Why am I getting lots of Spam?

Posted by on Oct 16, 2013 in Tips, Troubleshooting

My form is receiving lots of spam emails, what can I do about it?

The different types of spam:

Human spammers – they actually visit your form and fill it out including the CAPTCHA.

Spambot probes – sometimes contain content that does not make any sense (jibberish). Spam bots will try to target any forms that they discover. They first attempt an email header injection attack to use your web form to send spam emails. After failing that, they simply submit the form with a URL or embedded HTML, hoping someone will be phished or click the link.

Blackhat SEO spammers – looking for blog comment forms, contact forms, Wikis, etc. By using randomly generated unique “words”, they can then do a Google search to find websites where their content has been posted un-moderated. Then they can go back to these websites, identify if the links have been posted without the rel=”nofollow” attribute (which would prevent them contributing to Google’s algorithm), and if not they can post whatever spam links they like on those websites, in an effort to boost Google rankings for certain sites. Or worse, use it to post whatever content they want onto those websites, even embedded malware.

Human CAPTCHA solvers – The thing is that it’s easy and cheap for someone to hire a person to enter this spam. Usually it can be done for about $5 for 1,000 or so form submissions. The spammer gives their ’employee’ a list of sites and what to paste in and they go at it. not all of your spam (and other trash) will be computer generated – using CAPTCHA proxy or farm the bad guys can have real people spamming you. A CAPTCHA farm has many cheap laborers (India, far east, etc) solving them. CAPTCHA proxy is when they use a bot to fetch and serve your image to users of other sites, e.g. porn, games, etc. After the CAPTCHA is solved, they use a bot to post your form.

How to stop it?

Enable the CAPTCHA – (will not stop human captcha solvers) – You can enable this feature for your form on the Security tab of the form edit page.

Enable honeypot spambot trap – (temporarily stop bot attacks) if the spam bot fills the hidden honepot field in, it IS SPAM and will be blocked. You can enable this feature for your form on the Security tab of the form edit page.

Change the URL of your form: – (temporarily stop bot attacks) – This should immediately eliminate all spam sent directly to your form by spammers who have the URL of your form page in their spambot databases. This could only be temporary if they come back to find it again, or maybe they will not, so it is worth a try.

Filter Spam With Akismet – The Akismet plugin comes pre-installed with WordPress. First you will need to make sure that Akismet is activated using your API key. Once activated, Akismet helps to filter spam comments but it can also be used with Fast Secure Contact Form to label as “Spam” or block contact form submissions. You can configure the Akismet action for your form on the Security tab of the form edit page. You can select to block or keep the messages.

Install Bad Behavior Plugin – The Bad Behavior WordPress plugin prevents spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. There are other plugins that perform this same function, find one that meets the needs of your site.

Do you need help?

Send us a Donation:

Donate to Mike Challis