Hi,
I'm using OC 3.0.3.8 and have a spammer problem.
This Chinese email spammer from Hong Kong uses the contact form to send me more than 300 emails per hour.
He is using the contact form according to the access log and also the dashboard show the same.
Rule from access log file:
POST /index.php?route=information/contact HTTP/1.1" 302 5139 "https://mywebsite/index.php?route=information/contact" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
I have deleted the contact form and disabled it in controller/../contact.php but he is still using the form.
The smtp for this website is now blocked by my hosting provider because of this and I just can't find the problem to fix it.
Does anybody have an idea on how he is able to use the form to send emails without the form itself?
PS: after I disabled the send email part in controller/../contact.php the attempts increased by a factor 10 trying from multiple IP addresses.
What can I do ?
If you have removed catalog/controller/information/contact.php then no emails would be sent. You should see HTTP/1.1" 404 in the access log instead of 302.
If you still want the form, then you would need some form protection such as a CAPTCHA.
If you still want the form, then you would need some form protection such as a CAPTCHA.
Thanks for your reply, after I completely removed contact.php they went nuts from more different IP adresses.
They are now attempting every 2 seconds to use the contact form.
(I used a captcha, but it is working correctly I asume)
I can't find a 404 but the 302 has been changed now to HTTP/1.1" 403 5241..... and HTTP/1.1" 503 36208.....
I'm afraid that I have to remove the website and suspend it for a while to solve this unfortunately
They are now attempting every 2 seconds to use the contact form.
(I used a captcha, but it is working correctly I asume)
I can't find a 404 but the 302 has been changed now to HTTP/1.1" 403 5241..... and HTTP/1.1" 503 36208.....
I'm afraid that I have to remove the website and suspend it for a while to solve this unfortunately
403 is Forbidden, it could be that some sort of protection kicked in. 503 is Service Unavailable, which suggests the server is overloaded. Have you spoken to you host about it?
I did asked them but they are saying that the spammer is maybe using an other form on the website while there aren't any other forms.
They say that there is nothing they can do and that I have to solve this within the form (that doesn't exist)...
So not much of a help there..
Overload it is, after completely removing contact.php they went nuts in Hong Kong and trying to access the contact form every 2 seconds.
I don't hope they have found a bug or an open hole in Opencart......, I like using it.
Every two seconds in the dasboard:
Referer: index.php?route=information/contact
Last page visited: index.php?route=information/contact
They say that there is nothing they can do and that I have to solve this within the form (that doesn't exist)...
So not much of a help there..
Overload it is, after completely removing contact.php they went nuts in Hong Kong and trying to access the contact form every 2 seconds.
I don't hope they have found a bug or an open hole in Opencart......, I like using it.
Every two seconds in the dasboard:
Referer: index.php?route=information/contact
Last page visited: index.php?route=information/contact
It's probably some form of bot attack. Doesn't matter what the form is or whether it's OpenCart or not, if there are too many requests for the server to handle.
There are third party protection systems if you host doesn't have anything. Otherwise the best you can do is bock that URL in htaccess until they stop.
There are third party protection systems if you host doesn't have anything. Otherwise the best you can do is bock that URL in htaccess until they stop.
These are my two goto add-ons for problems like yours:
Ninja Firewall
https://nintechnet.com/ninjafirewall/pro-edition
The free version of Ninja Firewall is fine.
Cidram
https://github.com/CIDRAM/CIDRAM
Plus an admin security extension. Not perfect but pretty good.
Ninja Firewall
https://nintechnet.com/ninjafirewall/pro-edition
The free version of Ninja Firewall is fine.
Cidram
https://github.com/CIDRAM/CIDRAM
Plus an admin security extension. Not perfect but pretty good.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Looks like a spambot attack indeed. Try our SpamBot Buster which offers a complete protection for the contact page.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Did you download direct from the Nintech site? I've got a clean zip file if you need it.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Have sent you a PM.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Without knowing your domain, it is hard to guess what exactly is going on.
Are ALL of your files free of Malware? Do you have a firewall installed now and/or Cloudflare?
Are ALL of your files free of Malware? Do you have a firewall installed now and/or Cloudflare?
Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhosting.com
Active Member
Who is online
Users browsing this forum: No registered users and 6 guests
