior plugin prevents spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place.

    Built in form defenses - such as hidden honeypot fields. if the spam bot fills it in, it IS SPAM, let them to the thanks page but do not send the email. There are some related options including session tokens fields, time delay, and randomization of methods. I might experiment with this in a future version.

  24. leadology
    Member
    Posted 1 year ago #

    I started using Antispam bee some time ago to help with the obvious problems. It does a good job for me. Most of my email problems are coming from a few countries...you know the usual ones. So, there is a setting to block countries based on their country code. I don't get any business from the countries I referred to earlier so I have blocked them and that seems to be working well at the moment. Now obviously, if they were originating domestically, that solution would not work for me. Thanks.

  25. universaltruth
    Member
    Posted 1 year ago #

    This is driving me nuts. I have Akismet installed and active. It tells me that “Akismet is enabled and the key is valid. This form will be checked with Akismet to help prevent spam”.

    I have set Fast Secure Contact Form Options to “block spam messages” for Akismet.

    I still get about 20 spam messages a day. Akismet is not blocking anything even though it is active. Changing the settings doesn’t seem to make any difference.

    I’ve noticed the spam messages tend to just be gibberish but not allways. Im going to try changing some other settings and let you know if i can stop this.

    I liked using Fast Secure Contact Form but thinking of changing to a different plugin.

  26. n03lm
    Member
    Posted 1 year ago #

    Just found that the word list for the captcha module used with this is fully available for public download.

    http://mysite.domain/wp-content/plugins/si-contact-form/captcha/words/words.txt

    is open to anyone to download - needs quick permissions change to prevent this, but since the wordlist is out there may need a new word list !

    Can any one comment on if this is likely to increase vulnerability of this contact for to mass attack?

  27. Mike Challis
    Member
    Plugin Author

    Posted 1 year ago #

    This CAPTCHA is not even using the word list, it only uses random characters.

    Most people are not having any problem with this form and spam, but a few have become targeted for spam, so here is the best solution right now:

    Install the "Bad Behavior" plugin with the http:BA key. – The bad behavior plugin prevents spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place.

  28. Stingraynut
    Member
    Posted 1 year ago #

    Thanks Mike, if it uses random characters then surely it must be spamming by a human?
    I changed to using Form two and have had zero problems. I have the contact form on several websites and it was only 1 or 2 that were targeted.
    If the problem comes back I'll give the bad behaviour plugin a go

    Rob

  29. leadology
    Member
    Posted 1 year ago #

    This is continuing to drive me crazy. I have over 6000 posts with this form on it and just can't seem to solve the problem. I liked Mike's answer about the "bad behavior" solution but then I read this problem people are having with it, "http://wordpress.org/support/topic/plugin-bad-behavior-blocking-google-bot "

    I am not sure where to turn now....

    PS: would you believe I got 2 more while typing this?

  30. lukad
    Member
    Posted 1 year ago #

    I've used FS contact form for over two years now and was quite impressed by it. But like most of you, couple of months ago I've started receiving floods of spam messages and till now found no solution to prevent it.

    I've tried almost all the spam prevention recommendations but nothing seems to work.

    The form is becoming useless and I am thinking I'll have to switch to my own custom made if no solution exists.

    any of you guys solved the problem?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic