7.14 contact.php spam hack

Reply·Subscribe
goodguyndfw
goodguyndfwAdvanced
153 posts
0
 

Dolphin reports sent me the following email (in red).  2 things:

  • Did Dolphin block something to keep the spam content from broadcasting or is it just a warning?  
  • I verified there are no new profiles in the db and since the warning below has the profile field blank, I suppose the hack is getting through to the contact.php without the need of being logged in?

These things always make me nervous.  Anyone else having spam issues with the contact.php file? (I put xxxx in the weblink)

Profile: 

Page: /contact.php

GET variables: 

Array

(

)

Spam Content: 

What if I told you that I can get you:

Millions of Facebook page likes, Twitter Followers, retweets, youtube views, favorites, instagram Followers, likes, vine Followers, revines, google+ Followers, website visitors etc. for a very cheap price. 

There's no limit on which account you want likes and Followers for. 

And here's the best part, we don't deliver thousands of fake fans overnight. We get them to you naturally, by the hour, you will get naturally organic looking fans on social media. 

Please check out my website at: 

httpxxxxxxxxxxx://businesswebmonkey.com/buy-facebook-likes-twitter-followers.php 

I promise the best social media service around

P.S. 

I did get a spam message from my server into my inbox as a legitimate message prior to the dolphin report being sent.

Quote · 5 Mar 2014
geek_girl
geek_girlPremium
11493 posts
0
 

Contact spam is a big problem.  I don't understand it either as do they really think I am going to do anything but curse them to the worst fate possible and delete the spam?

Do you have any sort of human detector on the form?  Of course humans often fill out these forms.

Geeks, making the world a better place
Quote · 5 Mar 2014
goodguyndfw
goodguyndfwAdvanced
153 posts
0
 

Lol. Not on the contact form. Just the captcha.  I turned off the contact form.  I guess the Invite/Share forms are at risk too?

Quote · 5 Mar 2014
mscott
mscottAdvanced
2088 posts
0
 

These are from spam bots that just search for a file named contact.php or something similar and then try to send this message you got. I get them constantly on my Dolphin, Wordpress and even my plain html sites. It's a nuisance but nothing to worry about.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 6 Mar 2014
jksurf
jksurfAdvanced
176 posts
0
 

I trashed contact form in favor of a support ticket system

Quote · 6 Mar 2014
goodguyndfw
goodguyndfwAdvanced
153 posts
0
 

Awesome. Thanks for the feedback and suggestions.

Quote · 6 Mar 2014
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd