Ticket #518 (new defect)

Opened 1 year ago

Last modified 1 year ago

Spammers have mastered the form (v. 1.4.3)

Reported by: sgrayban Assigned to: ryanduff
Priority: high Component: wp-contact-form
Severity: critical Keywords:
Cc:

Description

Spammers have now mastered the form now and can bypass visiting the site totally. I just got slammed with 43 spam contact form posts and had to disable the form all together until I can figure out away to stop them.

All they do now is use the POST command with all the information in the string. They also return - for the referrer but that can be faked anyways.

Maybe its time to introduce some JS and/or the AuthImage function into the plugin.

Change History

01/15/07 14:05:04 changed by moondoggie

  • priority changed from normal to high.
  • summary changed from Spammers have mastered the form to Spammers have mastered the form (v. 1.4.3).

I saw a couple of trickles yesterday and the day before (1/13/07 and 1/14/07) and last night the dam started to break. With me, it seems that so far only one spammer has found the form on my site, as they all seem to be from the same IP (82.103.132.52) with the same fake info and message. I don't know how much longer I'll be under the radar, though.

If it helps out any, I upgraded to WP 2.06 on 1/02/07 and hadn't been seening much in the form of contact form spam before that. Currently, my site's running WP 2.06 and 1.4.3 of the contact form plugin. If there's any info, testing or tracking I can do to help out, just let me know.

01/15/07 14:19:27 changed by moondoggie

Oh, and I forgot to add, if it helps to see if I just set something up wrong or an old pre-1.43 setting is still kicking in, I have two pages with the plug-in: http://www.cancerismybitch.com/contact-me/ and http://www.cancerismybitch.com/i-wanna-join-the-hodgkins-army/