Hi all,
I have been using chronoforms for a long time just for simple contact pages. The usual, name, email, subject, message and send button.
I recently updated an old site to joomla 1.7 and created a new site with 1.7 using the latest chronoforms version.
I have the usual javascript verification enabled, required fields for email with the right verification checked etc. Captcha is enabled also.
It appears that someone has been sending spam through my forms as I started to receive lots of emails saying that emails from [email]isegfrwhgbs@mydomain.com[/email] could not be delivered. Is it possible that someone is modifying the headers through the message? I don't know how (or what) should be placed in the php verification fields.
Also, even though all fields are required, I have received a few from a couple of sites which just look like the email template, eg
name: {name}
email: {email}
subject: {subject}
message: {message}
How can these be sent when the fields are required?
Any help would be much appreciated, I don't want to see this happening on all my sites. I currently have a few forms turned off because of this.
I have been using chronoforms for a long time just for simple contact pages. The usual, name, email, subject, message and send button.
I recently updated an old site to joomla 1.7 and created a new site with 1.7 using the latest chronoforms version.
I have the usual javascript verification enabled, required fields for email with the right verification checked etc. Captcha is enabled also.
It appears that someone has been sending spam through my forms as I started to receive lots of emails saying that emails from [email]isegfrwhgbs@mydomain.com[/email] could not be delivered. Is it possible that someone is modifying the headers through the message? I don't know how (or what) should be placed in the php verification fields.
Also, even though all fields are required, I have received a few from a couple of sites which just look like the email template, eg
name: {name}
email: {email}
subject: {subject}
message: {message}
How can these be sent when the fields are required?
Any help would be much appreciated, I don't want to see this happening on all my sites. I currently have a few forms turned off because of this.
Hi robwent,
Are you sure that they are spamming through your forms?? It's much more likely that some spammer has acquired your email address and is putting it into the From address of their spam.
Your ISP should be able to tell you if thre has been unusually heavy email traffic from your site.
Bob
Are you sure that they are spamming through your forms?? It's much more likely that some spammer has acquired your email address and is putting it into the From address of their spam.
Your ISP should be able to tell you if thre has been unusually heavy email traffic from your site.
Bob
Hi Bob,
I'm sure it's not my email address, it's an email address from my domain which doesn't exist.
To spell it all out. I set up a new blog a couple of weeks ago called blogyii.com and setup google apps for the email with only my name as a single email address at the domain. I published a couple of posts and that was it. A week later I started to receive lots of messages saying my emails had failed to lots of Russian addresses. The failure message was to a random address at my domain which was caught by a catch-all to the main email, something like [email]csgrfceg@blogyii.com[/email]
I turned another one off today from search-friendly-web-design.com
Here is an example of one of the mails I received:
Hi. This is the qmail-send program at mail903.opentransfer.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<alexanderdanu@mail.ru>:
94.100.176.20 failed after I sent the message.
Remote host said: 550 Message was not accepted -- invalid mailbox. Local mailbox [email]alexanderdanu@mail.ru[/email] is unavailable: user not found
--- Enclosed are the original headers of the message.
--Forwarded Message Attachment--
From: [email]starringinyourownlife@blogyii.com[/email]
To: [email]alexanderdanu@mail.ru[/email]
Subject: chto s toboy !!! ty esche ne s nami!!! SSeks >ZNN@komsTva
Date: Thu, 6 Oct 2011 13:10:30 -0700
(Body supressed)
There have been others from different addresses at the domain. I will buy you a few beers for sure if you know whats going on! I'm about to move my company's site to 1.7 and really don't want this happening.
Thanks again,
Rob
I'm sure it's not my email address, it's an email address from my domain which doesn't exist.
To spell it all out. I set up a new blog a couple of weeks ago called blogyii.com and setup google apps for the email with only my name as a single email address at the domain. I published a couple of posts and that was it. A week later I started to receive lots of messages saying my emails had failed to lots of Russian addresses. The failure message was to a random address at my domain which was caught by a catch-all to the main email, something like [email]csgrfceg@blogyii.com[/email]
I turned another one off today from search-friendly-web-design.com
Here is an example of one of the mails I received:
Hi. This is the qmail-send program at mail903.opentransfer.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<alexanderdanu@mail.ru>:
94.100.176.20 failed after I sent the message.
Remote host said: 550 Message was not accepted -- invalid mailbox. Local mailbox [email]alexanderdanu@mail.ru[/email] is unavailable: user not found
--- Enclosed are the original headers of the message.
--Forwarded Message Attachment--
From: [email]starringinyourownlife@blogyii.com[/email]
To: [email]alexanderdanu@mail.ru[/email]
Subject: chto s toboy !!! ty esche ne s nami!!! SSeks >ZNN@komsTva
Date: Thu, 6 Oct 2011 13:10:30 -0700
(Body supressed)
There have been others from different addresses at the domain. I will buy you a few beers for sure if you know whats going on! I'm about to move my company's site to 1.7 and really don't want this happening.
Thanks again,
Rob
Hi robwent,
Maybe I'm missing something important but I still don't see any connection to ChronoForms? Some spammer has found your domain name and is attaching random prefixes to it in their spam. This is a real pain in the neck when it happens (my record was around 30,000 'unable to deliver' emails in a couple of days), fortunately after a while they use some other domain.
Bob
Maybe I'm missing something important but I still don't see any connection to ChronoForms? Some spammer has found your domain name and is attaching random prefixes to it in their spam. This is a real pain in the neck when it happens (my record was around 30,000 'unable to deliver' emails in a couple of days), fortunately after a while they use some other domain.
Bob
Ah, I stupidly thought that mail from @mydomain.com could only be sent from my domain but thinking about it you can put anything into the joomla admin email and it will send as if it was from that address. I was just reading a book on php and got to the security chapter about people being able to send spam through unprotected forms. Paranoia!
Some beers are on the way.
Some beers are on the way.
Hi robwent,
Many webhosts these days cross-check the from domain of an email with the site domain and mark it as spam "possible relay" if they don't match. Mismatched domaisn are the most frequent cause of ChronoForms emails not being delivered :-)
Unfortunately if you are a spammer it's only too easy to set up a mailer that has no such rules.
Thanks for the beer, much appreciated.
Bob
Many webhosts these days cross-check the from domain of an email with the site domain and mark it as spam "possible relay" if they don't match. Mismatched domaisn are the most frequent cause of ChronoForms emails not being delivered :-)
Unfortunately if you are a spammer it's only too easy to set up a mailer that has no such rules.
Thanks for the beer, much appreciated.
Bob
This topic is locked and no more replies can be posted.
