WordPress.org

Forums

Spam contact forms being sent by wordpress admin email (5 posts)

  1. nickflourish
    Member
    Posted 1 year ago #

    We use gravity forms on a number of our client sites and periodically they are getting spam emails. The difference with these emails is they appear to be sent from the wordpress admin email address. Our clients sites receive a spam email and it looks like it's coming from our company which is the administrator email. Does anyone have a solution for this or even know why it's happening? Please help!

  2. bcworkz
    Member
    Posted 1 year ago #

    First be sure the messages are not actually coming from your server. Obtain a sample copy and examine the header. Check the lowest few Received: from... fields. If your mail server is mentioned (compare with an actual system email if you're not sure what it is) then your site may have been hacked and you need to may need to get the malicious code cleaned out. Or possibly someone else on the same mail server is a spammer.

    Far more likely is the return address has been simply spoofed. Any half witted devious sort can do this easily. The Received: from... fields are proof you have nothing to do with the messages despite how it appears. There's little you can do about spoofed return addresses other than educate anyone who complains about the situation. Many 'net savvy users realize how easy spoofing addresses is and think little of it, but many are not so savvy.

    Do ensure this is just a random spammer randomly deciding to spoof your address and not some targeted "Joe Job" from a known competitor.

  3. nickflourish
    Member
    Posted 1 year ago #

    Thanks for the reply,

    Our clients all have sites on different servers and their email addresses are not the ones in the "From" field so I don't think it's being spoofed based on the dns records.

    We, as the developers have our support email as the wordpress admin email in the general settings and we get these spam emails from a few different sites.

    We have an email bcc'd on client contact forms so that we can track their leads as they come in.

    The spam emails seem to use the wordpress admin email (our support email address) as the "From" address so to our clients it looks like we sent them a contact request.

    Bottom line, it seems like whoever is spamming is somehow finding out what the wordpress general settings email is and using that for the "From" address when sending out spam.

    It's really odd but has happened on more then one site. Not sure if this makes much sense or not but it's something that is slowly becoming problematic.

    Nick

  4. DJDoubleXL189
    Member
    Posted 1 year ago #

    Have you done a sucuri scan? What's your URL?

  5. nickflourish
    Member
    Posted 1 year ago #

    Yeah, we all these sites are on zippykid which installs sucuri by default.

    Here's one of them:

    http://goo.gl/zucr5

    Nick

Topic Closed

This topic has been closed to new replies.

About this Topic