SPAM Emails & Contact Form Abuse
Spam emails were sent via a vulnerable user registration form that is currently enabled on your website and your existing domain emails.
To stop spammers from exploiting your email account and the mail form and sending more spam, we have disabled the file permissions to deny access.
How do we prevent further abuse?
In order to prevent further abuse of your email accounts and the user registration form on your website, we suggest that we proceed as follows:
- Reset all you email account passwords.
- Reset FTP and login passwords.
- Disable the registration functionality if not in use on your website.
- Add a CAPTCHA test to forms on your website that sends email.
- Change the default registration page to a custom registration page to prevent spammers and bots to target the default pages.
- Updating new software for reCAPTCHA Forms, Emails & Cor Website Files.
Form-to-mail probe prevention with Captcha and JS form validation.
If you are experiencing bogus data being submitted through your form-to-mail, it could be a result of a spammer who is ‘probing’ the form-to-mail script on your website to determine whether it is vulnerable to abuse.
If your form-to-email script is publicly accessible, there is unfortunately very little that can be done to prevent these probes. WebSiteDesigns cannot distinguish between the spam probes and legitimate form submission. Once the spammer realizes that your form-to-mail script is not vulnerable, they will move on and the mail you receive from these probes should cease.
The form-to-mail options provided are secure.
One way to reduce probing of your forms is a solution that has been developed by the CAPTCHA Project. The CAPTCHATM is a program that can generate and grade tests (images of text/numbers) that most humans will read/pass and most current computer programs will fail. For example, humans can read distorted text, but current computer programs can’t.
Once the CAPTCHA is enabled on the website, we can re-enable the form by changing the permissions of the affected file back to 644.
Cost to update vital Cor files and software?
R590 per domain.