Page 1 of 1
Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 5:17 pm
by Bartr
Hi,
I'm using OC 3.0.3.8 and have a spammer problem.
This Chinese email spammer from Hong Kong uses the contact form to send me more than 300 emails per hour.
He is using the contact form according to the access log and also the dashboard show the same.
Rule from access log file:
POST /index.php?route=information/contact HTTP/1.1" 302 5139 "
https://mywebsite/index.php?route=information/contact" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
I have deleted the contact form and disabled it in controller/../contact.php but he is still using the form.
The smtp for this website is now blocked by my hosting provider because of this and I just can't find the problem to fix it.
Does anybody have an idea on how he is able to use the form to send emails without the form itself?
PS: after I disabled the send email part in controller/../contact.php the attempts increased by a factor 10 trying from multiple IP addresses.
What can I do ?
Re: Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 6:03 pm
by ADD Creative
If you have removed catalog/controller/information/contact.php then no emails would be sent. You should see HTTP/1.1" 404 in the access log instead of 302.
If you still want the form, then you would need some form protection such as a CAPTCHA.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 6:40 pm
by Bartr
Thanks for your reply, after I completely removed contact.php they went nuts from more different IP adresses.
They are now attempting every 2 seconds to use the contact form.
(I used a captcha, but it is working correctly I asume)
I can't find a 404 but the 302 has been changed now to HTTP/1.1" 403 5241..... and HTTP/1.1" 503 36208.....
I'm afraid that I have to remove the website and suspend it for a while to solve this unfortunately
Re: Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 7:00 pm
by ADD Creative
403 is Forbidden, it could be that some sort of protection kicked in. 503 is Service Unavailable, which suggests the server is overloaded. Have you spoken to you host about it?
Re: Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 7:29 pm
by Bartr
I did asked them but they are saying that the spammer is maybe using an other form on the website while there aren't any other forms.
They say that there is nothing they can do and that I have to solve this within the form (that doesn't exist)...
So not much of a help there..
Overload it is, after completely removing contact.php they went nuts in Hong Kong and trying to access the contact form every 2 seconds.
I don't hope they have found a bug or an open hole in Opencart......, I like using it.
Every two seconds in the dasboard:
Referer: index.php?route=information/contact
Last page visited: index.php?route=information/contact
Re: Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 8:14 pm
by ADD Creative
It's probably some form of bot attack. Doesn't matter what the form is or whether it's OpenCart or not, if there are too many requests for the server to handle.
There are third party protection systems if you host doesn't have anything. Otherwise the best you can do is bock that URL in htaccess until they stop.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Tue Oct 10, 2023 11:03 pm
by johnp
These are my two goto add-ons for problems like yours:
Ninja Firewall
https://nintechnet.com/ninjafirewall/pro-edition
The free version of Ninja Firewall is fine.
Cidram
https://github.com/CIDRAM/CIDRAM
Plus an admin security extension. Not perfect but pretty good.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Wed Oct 11, 2023 12:44 am
by JNeuhoff
Looks like a spambot attack indeed. Try our SpamBot Buster which offers a complete protection for the contact page.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Wed Oct 11, 2023 8:34 pm
by Bartr
Thank you both, I will check them out.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Wed Oct 11, 2023 10:36 pm
by Bartr
@Johnp, I installed the free version of the Ninja firewall as you adviced (which gave errors installing), but a trojan named Dirtelti.MCU came with it...... according to the scanner.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Fri Oct 13, 2023 2:01 am
by johnp
Bartr wrote: ↑Wed Oct 11, 2023 10:36 pm
@Johnp, I installed the free version of the Ninja firewall as you adviced (which gave errors installing), but a trojan named Dirtelti.MCU came with it...... according to the scanner.
Did you download direct from the Nintech site? I've got a clean zip file if you need it.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Wed Oct 18, 2023 7:22 pm
by Bartr
Sorry for my late reply but yes I donwloaded it from their website.
If you have a clean version than I would be very gratefull.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Thu Oct 19, 2023 2:05 am
by johnp
Bartr wrote: ↑Wed Oct 18, 2023 7:22 pm
Sorry for my late reply but yes I donwloaded it from their website.
If you have a clean version than I would be very gratefull.
Have sent you a PM.
Re: Email spammer is using the contact form while it doesn't exist
Posted: Mon Oct 30, 2023 11:13 pm
by EvolveWebHosting
Without knowing your domain, it is hard to guess what exactly is going on.
Are ALL of your files free of Malware? Do you have a firewall installed now and/or Cloudflare?