WordPress.org

Plugin Directory

wp-contact-form

Opened 12 years ago

Closed 12 years ago

#324 closed defect (duplicate)

Receiving bogus e-mails via wp-contact form

Reported by: davincim Owned by: ryanduff
Priority: normal Severity: normal
Plugin: wp-contact-form Keywords: wp-contact, bogus e-mail
Cc:

Description

I've been receiving bogus e-mails sent from my wp-contact form (v 1.3) on my blog. Here's what one of them says:

subject: A message from your blog

he4273 at familywebwatch dot com wrote:
along
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: th surroundings that
bcc: charleselegbed at aol dot com

c93d0322280d4a6d9576fd5e359030b9

I'm no expert, but it looks like the doings of a bot, otherwise, what else would be sending weird stuff like that?

What I don't understand is why it's using my domain as the sender's address via the form. I've received several others like this, but with something different before the @ symbol. And if it's any help, I've also been getting e-mails sent from my site which uses another script to send messages to me. I offer this only to point out activity. I know it has nothing to do with you plugin. It's like some hacker is testing my site or something.

Also, how did a bcc get attached to the e-mail?

Sorry for all the questions, but I am baffled and frustrated. I've enjoyed using your plug-in for a almost a year now and will continue to do so. Let me know if there's any information you need so we can find a solution. :)

Change History (2)

comment:1 @davincim12 years ago

Update: it hasn't happened since I submitted this ticket, but I'm still interested in your comments about what's happening and if anything can be done about it.

Thanks!

comment:2 @ryanduff12 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

This is nuisance spam. The form checks for similar text in other fields, but the message body itself if safe from exploitation. That field is not checked because it might limit the amount of legitimate emais you get. I'd recommend a plugin like BadBehavior to stop the spambots from even visiting your site. I get no spam through my form.

Marking this ticket a duplicate of #316

Note: See TracTickets for help on using tickets.