Tagged: ,

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • September 3, 2018 at 6:45 am #1004785
    Slick Sites

    We’ve noticed a few installations of Enfold are getting attacked via the contact form (even with captcha on).
    Simialr to this…
    “If уou recеived this messаge, thеn уоu nеed tо transfеr 0.5 bitcoins to thе рurse xxxxx otherwisе уou will receive this lеtter реrmanently until yоu trаnsfеr 0.5 bitcoin”

    Any clue on how to stop it?
    Sorry for bad news.
    Cheers

    September 3, 2018 at 8:16 am #1004808
    Rikard

    Hey Slick,

    Could you post a link to one of the sites where this is happening so that we can have a closer look please?

    Best regards,
    Rikard

    September 3, 2018 at 1:46 pm #1004951
    itchybrain

    Howdy folks…my clients are reporting this as well. When you say post a link, do you just want the public domain link?

    September 3, 2018 at 2:01 pm #1004961
    Milan

    I asked for info here: https://kriesi.at/support/topic/spam-protection-is-very-weak/
    And my client is waiting for the reply and looking there :)

    lol, nobody is asking for bitcoins, just offering viagra, cialis, seo, mp3 downloads, some “great deals”… :-/

    September 3, 2018 at 2:14 pm #1004969
    itchybrain

    I personally got 7 of the bitcoin spam email, all within 2 minutes. Four of my enfold clients have reported the bitcoin emails in the past 24 hours. I suspect I have others but they haven’t alerted me.

    • This reply was modified 6 years, 2 months ago by itchybrain.
    September 3, 2018 at 3:13 pm #1005010
    Victoria

    Hi Slick Sites,

    Here is a thread for you to consider

    Thousands of spam emails

    If you need further assistance please let us know.
    Best regards,
    Victoria

    September 4, 2018 at 1:22 am #1005237
    FionaH

    My client is getting 10-100s of these also through the Enfold captcha form. The ‘thread’ link above does not ‘link’. I’ll manually search but it would better if a live link were added.

    September 4, 2018 at 1:37 am #1005238
    Slick Sites

    This isn’t just a simple spam issue – this is a targeted attack on the Enfold Captcha form.
    Might need to get the dev team to look into recaptcha?

    September 4, 2018 at 1:39 am #1005239
    itchybrain

    Same…dozens and dozens of spam emails now. Is there perhaps a vulnerability that has allowed spam malware to load on our sites?

    September 4, 2018 at 2:26 am #1005242
    itchybrain

    One of my affected clients isn’t using the Enfold form, but instead was using WPForms Lite with authenticated invisible google recaptcha, so it doesn’t seem specific to the enfold form, but is enfold themed sites being affected.

    September 4, 2018 at 2:37 am #1005243
    FionaH

    I agree it is an issue with the Enfold Catcha. I’ve replaced the contact form with a Contact Form 7 + reCaptcha. No spam for an hour now! yay. I’ll monitor it for a few days and report. My other sites/clients are not having an issue and they are on other themes with ContactForm7. So feeling from the many threads going back 2yrs (with no solutions posted) that this is an Enfold captcha/security issue. IMHO.

    September 4, 2018 at 1:05 pm #1005513
    Ismael

    Hi,

    Alright. Let us know if you encounter any issues again. For added security, you can implement reCAPTCHA to the theme’s contact form. You’ll need the public/site key to render the “I’m not a robot” widget and the secret key for verification. Include those info in the following code. (see private field)

    Best regards,
    Ismael

    September 4, 2018 at 10:14 pm #1005796
    itchybrain

    Thank you Ismael, how do I see the private field? I am logged in but cannot see it, it just as a note in brackets, saying (see private field)

    September 5, 2018 at 1:49 am #1005828
    Ismael

    Hi,

    Sorry about that. Here it is: https://pastebin.com/zZXQaLwP

    Best regards,
    Ismael

  • Author
    Posts
Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.