Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


New way to spam? Send via website contact forms.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

New way to spam? Send via website contact forms.

I just received this messages via my contact form on my custom coded website:

Begin transmission...
=======================================================

Name: Avery***
Email: raphae***@gmail.com
Company: google
IP: 37.120.156.23
File Link: https://www.google.com
Reason: Report
-------------------------------------
Subject: Mailing via the feedback form.
-------------------------------------

Hi!  ziox.us 

Have you ever heard of sending messages via contact forms? 

Imagine that your offer will be readread by hundreds of thousands of your probable customerscustomers. 
Your message will not go to the spam folder because people will send the message to themselves. As an example, we have sent you our suggestion  in the same way. 

We have a database of more than 35 million sites to which we can send your offer. Sites are sorted by country. Unfortunately, you can only select a country when sending a letter. 

The cost of one million messages 49 USD. 
There is a discount program when you purchase  more than two million message packages. 


Free test mailing of 50,000 messages to any country of your choice. 


This letter is created automatically. Please use the contact details below to contact us. 



Contact us. 
Telegram - @********** 
Skype  *********
Email - *******@*********.com
=======================================================

End transmission.

Funny how he states his company as Google...

Also, funny that my contact form does not actually email, but sends a instant message to my phone. So I guess it won't work the way he states it will for everyone.

Do note that my contact form is protected by Google captcha, which I guess was bypassed...

Thanked by 1ryanryan
Idea
  1. What do you think of the idea of using your own contact form to spam you?42 votes
    1. Good idea
      23.81%
    2. Bad idea
      19.05%
    3. Want to kill
      57.14%
«1

Comments

  • Missing option: The end is nigh

  • @notty said:
    Missing option: The end is nigh

    I was waiting for the usual guy to comment that on thread instead...

  • This is shady stuff.

  • ricardoricardo Member
    edited November 2019

    Not really a new thing. They used to look for poorly coded backends where they could inject headers and send the emails out to other recipients.

    Using your contact form to contact you isn't exactly new either :-)

    What they're offering is basically a scraped list of web forms. Not exactly a huge barrier to gathering it. Simply visiting the home page of all sites, and each page linked to from the home page, gather all < form> elements, score based on what looks like the contact one e.g. (contact|email|touch) in URL. Field names in form etc.

    Would be better if they topically classified sites, but that's a bit refined. Scatter gun approach it is.

    The real solution is to send them 50 million enquiries.

    Thanked by 2notty kkrajk
  • cybertechcybertech Member
    edited November 2019

    I have this problem too. Edit: found a captcha solution!

  • It's one of the oldest ways to spam.

  • @cybertech said:
    I have this problem too. Edit: found a captcha solution!

    Share please. I have google captcha, and it ain't stopping them...

  • @somik said:

    @cybertech said:
    I have this problem too. Edit: found a captcha solution!

    Share please. I have google captcha, and it ain't stopping them...

    Already try to using new recaptcha v3 by google?

    Thanked by 1somik
  • This ain't new. It's been around since like the stone age of IT

    Thanked by 1kkrajk
  • @HostinganID said:

    @somik said:

    @cybertech said:
    I have this problem too. Edit: found a captcha solution!

    Share please. I have google captcha, and it ain't stopping them...

    Already try to using new recaptcha v3 by google?

    I'll check. I think I'm still using v2...

  • @somik said:

    @HostinganID said:

    @somik said:

    @cybertech said:
    I have this problem too. Edit: found a captcha solution!

    Share please. I have google captcha, and it ain't stopping them...

    Already try to using new recaptcha v3 by google?

    I'll check. I think I'm still using v2...

    Now maybe you can try using v3 recaptcha. I think it would be better.

  • @somik said:

    @cybertech said:
    I have this problem too. Edit: found a captcha solution!

    Share please. I have google captcha, and it ain't stopping them...

    Check your website files , maybe some contact form is still available on your server without catcha and they are using it.

  • this has been around since dinosaurs

  • @HostinganID said:

    @somik said:

    @HostinganID said:

    @somik said:

    @cybertech said:
    I have this problem too. Edit: found a captcha solution!

    Share please. I have google captcha, and it ain't stopping them...

    Already try to using new recaptcha v3 by google?

    I'll check. I think I'm still using v2...

    Now maybe you can try using v3 recaptcha. I think it would be better.

    Switched to using v3. Hope this'll stop em.

  • Contact form spaming is as old as seo. Google recaptcha can be cracked without problems. Recaptcha v3 wont change anything, from my tests its actually easier to crack v3 than v2.

  • @dodheimsgard said:
    Contact form spaming is as old as seo. Google recaptcha can be cracked without problems. Recaptcha v3 wont change anything, from my tests its actually easier to crack v3 than v2.

    Sigh... I'll need to setup a custom captcha then...

