Forminator hacked by [email protected]

  • Resolved AndrogenicAlopecia

    (@androgenicalopecia)


    1 month, 2 weeks ago

    Someone hacked into my Forminator and is sending 5,000 submission per day since yesterday.

    The emails come from [email protected] and if you google that email followed by words such as “spam” or “Forminator”, you will see a few other people have had this issue this year.

    The problem is that even after I disabled my form, removed the form links, and even deleted the Forminator plugin, the e-mails keep on coming.

    How can I stop this?!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Saurabh – WPMU DEV Support

    (@wpmudev-support7)

    Hello @androgenicalopecia

    Hope you’re doing well today! I am sorry to hear about the issue and that you had to delete the Forminator plugin.

    I was able to check some reports but from what I see it is not limited to only Forminator but rather a common issue wherever there are forms or login/registration fields on a website. It is a wide problem and some bad elements somehow find ways to bypass the security measures and cause spam – Unfortunately, there is no “absolute bulletproof” solution for this, but there are still some ways it can be avoided as much as possible.

    Forminator comes with an in-built HoneyPot Protection which can be enabled to stop spam submissions on the form. Apart from that, you also can add ReCaptcha, and hCaptcha or integrate other anti-spam services like CleanTalk, Akismet or FriendlyCaptcha with Forminator.

    Having such measures will help tackle the spam submissions issue on your site, which has Forminator forms.

    Below are the guides that will help you know more about each of the integrations I suggested above.

    HoneyPot Protection: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#enable-honeypot-protection
    Captcha: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#captcha
    CleanTalk: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#cleantalk-anti-spam
    Akismet: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#enable-akismet-spam-protection
    Friendly Captcha: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#friendly-captcha

    Further, about

    The problem is that even after I disabled my form, removed the form links, and even deleted the Forminator plugin, the e-mails keep on coming.

    Ideally, submissions can’t happen on a form which is not published on the site and when the plugin is completely removed. Still, in case you are receiving such submission emails, it is possible that those could be arriving from the staging/dev environment of the site where the Forminator plugin is still active. Could you please confirm?

    As I mentioned above, it is also possible not only forms but other input fields like comments, and login/register fields could have some spam submissions as well, can you please confirm if you have any such fields on the site? Additionally, you can also make a quick test by enabling the Forminator plugin and changing the email body content to something different to identify if the emails are being triggered from Forminator Submissions.

    Please let us know how it goes.

    Kind Regards,
    Saurabh

    Thread Starter AndrogenicAlopecia

    (@androgenicalopecia)

    Around 20 minutes after I removed the plugin, the spam e-mails finally stopped!

    Thanks for your very detailed response.

    I had the free version of the plugin, but may check out the paid version in case that has the further protections.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.