Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    New way to spam? Send via website contact forms.
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    New way to spam? Send via website contact forms.

    I just received this messages via my contact form on my custom coded website:

    Begin transmission...
    =======================================================
    
    Name: Avery***
    Email: raphae***@gmail.com
    Company: google
    IP: 37.120.156.23
    File Link: https://www.google.com
    Reason: Report
    -------------------------------------
    Subject: Mailing via the feedback form.
    -------------------------------------
    
    Hi!  ziox.us 
    
    Have you ever heard of sending messages via contact forms? 
    
    Imagine that your offer will be readread by hundreds of thousands of your probable customerscustomers. 
    Your message will not go to the spam folder because people will send the message to themselves. As an example, we have sent you our suggestion  in the same way. 
    
    We have a database of more than 35 million sites to which we can send your offer. Sites are sorted by country. Unfortunately, you can only select a country when sending a letter. 
    
    The cost of one million messages 49 USD. 
    There is a discount program when you purchase  more than two million message packages. 
    
    
    Free test mailing of 50,000 messages to any country of your choice. 
    
    
    This letter is created automatically. Please use the contact details below to contact us. 
    
    
    
    Contact us. 
    Telegram - @********** 
    Skype  *********
    Email - *******@*********.com
    =======================================================
    
    End transmission.
    

    Funny how he states his company as Google...

    Also, funny that my contact form does not actually email, but sends a instant message to my phone. So I guess it won't work the way he states it will for everyone.

    Do note that my contact form is protected by Google captcha, which I guess was bypassed...

    Thanked by 1ryanryan
    Idea
    1. What do you think of the idea of using your own contact form to spam you?30 votes
      1. Good idea
        16.67%
      2. Bad idea
        20.00%
      3. Want to kill
        63.33%

    Comments

    • Missing option: The end is nigh

    • @notty said:
      Missing option: The end is nigh

      I was waiting for the usual guy to comment that on thread instead...

    • This is shady stuff.

      You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?

    • ricardoricardo Member
      edited November 10

      Not really a new thing. They used to look for poorly coded backends where they could inject headers and send the emails out to other recipients.

      Using your contact form to contact you isn't exactly new either :-)

      What they're offering is basically a scraped list of web forms. Not exactly a huge barrier to gathering it. Simply visiting the home page of all sites, and each page linked to from the home page, gather all < form> elements, score based on what looks like the contact one e.g. (contact|email|touch) in URL. Field names in form etc.

      Would be better if they topically classified sites, but that's a bit refined. Scatter gun approach it is.

      The real solution is to send them 50 million enquiries.

      Thanked by 2notty kkrajk
    • cybertechcybertech Member
      edited November 10

      I have this problem too. Edit: found a captcha solution!

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • imokimok Member

      It's one of the oldest ways to spam.

    • @cybertech said:
      I have this problem too. Edit: found a captcha solution!

      Share please. I have google captcha, and it ain't stopping them...

    • @somik said:

      @cybertech said:
      I have this problem too. Edit: found a captcha solution!

      Share please. I have google captcha, and it ain't stopping them...

      Already try to using new recaptcha v3 by google?

      Thanked by 1somik
    • This ain't new. It's been around since like the stone age of IT

      Thanked by 1kkrajk
    • @HostinganID said:

      @somik said:

      @cybertech said:
      I have this problem too. Edit: found a captcha solution!

      Share please. I have google captcha, and it ain't stopping them...

      Already try to using new recaptcha v3 by google?

      I'll check. I think I'm still using v2...

    • @somik said:

      @HostinganID said:

      @somik said:

      @cybertech said:
      I have this problem too. Edit: found a captcha solution!

      Share please. I have google captcha, and it ain't stopping them...

      Already try to using new recaptcha v3 by google?

      I'll check. I think I'm still using v2...

      Now maybe you can try using v3 recaptcha. I think it would be better.

    • @somik said:

      @cybertech said:
      I have this problem too. Edit: found a captcha solution!

      Share please. I have google captcha, and it ain't stopping them...

