bksbeat Posted April 22, 2017 Share Posted April 22, 2017 Unfortunately I am currently getting bombarded with bogus email addresses (probably around 300 a day which started a few days ago) coming thru my site, i.e. www.nontando.com via my "sign up for email updates" form on my homepage. Never had this issue before. I have been checking a few IP addresses and many of our using TOR servers I guess I can try and install a CAPTCHA? Was wondering if their was a more simple/better solution or perhaps an available add-on to use. Thanks, Gary Link to comment Share on other sites More sharing options...
Jack_mcs Posted April 22, 2017 Share Posted April 22, 2017 300 a day seems really small for a spammer. They usually have scripts that send out thousands, though maybe you are not seeing them all. The only way to stop them, if the emails are from scripts, is a cpatcha. I prefer the one called honeypot captcha since it is invisible to the customer but googles latest one claims to be too. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
bksbeat Posted April 22, 2017 Author Share Posted April 22, 2017 Thank you. No, they seem to be hitting my site in 1's and 2's every 10 minutes or so? weird. I thought spambot, as you say, would be many more all together driven by some sort of script. So, I am not really sure what this is but it looks like email addresses that have been compromised with phony ip details? here is an example of one I just got: 173.254.216.66 if you do a ip check it says Services: Confirmed proxy serverTor exit node Recently reported forum spam source. (712) Link to comment Share on other sites More sharing options...
Jack_mcs Posted April 22, 2017 Share Posted April 22, 2017 It the form sending the email uses the action recorder (doesn't sound like it), you could use it to limit how often an email is sent. But it sounds like someone is playing games. Adding captacha may help. But if they are submitting the form manually, then use googles since the Honeypot one wouldn't help in that case. Other than that, all you can do, that I can think of, is to block their IP's. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
azpro Posted April 22, 2017 Share Posted April 22, 2017 @@Jack_mcs I have seen also substantial subscribers with questionable ip's and mailadresses coming in the last days / weeks. I do use action-recorder but "they" seem to differ ip's and mailadresses all the time. So that does not keep them of... For now I have decided to stop sending the newsletter automatically after subscription. Especially because I received some bounced spam mails at my postmaster@ adress. Which made me wonder whether these bots are able to abuse php mailer class. I need to dig in deeper... Adding Capatcha should help - but I think it is putting of real subscribers. So my solution will probably be to manually evaluate and relaese subscribers in admin and then send latest newsletter. Using services like Mailchimp might also be a solution because they use techniques to filter spammers adresses .... Alltogether I am hoping to see more straightforward solutions here! Thanks in advance! Link to comment Share on other sites More sharing options...
Jack_mcs Posted April 23, 2017 Share Posted April 23, 2017 There's really no solution for stopping spammers that enter separate emails because no much is different from them and a legitimate person. You can block IP's but, as you mention, if they change then you might have a full-time job keeping up with them. If you can build a list of known words that spammers use, like Viagra, and not allow any of those through, along with emails containing links. That can be done automatically and may cut down on the spam. Postponing sending emails is a good way to go though, again, it increases your work load. There are services like Mailchimp that do a good job of that. I think them, or maybe Mailbeez is free for the first 1,000 emails, or something like that. Amazon also offers an email service where you send all of your emails to them, via an MX record on the server and they handle sending them. From what I have seen, their bounce rate is very low. With all of that said, I don't see the purpose of these people doing this. If they join your newsletter with a fake address what does it accomplish? Unless your site has been hacked and they can access the code to send newsletters, they are not doing harm. Spammers will generally send an email with multiple To addresses but the code in BS, and maybe later 2.3.4 versions, checks for that. Maybe determining what they are trying to accomplish will help find a solution. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
MrPhil Posted April 23, 2017 Share Posted April 23, 2017 Indeed, it's a good question: what are they trying to accomplish? I could see making mailing requests to a few selected target emails, in order to swamp (attack) them, or making all sorts of requests to attack you by burying your server under a landslide of outgoing emails, but that seems a lot harder than a normal DoS/DDoS attack. Anyway, to avoid legal and/or SPAM blacklisting trouble for you, your newsletter should always include "You are receiving this because you (or someone pretending to be you) signed you up for it", and give an easy way to get off the mailing list. Some sort of CAPTCHA is a good idea, to at least weed out most of the bots. The graphical ones (letters + noise) don't work all that well any more, and mostly just annoy legitimate users. Jack or Gary had a nice math-based CAPTCHA that I modified to use on my Contact page. As I said at the time, it may become less effective as it comes into more common use, and spammers start writing bots that understand how to deal with it, but so far, so good. Link to comment Share on other sites More sharing options...
bksbeat Posted April 26, 2017 Author Share Posted April 26, 2017 Im still getting them but now I am down to about 4 or 5 a day. From what I can see, it looks like legit email addresses (probably copied by others) but I am guessing they are using false ip addresses. Currently, I am just blocking these ip addresses on my htaccess file, although I know this probably wont help much. I am not exactly sure what they hope to gain out of it, but I guess this is what spam is about. Based on the volume, my guess is that whoever is doing this, is doing it manually. Link to comment Share on other sites More sharing options...
bksbeat Posted April 26, 2017 Author Share Posted April 26, 2017 The one pattern I am starting to find which I find interesting (and somewhat disturbing) is when I google the email addresses that are subscribing, they are popping up on cleantalk as spam from wordpress activity. (I use wordpress for my blog with a link from osc site). The last few days I have been checking my life traffic on wordfence and I many visitors from the likes of China, Czechia, Macedonia. This could be legit, so who knows. I would be curious from that other guy from Holland that has posted earlier if he uses Wordpress. I have no idea if there is a connection, but may well be. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.