Support » Plugin: Contact Form 7 » massive strange emails from widget

  • Resolved hansbeen

    (@hansbeen)


    I am getting 10 emails within a few hours (normaly 2 a week) with names like 58eb4e1ad5c92. Any thoughts on this?

Viewing 6 replies - 1 through 6 (of 6 total)
  • getting same issue today on multiple sites.

    Hi, yes, I’m getting the same thing. One message every hour or so around the clock. The sender includes a real email address, so according to the plugin my message (thanks for contacting me I’ll get back to you) is going out to these real e-mail addresses. I can only think that there is either a hidden payload going out to those addresses that I can’t see or that this is some kind of hack. The subject and message from the form field are empty despite my specifying min and max lengths in Contact Form 7. Recaptcha is installed and apparently not working either. This appears to be a vulnerability in the Plugin’s code so I’m disabling until the developer responds.

    Thread Starter hansbeen

    (@hansbeen)

    I put up a capthcha, that seems to help
    https://contactform7.com/recaptcha/

    Unless mine suddenly stopped working, then it’s not helping me. I had Recaptcha installed from the start. Whatever is doing this is circumventing both the captcha and my subject and message size limits (the subject and message are both empty, “” even though I’ve set minimum and maximum sizes)

    Same here, on multiple sites.
    Trying some honeypot plugin to catch the spammers.

    The recaptcha integration stops my Lambda Oxygenna theme to respond for the send button. Literally does nothing, also the captcha doesn’t showing up.

    @aszabo86 did the honeypot stop this? I have a feeling it won’t, because whatever is causing this is hacking the contact form 7 code. Switching over to Postman and SMTP did nothing to stop this, so this is not someone exploiting a vulnerability in PHP Mail. Also, since the max and min field length is violated and the form still sends, I don’t see why a honeypot would stop this. Someone is sending mail through Contact Form 7 on our site without using our forms.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘massive strange emails from widget’ is closed to new replies.