      Check your website files , maybe some contact form is still available on your server without catcha and they are using it.

    • this has been around since dinosaurs

      lurking in the shadows like a wombat or some shit

    • @HostinganID said:

      @somik said:

      @HostinganID said:

      @somik said:

      @cybertech said:
      I have this problem too. Edit: found a captcha solution!

      Share please. I have google captcha, and it ain't stopping them...

      Already try to using new recaptcha v3 by google?

      I'll check. I think I'm still using v2...

      Now maybe you can try using v3 recaptcha. I think it would be better.

      Switched to using v3. Hope this'll stop em.

    • Contact form spaming is as old as seo. Google recaptcha can be cracked without problems. Recaptcha v3 wont change anything, from my tests its actually easier to crack v3 than v2.

    • @dodheimsgard said:
      Contact form spaming is as old as seo. Google recaptcha can be cracked without problems. Recaptcha v3 wont change anything, from my tests its actually easier to crack v3 than v2.

      Sigh... I'll need to setup a custom captcha then...

    • jarjar Provider

      I've been dealing with this at mxroute more and more. It's really hard to catch from my side, but it has gotten back to me several times recently.

      It isn't just contact forms either. Imagine this scenario, which I ran into recently:

      User runs a Wordpress site that allows user registration. When the user registers, they were sent an email containing the name that they entered on the registration form. That was then a free field for them to type any message into (even if it had to be short, they could use a URL shortener and quick message), and then send it to any email address they input on the registration page.

      All web forms that send email need to be considered for abuse vectors these days.

      Thanked by 2bikegremlin uptime
    • I used to have recaptcha v3 on my site, but some of my customer faced unknown issue with it. They just can't register, and didn't know why, and how to change it.

      Chill chill

    • @jar said:
      I've been dealing with this at mxroute more and more. It's really hard to catch from my side, but it has gotten back to me several times recently.

      It isn't just contact forms either. Imagine this scenario, which I ran into recently:

      User runs a Wordpress site that allows user registration. When the user registers, they were sent an email containing the name that they entered on the registration form. That was then a free field for them to type any message into (even if it had to be short, they could use a URL shortener and quick message), and then send it to any email address they input on the registration page.

      All web forms that send email need to be considered for abuse vectors these days.

      That would be much worse then feedback or abuse report forms...

      @dz_paji said:
      I used to have recaptcha v3 on my site, but some of my customer faced unknown issue with it. They just can't register, and didn't know why, and how to change it.

      Troubleshooting it may help. Since it's a hidden captcha, if you miss out the form or site key, it won't work. In my case, my website is fully custom coded so it's easier for me to troubleshoot and fix issues.

    • I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

      Thanked by 1uptime

      Tried and trusted: Nexus Bytes, WisHosting, HostHatch, Kimsufi, Hostsolutions, MrVM, Upcloud, MXroute, Iniz, Gullo, Spry Servers, RedIT | To try: Letbox, Hetzner, BuyVM/BuyShared, Inception, HostDoc, SmartHost, PHP-Friends, VirMach #lexit

    • @poisson said:
      I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

      As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

    • @somik said:

      @poisson said:
      I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

      As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

      Ah I forgot the initial context! Modern inconveniences.

      Tried and trusted: Nexus Bytes, WisHosting, HostHatch, Kimsufi, Hostsolutions, MrVM, Upcloud, MXroute, Iniz, Gullo, Spry Servers, RedIT | To try: Letbox, Hetzner, BuyVM/BuyShared, Inception, HostDoc, SmartHost, PHP-Friends, VirMach #lexit

    • @poisson said:

      @somik said:

      @poisson said:
      I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

      As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

      Ah I forgot the initial context! Modern inconveniences.

      Ahahaha, exactly! I'm too lazy to even check my emails.

      Naa, the thing is, I am not using any third party email services with this contact form and I rarely send out emails directly from my server in fear of the IP getting banned.

      Anyway, I think i'll take up your idea. Submit the contact form and save it to a DB or something.

    • @somik said:

      @poisson said:

      @somik said:

      @poisson said:
      I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

      As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

      Ah I forgot the initial context! Modern inconveniences.

