Bot submitting from 58fecca08a199 etc.

  • Hi,
    a bot is sending me mails through Contact Form 7 on my site that look like this:
    *******
    From: 58fecca08a199 <[email protected]> 91.229.76.21 https://insenglische.de/ [_post_url]

    Message Body:

    This e-mail was sent from a contact form on InsEnglische
    *******
    Note the email is a valid address, and these people are also getting sent a notification that their contact submission was sent. This bot is sending out messages with blank subjects and message content despite minimum and maximum lengths being defined for those fields, so there is some hack/vulnerability going on here.
    Other security measures in place include:
    1. Honeypot installed
    2. Flamingo to monitor
    3. Wordfence (free version)
    4. Google ReCaptcha
    5. Field min and max defined
    6. Postman SMTP set up
    I’m curious what the point of all these bot submissions could be. All I can imagine is that this is some sort of email injection attack, but I have no way to see the payload. If anyone can help (including the developer!) I’d appreciate it. I had the same issue with both PHP Mail and Postman SMTP, so this is not a PHP Mail vulnerability, but rather a problem with Contact Form 7 itself. When I deactivate Contact Form 7, it stops.
    Thanks,
    Matt

  • The topic ‘Bot submitting from 58fecca08a199 etc.’ is closed to new replies.