Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

spambot hitting my website through my email signup form


bksbeat

Recommended Posts

Unfortunately I am currently getting bombarded with bogus email addresses (probably around 300 a day which started a few days ago) coming thru my site, i.e. www.nontando.com via my "sign up for email updates" form on my homepage. Never had this issue before. I have been checking a few IP addresses and many of our using TOR servers

 

I guess I can try and install a CAPTCHA? Was wondering if their was a more simple/better solution or perhaps an available add-on to use.

 

Thanks, Gary

Link to comment
Share on other sites

300 a day seems really small for a spammer. They usually have scripts that send out thousands, though maybe you are not seeing them all. The only way to stop them, if the emails are from scripts, is a cpatcha. I prefer the one called honeypot captcha since it is invisible to the customer but googles latest one claims to be too.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thank you. No, they seem to be hitting my site in 1's and 2's every 10 minutes or so? weird. I thought spambot, as you say, would be many more all together driven by some sort of script. So, I am not really sure what this is but it looks like email addresses that have been compromised with phony ip details?

 

here is an example of one I just got:

173.254.216.66

 

if you do a ip check it says

Services: Confirmed proxy server
Tor exit node
Recently reported forum spam source. (712)
Link to comment
Share on other sites

It the form sending the email uses the action recorder (doesn't sound like it), you could use it to limit how often an email is sent. But it sounds like someone is playing games. Adding captacha may help. But if they are submitting the form manually, then use googles since the Honeypot one wouldn't help in that case. Other than that, all you can do, that I can think of, is to block their IP's.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

@@Jack_mcs

 

I have seen also substantial subscribers with questionable ip's and mailadresses coming in the last days / weeks. I do use action-recorder but "they" seem to differ ip's and mailadresses all the time. So that does not keep them of...

 

For now I have decided to stop sending the newsletter automatically after subscription. Especially because I received some bounced spam mails at my postmaster@ adress. Which made me wonder whether these bots are able to abuse php mailer class. I need to dig in deeper...

 

Adding Capatcha should help - but I think it is putting of real subscribers. So my solution will probably be to manually evaluate and relaese subscribers in admin and then send latest newsletter.

 

Using services like Mailchimp might also be a solution because they use techniques to filter spammers adresses ....

 

Alltogether I am hoping to see more straightforward solutions here!

 

Thanks in advance!

Link to comment
Share on other sites

There's really no solution for stopping spammers that enter separate emails because no much is different from them and a legitimate person. You can block IP's but, as you mention, if they change then you might have a full-time job keeping up with them. If you can build a list of known words that spammers use, like Viagra, and not allow any of those through, along with emails containing links. That can be done automatically and may cut down on the spam. Postponing sending emails is a good way to go though, again, it increases your work load.

 

There are services like Mailchimp that do a good job of that. I think them, or maybe Mailbeez is free for the first 1,000 emails, or something like that. Amazon also offers an email service where you send all of your emails to them, via an MX record on the server and they handle sending them. From what I have seen, their bounce rate is very low.

 

With all of that said, I don't see the purpose of these people doing this. If they join your newsletter with a fake address what does it accomplish? Unless your site has been hacked and they can access the code to send newsletters, they are not doing harm. Spammers will generally send an email with multiple To addresses but the code in BS, and maybe later 2.3.4 versions, checks for that.  Maybe determining what they are trying to accomplish will help find a solution.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Indeed, it's a good question: what are they trying to accomplish? I could see making mailing requests to a few selected target emails, in order to swamp (attack) them, or making all sorts of requests to attack you by burying your server under a landslide of outgoing emails, but that seems a lot harder than a normal DoS/DDoS attack. Anyway, to avoid legal and/or SPAM blacklisting trouble for you, your newsletter should always include "You are receiving this because you (or someone pretending to be you) signed you up for it", and give an easy way to get off the mailing list.

 

Some sort of CAPTCHA is a good idea, to at least weed out most of the bots. The graphical ones (letters + noise) don't work all that well any more, and mostly just annoy legitimate users. Jack or Gary had a nice math-based CAPTCHA that I modified to use on my Contact page. As I said at the time, it may become less effective as it comes into more common use, and spammers start writing bots that understand how to deal with it, but so far, so good.

Link to comment
Share on other sites

Im still getting them but now I am down to about 4 or 5 a day. From what I can see, it looks like legit email addresses (probably copied by others) but I am guessing they are using false ip addresses. Currently, I am just blocking these ip addresses on my htaccess file, although I know this probably wont help much. I am not exactly sure what they hope to gain out of it, but I guess this is what spam is about. Based on the volume, my guess is that whoever is doing this, is doing it manually. 

Link to comment
Share on other sites

The one pattern I am starting to find which I find interesting (and somewhat disturbing) is when I google the email addresses that are subscribing, they are popping up on cleantalk as spam from wordpress activity. (I use wordpress for my blog with a link from osc site).

The last few days I have been checking my life traffic on wordfence and I many visitors from the likes of China, Czechia, Macedonia. This could be legit, so who knows. I would be curious from that other guy from Holland that has posted earlier if he uses Wordpress. I have no idea if there is a connection, but may well be.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...