Tagged: ,

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #1004785

    We’ve noticed a few installations of Enfold are getting attacked via the contact form (even with captcha on).
    Simialr to this…
    “If уou recеived this messаge, thеn уоu nеed tо transfеr 0.5 bitcoins to thе рurse xxxxx otherwisе уou will receive this lеtter реrmanently until yоu trаnsfеr 0.5 bitcoin”

    Any clue on how to stop it?
    Sorry for bad news.
    Cheers

    #1004808

    Hey Slick,

    Could you post a link to one of the sites where this is happening so that we can have a closer look please?

    Best regards,
    Rikard

    #1004951

    Howdy folks…my clients are reporting this as well. When you say post a link, do you just want the public domain link?

    #1004961

    I asked for info here: https://kriesi.at/support/topic/spam-protection-is-very-weak/
    And my client is waiting for the reply and looking there :)

    lol, nobody is asking for bitcoins, just offering viagra, cialis, seo, mp3 downloads, some “great deals”… :-/

    #1004969

    I personally got 7 of the bitcoin spam email, all within 2 minutes. Four of my enfold clients have reported the bitcoin emails in the past 24 hours. I suspect I have others but they haven’t alerted me.

    • This reply was modified 6 years, 3 months ago by itchybrain.
    #1005010

    Hi Slick Sites,

    Here is a thread for you to consider

    If you need further assistance please let us know.
    Best regards,
    Victoria

    #1005237

    My client is getting 10-100s of these also through the Enfold captcha form. The ‘thread’ link above does not ‘link’. I’ll manually search but it would better if a live link were added.

    #1005238

    This isn’t just a simple spam issue – this is a targeted attack on the Enfold Captcha form.
    Might need to get the dev team to look into recaptcha?

    #1005239

    Same…dozens and dozens of spam emails now. Is there perhaps a vulnerability that has allowed spam malware to load on our sites?

    #1005242

    One of my affected clients isn’t using the Enfold form, but instead was using WPForms Lite with authenticated invisible google recaptcha, so it doesn’t seem specific to the enfold form, but is enfold themed sites being affected.

    #1005243

    I agree it is an issue with the Enfold Catcha. I’ve replaced the contact form with a Contact Form 7 + reCaptcha. No spam for an hour now! yay. I’ll monitor it for a few days and report. My other sites/clients are not having an issue and they are on other themes with ContactForm7. So feeling from the many threads going back 2yrs (with no solutions posted) that this is an Enfold captcha/security issue. IMHO.

    #1005513

    Hi,

    Alright. Let us know if you encounter any issues again. For added security, you can implement reCAPTCHA to the theme’s contact form. You’ll need the public/site key to render the “I’m not a robot” widget and the secret key for verification. Include those info in the following code. (see private field)

    Best regards,
    Ismael

    #1005796

    Thank you Ismael, how do I see the private field? I am logged in but cannot see it, it just as a note in brackets, saying (see private field)

    #1005828

    Hi,

    Sorry about that. Here it is: https://pastebin.com/zZXQaLwP

    Best regards,
    Ismael

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.