robyone11
Forum Replies Created
-
Forum: Plugins
In reply to: [Contact Form 7] Spam problemSorry to bother you again
To be sure to search in the right directionOut of the site… even if the spammers visit each time the contact page ?
and this is content of an email
Return-Path: <[email protected]> Delivered-To: [email protected] Received: from cp7.utixo.eu by cp7.utixo.eu with LMTP id UBONHneKUF847wAAp+czbg (envelope-from <[email protected]>) for <[email protected]>; Thu, 03 Sep 2020 08:17:27 +0200 Return-path: <[email protected]> Envelope-to: [email protected] Delivery-date: Thu, 03 Sep 2020 08:17:27 +0200 Received: from [54.36.3.218] (port=40250 helo=www.argenteriadabbene.com) by cp7.utixo.eu with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <[email protected]>) id 1kDiYp-000FyL-CO for [email protected]; Thu, 03 Sep 2020 08:17:27 +0200 Date: Thu, 3 Sep 2020 06:17:27 +0000 To: [email protected] From: Argenteria Dabbene <[email protected]> Subject: [Argenteria Dabbene Milano - Liste Nozze - Regali - Bijoux] - [email protected] Message-ID: <VosZ3ht8Jv09QYFSsnfftZxSMLezJcZyWlm98QBkXU@www.argenteriadabbene.com> X-Mailer: WPMailSMTP/Mailer/smtp 2.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Name : LeandroIsons, Email : [email protected] Ðдвокат. ЮридичеÑÐºÐ°Ñ ÐºÐ¾Ð½ÑÑƒÐ»ÑŒÑ‚Ð°Ñ†Ð¸Ñ Ð¿Ð¾ телефону беÑплатно. Опыт работы более 20 лет. [url=https://lawyer-1283.business.site/]ÐДВОКÐТИ Ð’ ДÐІПРОПЕТРОВСЬКУ[/url]Forum: Plugins
In reply to: [Contact Form 7] Spam problemedit:
i checked last two spam email and the spammers arrived directyl to my italian version of contact page:
5.188.84.119 - - [02/Sep/2020:22:05:29 +0200] "GET /it/contatti-argenteria-dabbene/ HTTP/1.0" 200 64101 "https://www.argenteriadabbene.com/it/contatti-argenteria-dabbene/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" 5.188.84.119 - - [02/Sep/2020:22:05:31 +0200] "POST /it/contatti-argenteria-dabbene/ HTTP/1.0" 200 - "https://www.argenteriadabbene.com/it/contatti-argenteria-dabbene/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"this is the form code:
<div class="info_h"><h5>Contattaci</h5></div> <div><label class="screen-reader">Nome (richiesto)</label>[text* firstname akismet:author placeholder "Nome"]</div> <div><label class="screen-reader">Email (richiesto)</label>[email* email akismet:author_email placeholder "Email"]</div> <div><label class="screen-reader">Messaggio (richiesto)</label>[textarea* message placeholder "Messaggio"]</div> <div>[acceptance acceptance-667] Ho letto e accetto i termini presenti nella Privacy Policy.[/acceptance] <a href="https://www.argenteriadabbene.com/it/privacy-policy/" target="_blanck">Leggi qui la Privacy Policy.</a></div> <div>Inserisci il codice che leggi: [captchac captcha-778 size:m fg:#ffffff bg:#000000] [captchar captcha-778 4/4]</div> <div>[submit "Invia"]</div>this is the mail code
https://postimg.cc/wRh9cPwn/3d015f2b
- This reply was modified 5 years, 9 months ago by robyone11.
Forum: Plugins
In reply to: [Contact Form 7] Spam problemI forgot to say that I see in visitor log of my website that spammers (bot) visited my contact page before sending spam so I’m pretty sure that there is a bug or something wrong with my config and spam is sent through that page
And I repeat That I don’t get how it’s possible if my contact form field are
Name, email, message, privacy policy and recaptchaI get email with
Only name and email fields
Forum: Plugins
In reply to: [Contact Form 7] Spam problemThank for your reply
here my settings
Form mail setting:https://postimg.cc/XXDQ0zNF
form code of contact page with recaptcha: https://postimg.cc/RqqLGL10
all contact form: https://postimg.cc/v1HQfBJp/00ce8744
thank you
Forum: Plugins
In reply to: [Contact Form 7] Spam coming through form with CAPTCHAThank you
thank you!
my english is terrible and my it skill are worse so probably i don’t get correctly your reply BUT
my admin username changed to indoxploit like all time and i see in the log, as wordfence noticed me at same time, upload of strange files like m.php and k.php like 16/11 log
probably indoxploit upload scripts ?
I’m experiencing indoxploit attack from several months, installed last time (16/11) bbq pro and other fix like malware scan of entire root
Last one happened yesterday, two months later last exploit on 16/11
i have only this log
server-ip - - [01/Jan/2018:22:45:59 +0100] "GET //wp-admin/theme-install.php?upload HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0" server-ip - - [01/Jan/2018:22:46:00 +0100] "GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.domain-name.com%2F%2Fwp-admin%2Ftheme-install.php%3Fupload&reauth=1 HTTP/1.1" 200 5924 "-" "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0" server-ip - - [01/Jan/2018:22:46:01 +0100] "POST //wp-login.php HTTP/1.1" 200 4895 "-" "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0" server-ip - - [01/Jan/2018:22:46:03 +0100] "POST //wp-admin/update.php?action=upload-theme HTTP/1.1" 302 - "-" "-" server-ip - - [01/Jan/2018:22:46:04 +0100] "GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.domain-name.com%2F%2Fwp-admin%2Fupdate.php%3Faction%3Dupload-theme&reauth=1 HTTP/1.1" 200 4625 "-" "-" server-ip - - [01/Jan/2018:22:46:05 +0100] "POST //wp-content/uploads/2018/01/m.php HTTP/1.1" 404 35123 "-" "-" server-ip - - [01/Jan/2018:22:46:06 +0100] "GET //k.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0" server-ip - - [01/Jan/2018:22:46:07 +0100] "GET /it//k.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0" server-ip - - [01/Jan/2018:22:46:08 +0100] "GET /it/k.php HTTP/1.1" 404 35098 "-" "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"16/11 attack was the same
I have also plugin security scanner, and wordfence free