Contact Form plugin and SPAM

  • I’ve been using Ryan Duff’s Contact Form plugin for a while now without any problems. It is the only way of getting in touch with me through my website short of posting a comment on one of my posts.

    However, for the past week or so I’ve been bombarded by spam sent through the contact form. Most of the emails have an attachment which, of course, I have no intention of running/loading/downloading..

    Are there are any varitions to the contact form plugin that will add some level of user-checking, captchas or anything of the sort??

    Regards

Viewing 15 replies - 16 through 30 (of 45 total)

  • Changed the function name from getip() to wpcf_getip(). I like simple fixes.

    Thread Starter Cypher

    (@cypher)

    Just re-installed now, let’s hope for no more spam! ??

    Regards

    I just blocked the IP address through .htaccess. Here are the IPs that are abusing my site:
    167.193.194.101, 192.168.72.2, 193.172.234.131, 193.196.193.110, 209.149.150.18, 213.84.202.182, 62.59.31.61, 62.93.34.155, 66.166.127.226, 67.110.225.236, 69.93.229.226, 80.82.3.143

    Thank you; your time (and timeliness) are appreciated.

    I have been using PXS MailForm for quite a while now with no spam problems.

    Only irritating is live people who abuse.

    Thanks for the update. I had been starting to get spam as well just recently. ??

    Has this worked for anyone? I’m still getting spam.

    None here.

    fromedome: this update doesn’t stop spam per se—it is a security update that blocks header injection (eg, bcc:, cc:, to:, attachments etc). Ryan is working on a version that stops the more mundane variety of spam and we intend to have it out this week.

    Oh, sorry I missed that. The changelog said you had ‘eliminated spam’, so I wasn’t sure if the error was on my end or not, or what that really meant. Either way, thanks again folks for your work.

    Well, if the bot attempts header injection, it stops right there and doesn’t send the e-mail, doesn’t it? If not, it should.

    Or it just blocking header injection and that’s it? I mean, I don’t know of any human who’s gonna legitly want to inject headers…

    FYI: it seems that the 1.3 update has fixed the mailform spam problem for me ??

    Viper007Bond: that’s correct, try putting ‘bcc:’ in the ‘Your Email’ field. The point is that there may be bots who try to spam just the recipient with a message body–you know, the normal email spam thing.

    Although spamming people one HTTP POST at a time is on the verge of getting pretty desperate, I would say. Maybe the spammer needs to find a real job at that point.

    i’m still getting exactly the same type of spam as before although they now come in sequences of 4 at a time. (before i was getting 10 in a row)
    they look something like this:

    [email protected] wrote:
    [email protected]
    Content-Type: multipart/mixed; boundary=”===============1340882059==”
    MIME-Version: 1.0
    Subject: 94cb0901
    To: [email protected]
    bcc: [email protected]
    From: [email protected]

    This is a multi-part message in MIME format.

    –===============1340882059==
    Content-Type: text/plain; charset=”us-ascii”
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit

    volz
    –===============1340882059==–

    Website: [email protected]
    IP: 193.65.230.17

    any ideas on how i might stop this?

    jpettit: that’s what I’d put in the same realm as other spam since it’s more of an annoyance than a security concern (the To: and BCC: stayed in the message body rather than headers, yeah?–anything after ‘xyz wrote’ is the message body in wpcf).

Viewing 15 replies - 16 through 30 (of 45 total)
  • The topic ‘Contact Form plugin and SPAM’ is closed to new replies.