Support » Plugin: Contact Form 7 » Help! Got bombarded with spam!

  • I’m running competition on my site. Submission through CF7, there were no CPACHA or QUIZZ because owner did not want it. Comments are disabled on that page. For whole year it was OK. Yesterday I started to get submissions 5/min, they all look the same.

    What I already did:
    1. Checked site statistic – I don’t see a lot of traffic
    2. Add Quizz – didn’t help
    3. Put IP’s into black list – didn’t help (some of submissions still come from black listed IP’s)
    4. Contacted hosting support, they switched on whatever antispam they had. Still didn’t help.

    At some point I was thinking that somehow e.-mail was ripped off and those submissions are send not through the CP7 page. But when I add line to the form so I could see IP in the mail body, new submissions started to coming in new format.

    That’s all the data I have. Please help. How should I fight it? It should be possible to block those IP’s but I don’t know how to do it other way than I already did.

    http://wordpress.org/extend/plugins/contact-form-7/

Viewing 11 replies - 1 through 11 (of 11 total)
  • Thread Starter 3NT

    (@3nt)

    Yes and I’m changing QUIZ to CAPCHA

    Plugin Author Takayuki Miyoshi

    (@takayukister)

    Where can I check the site?

    Thread Starter 3NT

    (@3nt)

    Site (page that was abused, we have CP7 on other page – it was OK): http://www.mums-dads.co.uk/competitions/shopping-in-style-for-christmas-2012/

    Problem was fixed before I put CAPTCHA. I don’t really know what worked (the other person was on the phone with hoster support and she is less technically informed as me). I know they did several things. Guy said that simple math – right now robots could do. (Probably I should use words instead of numbers, or they could bypass that field, don’t know – didn’t try. With spam coming 3-5 per min I wanted to fix it as fast as possible). Spam stopped after he installed and activated CAPTCHA for comments. But what puzzles me – comments are closed on that page.
    What I want now is to get more understanding what happened, how/why it happened and what should I do to prevent it from happening in future.

    By the way all the IP’s belong to Deutsche Telekom AG (t-com.de). It’s mobile phone provider (I’m with them, with their English branch). Did they have bridge of security?!? (Hope that’s not me – check my comp for viruses – none, and anyway mine goes through t-mobile.com)

    But what puzzles me – comments are closed on that page.

    Many spam bots access the core comment scripts directly. One way of dealing with this is to activate Akismet and install http://wordpress.org/extend/plugins/cookies-for-comments/

    If the spam is coming from a single ip, you might also want to look at http://wordpress.org/extend/plugins/bad-behavior/

    Incidentally, I never use captchas but rely on quizzes only. However, I always use non-mathematical questions such as “What color is a blue dress” or “Is fire hot or cold”. That seems to defeat the spam bots.

    Thread Starter 3NT

    (@3nt)

    Another thing, maybe somebody knows. The problem started after we had several legitimate visits from some forum, not straight away but several hours later. I wanted to check what that forum is. Google webmaster tools doesn’t see it giving backlinks, but analytics shows that I’ve got referral traffic. You have to register and write some message to see what’s on that forum (didn’t write enough yet). Well, and after I’ve got this spam problem. Which made me really suspicious about this forum. Now I’m checking it through whois and getting “no IP, no provider”. How it’s possible?!?

    Thread Starter 3NT

    (@3nt)

    Thanks esmi.

    Spam was coming through contact form (eventually it is sent to e-mail) on the page with closed comment. That is why I was surprised that spam stopped when plugin with capcha for comments was installed. Perhaps it was coincidence and something else worked.

    Incidentally that plugin is called CAPCHA something, but it gives quizs with mixed math-word questions. And after this competitions is closed I’m going to use this kind of quiz on our next competitions.

    I do have Acismet and I don’t have problem with simple comments. Perhaps putting Capcha everywhere now was overkill. And what does cookies-for-comment plugin do?

    As for IP’s – it’s was not a single one, but from the same range (first to sets of numbers are the same). But somehow blacklisting those IPs didn’t help. Don’t know why, on the Documentation to CP7 it is said it should work…

    Incidentally that plugin is called CAPCHA

    Why not use CF7’s quizz option?

    what does cookies-for-comment plugin do?

    It only allows commenting if the user has a small cookie. Since that cookie is dropped on the Post page, it means that people have to visit the Post page to submit a comment. Any bot that tries to access comment scripts directly is blocked.

    Thread Starter 3NT

    (@3nt)

    Why not use CF7’s quizz option?

    I did use it (see 1s msg), but it was 1+2=3 style. Right now i’m not going to experiment (school run in 5 and school holidays in 3 days, and the other person working with the site is already having school holidays – tough days ;)). But I’m really glad to have material to read and reflect and when I have time I’l going to change things to the look I like and maybe even experiment a little.

    Cookies thick looks like the nice thing, I have to think a little bit whether it might cause a problem with my provider. Other one – there are a lot of complains after last upgrade.

    Same thing going on with a site I have, a TON of Spam email, suddenly. I’ve got the Contact Form 7 with really simple CAPTCHA. I updated CF7 to the latest, thinking that might be it, but the contact form spam continues. All really similar, but haven’t checked the IP addresses yet. Host is godaddy. I checked to see if there were visits from weird websites, and nothing.

    Should I change the captcha plugin, or any other ideas?

    Thread Starter 3NT

    (@3nt)

    The problem is back again. Got bombarded by the same IP-range spammers. Whatever comes through the form looks the same. So it is probably the same guys with the same script. The page they bombard is: http://www.mums-dads.co.uk/competitions/race-off-to-bed-in-tooned-pyjamas/ . If I change the position of CAPCHA/e-mail… the spam still go through. It looks like it ignores whatever is on the page. Another thing, i don’t know if it helps, from google analytic it look like there is an entry to the page and a lot of reloads.

    Any ideas how to protect contact form? I’ve got 3 more days for this competition and 2 more waiting to be published. I have to fix it fast!!!

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Help! Got bombarded with spam!’ is closed to new replies.