Ticket #372 (new defect)

Opened 2 years ago

Last modified 2 years ago

Getting Spam throug wp-contactform

Reported by: berry24 Assigned to: ryanduff
Priority: high Component: wp-contact-form
Severity: major Keywords: spam
Cc: sgrayban

Description

Hi! I'm using WP contact form 1.3 on Wordpress 2.0. Yeah, I know there's a 1.4 version already, but the changelog doesn't mention anything about spam, only in 1.3, and that's the one I have. Anywho, recently I've been getting a lot of spam. Like 10 e-mails in half an hour or something, and since the e-mails are being sent to 10 persons simultaneously, I had to deactivate the plugin. Can this be resolved? An example of a spam mail:

are7478@ans-online.nl wrote: are7478@ans-online.nl

Website: was Content-Type: multipart/mixed; boundary=429f228d6f3abbc77284a8871b3397d5 MIME-Version: 1.0 Subject: passed their examen philosophicum bcc: charieses329@aol.com

This is a multi-part message in MIME format.

--429f228d6f3abbc77284a8871b3397d5 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

remained in the saloon. es, here you shall see a city and a fair, r. hostrup said the ammerjunker, and slapped tto on the shoulder. dense was at one time my --429f228d6f3abbc77284a8871b3397d5--

. IP: 200.49.176.131

full headers:

Received: from store-20.mail.nl.demon.net by mailstore for berry@stronks.demon.nl id 1F9Q2y-000Ll6-2e-000Ll8; Wed, 15 Feb 2006 17:02:32 +0000 Received: from [194.159.73.164] (port=4964 helo=incoming-24.mail.nl.demon.net) by store-20.mail.nl.demon.net with esmtp (Exim 4.43) id 1F9Q2y-000Ll6-2e for berry@stronks.demon.nl; Wed, 15 Feb 2006 17:02:32 +0000 Received: from server20.firstfind.nl ([85.158.203.16]:44464) by incoming-24.mail.nl.demon.net with esmtp (Exim 4.50) id 1F9Q2y-000Gie-NK for berry@stronks.demon.nl; Wed, 15 Feb 2006 17:02:32 +0000 Received: from server20.firstfind.nl (localhost [127.0.0.1]) by server20.firstfind.nl (8.12.3/8.12.3/Debian-7.9) with ESMTP id k1FH28ir028976 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 15 Feb 2006 18:02:08 +0100 Received: (from www-data@localhost) by server20.firstfind.nl (8.12.3/8.12.3/Debian-7.9) id k1FH26gp028970; Wed, 15 Feb 2006 18:02:06 +0100 Message-Id: <200602151702.k1FH26gp028970@server20.firstfind.nl> X-Authentication-Warning: server20.firstfind.nl: www-data set sender to berry@stronks.demon.nl using -f Content-Type: text/plain; UTF-8

Change History

02/15/06 17:48:18 changed by berry24

  • keywords set to spam.

02/21/06 07:51:36 changed by Teresa_Lo

I am getting the same thing. Three emails each night, and one of them has a bcc email address. I googled it and found some discussion here at http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay

Unfortunately I do not know the first thing about code, so my hands are tied.

Here is the email with full headers:

X-Persona: <SplendidInvestor?.com> Return-path: <splendid@neysa.multisite.site5.com> Envelope-to: blahblah@splendidinvestor.com Delivery-date: Tue, 21 Feb 2006 02:30:34 -0500 Received: from splendid by neysa.multisite.site5.com with local (Exim 4.52)

id 1FBRyj-0000N9-6F for blahblah@splendidinvestor.com; Tue, 21 Feb 2006 02:30:33 -0500

To: blahblah@splendidinvestor.com Subject: Question from SplendidInvestor?.com MIME-Version: 1.0 From: of6499@splendidinvestor.com <of6499@splendidinvestor.com> Content-Type: text/plain; charset="UTF-8" Message-Id: <E1FBRyj-0000N9-6F@neysa.multisite.site5.com> Date: Tue, 21 Feb 2006 02:30:33 -0500

of6499@splendidinvestor.com wrote: clipped Content-Type: multipart/alternative; boundary=caa21b17ce7412fa3d61141a01d0a1e7 MIME-Version: 1.0 Subject: no letter from erman einrich, and heard nothing from bcc: charleses3299@aol.com

This is a multi-part message in MIME format.

--caa21b17ce7412fa3d61141a01d0a1e7 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit

to r. lentworth, that the natural and invariable tendency of humanity is progress and improvement but generally speaking, it is reserved for legislation alone, to remove such impediments as may oppose the bias. n every state, where the civilization of the --caa21b17ce7412fa3d61141a01d0a1e7--

.

IP: 218.66.159.149

03/01/06 01:01:56 changed by sgrayban

I'm also getting alot of spam. I asked for captcha support in one ticket already.

http://dev.wp-plugins.org/ticket/332

There must be a simple way to stop this. Even using javascript will work.

03/01/06 01:06:47 changed by sgrayban

  • cc set to sgrayban.

03/05/06 13:27:12 changed by sgrayban

I don't think the developer gives a shit. I emailed him twice and tried contacting him through his contact form as well and got no reply at all.

So since he is ignoring everyone I have taken on the task to fix this. When I have finished it I will post my fixes here and on my blog.

http://blog.borgnet.us

07/27/06 18:30:16 changed by nuclearmoose

@sgrayban The dev of this plugin isn't required to "give a shit" if he doesn't want to. He provided a tool for free and is certainly under no obligation to support it. He also has a life of his own, so don't be so damn quick to condemn him just because you aren't satisfied with his apparent inaction.

That said, I too am having a spam issue right now from the contact form. I'm not a fan of Captchas, so I don't support that enhancement request.