Divi WordPress Theme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix Reply To: Contact Form Spam

Discussion in 'Misc WordPress Requests' started by t-p, Dec 27, 2017.

  1. t-p


    Reply To: Contact Form Spam, by t-p

    The spammer (probably only one, even though he’s using several IP addresses) isn’t using your form, which is why you’re still getting spam even though you’ve removed it. He’s using his own version of your form, identical to the one he’s used to spam hundreds of other sites with the same form, and what you’re getting is the submitted output from the form. Once you’ve got your head round that distinction, dealing with it becomes easy – because a genuine visitor can’t access the form, as it isn’t physically there for him to fill in, any form responses you get must be spam. So, set your mail server to automatically dump any form responses you get.

    In other words, not really getting spam through your Web site form, you’re just seeing the output from the form. I often refer to this as “direct posting.” At some point a spam bot indexed your form page and just kept the link that’s part of the action=”” attribute in the <form> element. As long as the form-to-email script in that page still exists, future bots can just blow by your form and go straight to the page that does all the work, and spam you that much faster.

    Since you’ve already dumped the form itself (and if you want to keep that email address instead of losing it), another way to handle this would be to also delete the script or page that actually processes your old Contact Us form. For most contact forms, the form-to-email scripting can usually be found in the thank you page for the form.

    Reply To: Contact Form Spam

Share This Page

Monarch Social Sharing Plugin