Solved

Spammed without form?

  • 20 July 2021
  • 7 replies
  • 58 views

I used to have a form online on this page https://go4traction.com/en/contact/
Although the form has been removed and is no longer available online I still get spam.

The email has the same output as the form  that no longer exist. Except in this text block the URL is missing:

Date: 20 juli 2021
Time: 15:10
Pagina URL: 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
Remote IP: 5.227.6.171
Powered by: Elementor

Any idea how stop this spam? I also don't have any other forms online. 

icon

Best answer by Brian Erickson 23 July 2021, 21:22

@Lorcan@Mark K 

The client said he unpublished a template which contained the form in question. He says the template was not placed on any page. Since unpublishing the template, the spam has stopped.

It appears, either the template must’ve been on a page he forgot about or the template was somehow publicly accessible when left in a published state but not placed on a page.

View original

7 replies

Userlevel 7
Badge +4

Hey @evroekel, it looks like you have some forms on this site still.  A quick look through what google has crawled on this site I see these 2, there may be more:

https://go4traction.com/en/merger-and-aquisition-succes-with-eos/

https://go4traction.com/nl/traction-get-a-grip-on-your-business-door-gino-wickman/

Thx for the quick reply/help @Abner Rojas!

I missed those but indeed they are online. Unfortunately that doesn’t solve the mystery. These forms generate other emails (in the action after submit) and also show the correct URL in the messages I receive.

Somehow I still have the feeling that the spammers use some backdoor or cached version in google or something like that. I already emptied the whole cache on serverside. Weird case so far. 

Userlevel 3
Badge +1

I have a client reporting spam coming in on a form which he says is no longer placed on his site as well.  He says, “I think Elementor's latest update exposes "published" but unplaced forms to bots and crawlers.”

By this, he probably means a global widget or template which has a form but is not placed in the site anywhere. Is anyone else seeing spam coming in on forms like this?

There are a couple other things I could suggest you take a look at. First, in the left column of WP, do you have a ‘Forms’ option? If you deleted the form or form shortcode from the page, but the form is still part of the site, a cached page would give the ability to submit.

If you do not have a ‘Forms’ option, which plugin did you use for the form? It could be saved in the plugin settings.

Userlevel 3

I have a client reporting spam coming in on a form which he says is no longer placed on his site as well.  He says, “I think Elementor's latest update exposes "published" but unplaced forms to bots and crawlers.”

By this, he probably means a global widget or template which has a form but is not placed in the site anywhere. Is anyone else seeing spam coming in on forms like this?

Bit concerning be interested to hear more :eyes:

Userlevel 3
Badge +1

@Lorcan@Mark K 

The client said he unpublished a template which contained the form in question. He says the template was not placed on any page. Since unpublishing the template, the spam has stopped.

It appears, either the template must’ve been on a page he forgot about or the template was somehow publicly accessible when left in a published state but not placed on a page.

Userlevel 3
Badge +1

I also think there is a changelog update which may have fixed this in Elementor v3.4.0:

https://github.com/elementor/elementor/issues/14578

Reply