STOP RINGING MY DOORBELL!

Why do I keep getting contact forms with missing or junk text in the fields?

Spammers or hackers are looking for vulnerabilities. They want to see if they can use your form to either send out information or retrieve information from your database.

For example, if they can gain access to your configuration file, they could find out your administrator’s username and password – This would give them full access and control of your site. From there they can:

1. Use it to send out spam messages
2. Steal your clients’ personal data or credit card information (if stored)
3. Place a virus on your site that infects future visitors
4. Direct all your traffic to a different website of their choice

You’re probably wondering how all this could happen from a simple contact form, comment form, or newsletter signup form. It’s scary, but way simpler than you think. If your form’s coding isn’t written correctly or is outdated, then Hackers can gain access as easy as just entering a line of code into the form’s input fields. One example is that they can insert some code into the email field that can CC others, and change the subject line, essentially turning your form into a gateway to freely advertise to others without consequence. This would ultimately get your email blacklisted from annoyed receivers, and possibly even Google. Not a good situation to be in.

Buy why do spammers take the time to put so many words in my contact form if it’s not a legitimate request?

Bayesian Poisoning: This is the technique used by some email spammers to make their email look legitimate to spam catchers by putting in a lot of real words to dilute or trick the algorithms. If there’s only one spammy word and the rest of the text is legit, then the spam catchers can be fooled into letting it go through.

For example, if you type in the ‘Lorem Ipsum’ text, a lot of random text, or even a lot of carefully selected text like the works of Charles Dickens, along with the spam message ‘Buy My Pills’ then their spam product only shows up once among all those other words, ultimately confusing the spam catcher. It’s a matter of mathematics and dilution, and not letting any particular words flag the spam catchers.

Are these comments legit?

Blog Post Comment Fields, Discussion Forums, Leave a Review forms, etc. are a spammer’s dream. They want a place to post their spam or their spam links. If a comment goes up automatically without prior approval, then this makes it way too easy for them. Even when a moderator is used, the post can be published until it’s caught, or slip by altogether. These posts contain spam or links back to a third party website, which is called ‘backlinks’. These backlinks to third party websites actually help them to rank better with Google and other Search Engines. So even though a post or comment may look legit, they’re really only trying to trick the system to receive a backlink. They often start with flattering words like ‘I love your product’, or ‘Great post’. By default, often times these comments include a hidden link back to their website from their name.

Spammers can be patient.

Even when comments have to be approved first before they are posted, spammers can find a way around it. They will post 10 legitimate forum posts and then often times they’re free to post automatically. They take advantage of this and then spam on the 11th one. It could be obvious or it could be subtle. A subtle spam link would be a link from their name back to their website. Another method they use is to post a legitimate forum post, and then a week later edit their signature to include a backlink. That link is now live in the post without being detected. This backlink either directs people back to their spam product website, or helps their ranking with Google (called link juice).

It’s very important to read posts and comments with a wary eye. Are they just trying to spread their spammy words? Or are they legit.

So what do I do and how do I prevent this?

1.  1Don’t allow auto posting. Always set it to ‘comments must be approved’ before it posts.
2.  2Use multiple defenses such as ‘Captcha’s’ on your contact form to prevent bots, and limit the submissions per minute that email can be sent from the server. This way if a spammer was able to hack in and send spam from your email server than it would get flagged and stopped. You can also use security plugins like CleanTalk and IThemes Security that catch known spammers and can block them from your site. These security plugins have a database of known spammers IP addresses that they block automatically, before they can even attempt to hack in.
3.  3Use good form code and make sure plugins are kept up to date. Even the most popular plugins get hacked. When a vulnerability is discovered, a responsible plugin coder will fix the vulnerable coding immediately and make it available for downloading/updating. The plugin needs to get updated on your website. We subscribe to a service that sends us a weekly report of all the plugins and themes that have vulnerabilities and could get hacked. Believe it or not, every week on average there a 40+ plugins that have security vulnerabilities and need to be updated on websites. We then go to our in-house spreadsheet to see if any of our clients are running those vulnerable plugins. And if they are, we fix it right away, with a ‘stop everything and fix this now before it gets hacked‘ mentality. This is included in our maintenance packages, but if we just host your site, we still fix your site and bill as a security update. You may see this on your invoice occasionally under ‘security update’. Rest assured we’re protecting your site and our servers from the evil spammers and hackers that are way too abundant these days.

Equivalent to kids ringing a doorbell and running away, these attempted hacks can be super annoying. But as long as your code is up to date (WordPress and all the Plugins that help WordPress to to function with added features), and your web designer and hosting provider has put the proper procedures in place, there isn’t anything to worry about. You can just delete the emails, or if they’re posts, don’t approve them. Just opening an email won’t trigger a virus. You have to actually click on a link to download a possible virus. All links aren’t viruses, some are just trying to get you to their website to buy their product. But if you do get an email with a suspicious link, don’t click on the link, just to be safe, and delete it.

So, we hope you can sleep easier now. And if you’re not currently one of our clients, and wish to sleep easier, please give us a call to discuss our maintenance or hosting packages – 813-818-0682.

By Stephanie Raccine
Off the Page Creations