      Ahahaha, exactly! I'm too lazy to even check my emails.

      Naa, the thing is, I am not using any third party email services with this contact form and I rarely send out emails directly from my server in fear of the IP getting banned.

      Anyway, I think i'll take up your idea. Submit the contact form and save it to a DB or something.

      Unless you need an immediate response, my Google sheets method allow me just one consolidated email a day, reducing the number of annoying alerts. Maybe you can consider something along this line so that you will just get one alert on the morning to clear the spam junk.

      Thanked by 1somik

      Tried and trusted: Nexus Bytes, WisHosting, HostHatch, Kimsufi, Hostsolutions, MrVM, Upcloud, MXroute, Iniz, Gullo, Spry Servers, RedIT | To try: Letbox, Hetzner, BuyVM/BuyShared, Inception, HostDoc, SmartHost, PHP-Friends, VirMach #lexit

    • @poisson said:

      @somik said:

      @poisson said:

      @somik said:

      @poisson said:
      I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

      As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

      Ah I forgot the initial context! Modern inconveniences.

      Ahahaha, exactly! I'm too lazy to even check my emails.

      Naa, the thing is, I am not using any third party email services with this contact form and I rarely send out emails directly from my server in fear of the IP getting banned.

      Anyway, I think i'll take up your idea. Submit the contact form and save it to a DB or something.

      Unless you need an immediate response, my Google sheets method allow me just one consolidated email a day, reducing the number of annoying alerts. Maybe you can consider something along this line so that you will just get one alert on the morning to clear the spam junk.

      I'm also thinking of creating my own captcha. Since I'll be the sole user, as long as I can avoid their automated captcha decoding, I should be safe. I don't think they'll invest enough to decode a captcha used on 2 or 3 websites with almost non-existent traffic.

    • v3 captcha has been working fine for me (knock on wood).

      @jar
      I set automated blocking when any registration/login form is getting abused.
      Combined with v3 captcha to stop at least some bots, I think this makes spaming through that form a rather slow and tedious job.
      But will look out for url-like user name registrations definitely.

      All in all, it's a tedious, cat and mouse game and spamers are very persistent and creative.

      Thanked by 1jar

      Mostly harmless™

      I/O Gremlin

    • @bikegremlin @poisson
      Currently I'm working on my own PHP based captcha solution. Nothing fancy, just a simple addition or subtraction.

      See example:

    • One of the easiest and oldest ways to spam. Thanks for pointing this out to those, who didn't thought about it till now :D

    • No, old way.
      We just take your tools and use it against you.

      Just stop leaving them in your fucking Garden.

      Thanked by 1vimalware
    • hostdarehostdare Member, Provider

      I need a gun now

      HostDare - One of the cheapest and coolest providers online! :) | Our premium unmanaged vps plans | Cheap Shared Hosting

    • @somik said:
      @bikegremlin @poisson
      Currently I'm working on my own PHP based captcha solution. Nothing fancy, just a simple addition or subtraction.

      See example:

      I like that solution. Think it should prevent most bots.
      But, like with all the security/anti spam policies - it's a tradeoff between (user) convenience and safety. Main advantage of v3 captcha is that it can be set to completely invisible, only stepping in when the activity looks like a bot. Seems to work pretty good for now (knock on wood).

      Mostly harmless™

      I/O Gremlin

    • @bikegremlin said:

      @somik said:
      @bikegremlin @poisson
      Currently I'm working on my own PHP based captcha solution. Nothing fancy, just a simple addition or subtraction.

      See example:

      I like that solution. Think it should prevent most bots.
      But, like with all the security/anti spam policies - it's a tradeoff between (user) convenience and safety. Main advantage of v3 captcha is that it can be set to completely invisible, only stepping in when the activity looks like a bot. Seems to work pretty good for now (knock on wood).

      Yes, that's a big trade of this with captcha. I mean it started to annoy me even when I was testing and tweaking it. I might give up on this and stick with v3 until I start getting messages again...

    Sign In or Register to comment.