  • jarjar Patron Provider, Top Host, Veteran

    I've been dealing with this at mxroute more and more. It's really hard to catch from my side, but it has gotten back to me several times recently.

    It isn't just contact forms either. Imagine this scenario, which I ran into recently:

    User runs a Wordpress site that allows user registration. When the user registers, they were sent an email containing the name that they entered on the registration form. That was then a free field for them to type any message into (even if it had to be short, they could use a URL shortener and quick message), and then send it to any email address they input on the registration page.

    All web forms that send email need to be considered for abuse vectors these days.

  • I used to have recaptcha v3 on my site, but some of my customer faced unknown issue with it. They just can't register, and didn't know why, and how to change it.

  • @jar said:
    I've been dealing with this at mxroute more and more. It's really hard to catch from my side, but it has gotten back to me several times recently.

    It isn't just contact forms either. Imagine this scenario, which I ran into recently:

    User runs a Wordpress site that allows user registration. When the user registers, they were sent an email containing the name that they entered on the registration form. That was then a free field for them to type any message into (even if it had to be short, they could use a URL shortener and quick message), and then send it to any email address they input on the registration page.

    All web forms that send email need to be considered for abuse vectors these days.

    That would be much worse then feedback or abuse report forms...

    @dz_paji said:
    I used to have recaptcha v3 on my site, but some of my customer faced unknown issue with it. They just can't register, and didn't know why, and how to change it.

    Troubleshooting it may help. Since it's a hidden captcha, if you miss out the form or site key, it won't work. In my case, my website is fully custom coded so it's easier for me to troubleshoot and fix issues.

  • I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

    Thanked by 1uptime
  • @poisson said:
    I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

    As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

  • @somik said:

    @poisson said:
    I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

    As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

    Ah I forgot the initial context! Modern inconveniences.

  • @poisson said:

    @somik said:

    @poisson said:
    I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

    As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

    Ah I forgot the initial context! Modern inconveniences.

    Ahahaha, exactly! I'm too lazy to even check my emails.

    Naa, the thing is, I am not using any third party email services with this contact form and I rarely send out emails directly from my server in fear of the IP getting banned.

    Anyway, I think i'll take up your idea. Submit the contact form and save it to a DB or something.

  • @somik said:

    @poisson said:

    @somik said:

    @poisson said:
    I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

    As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

    Ah I forgot the initial context! Modern inconveniences.

    Ahahaha, exactly! I'm too lazy to even check my emails.

    Naa, the thing is, I am not using any third party email services with this contact form and I rarely send out emails directly from my server in fear of the IP getting banned.

    Anyway, I think i'll take up your idea. Submit the contact form and save it to a DB or something.

    Unless you need an immediate response, my Google sheets method allow me just one consolidated email a day, reducing the number of annoying alerts. Maybe you can consider something along this line so that you will just get one alert on the morning to clear the spam junk.

    Thanked by 1somik
  • @poisson said:

    @somik said:

    @poisson said:

    @somik said:

    @poisson said:
    I manually roll my contact form such that it sends the data to a Google sheet. Then I log in and delete that response. They can spam Google sheets for all I care.

    As i mentioned, my contact form does not email either. It sends a instant message to my phone... which makes it even more annoying!

    Ah I forgot the initial context! Modern inconveniences.

    Ahahaha, exactly! I'm too lazy to even check my emails.

    Naa, the thing is, I am not using any third party email services with this contact form and I rarely send out emails directly from my server in fear of the IP getting banned.

    Anyway, I think i'll take up your idea. Submit the contact form and save it to a DB or something.

    Unless you need an immediate response, my Google sheets method allow me just one consolidated email a day, reducing the number of annoying alerts. Maybe you can consider something along this line so that you will just get one alert on the morning to clear the spam junk.

    I'm also thinking of creating my own captcha. Since I'll be the sole user, as long as I can avoid their automated captcha decoding, I should be safe. I don't think they'll invest enough to decode a captcha used on 2 or 3 websites with almost non-existent traffic.

  • v3 captcha has been working fine for me (knock on wood).

    @jar
    I set automated blocking when any registration/login form is getting abused.
    Combined with v3 captcha to stop at least some bots, I think this makes spaming through that form a rather slow and tedious job.
    But will look out for url-like user name registrations definitely.

    All in all, it's a tedious, cat and mouse game and spamers are very persistent and creative.

    Thanked by 1jar
  • @bikegremlin @poisson
    Currently I'm working on my own PHP based captcha solution. Nothing fancy, just a simple addition or subtraction.

    See example:

  • One of the easiest and oldest ways to spam. Thanks for pointing this out to those, who didn't thought about it till now :D

  • NeoonNeoon Community Contributor, Veteran

    No, old way.
    We just take your tools and use it against you.

    Just stop leaving them in your fucking Garden.

    Thanked by 1vimalware
  • hostdarehostdare Member, Patron Provider

    I need a gun now

Sign In or Register to comment.