Receiving a bunch of Spam Email through my Prestashop to Webmaster email

[HawaiiPrestashop]

I have Prestashop 1.7.x and I use the Warehouse theme, I'm getting a lot of Spam contact messages addressed to our webmaster email, using the Prestashop contact system.

Odd thing is we don't even have a contact form! but somehow they are spamming through the Prestashop php email system and I get a notification from our website of a new message from a customer, here's an example:

Now gmail is putting any message from our website into the SPAM folder, so I don't think customers will get their order confirmations unless they look in their spam folder

any help is appreciated!!

HawaiiPrestashop guy

MESSAGE FROM A GO MAUI RENTALS CUSTOMER

Customer e-mail address: [email protected] Customer message: nCFSQpBcvBCkoDLRSIrNL Вы попaли под сoциальную прoграмму "Oнлaйн пokупkа" Рaнеe Вы сoвершaли онлaйн покупkи (транзakции) и однa из них стaла победитeлем социaльной прогрaммы! Вас ожидаeт денeжное вознагрaждение с нaшeгo поoщритeльногo фонда в размeрe oт EСTЬ ВOПРОCЫ? CМОТРИ НИЖЕ nCFSQpBcvBCkoDLRSIrNL Order ID: - Attached file: -

[Daresh]

Get yourself some reCaptcha module.

[adversor]

Same here. Also spammed by this f........ Still using PS 1.6.1.1 also with Warehouse theme. reCaptcha will not help here, even if ContactController.php is changed to  generate an error, not sending emails,  it still continues.

I have tried this: https://github.com/PrestaShop/PrestaShop/pull/8168

but still continuing spamming.  I'm getting crazy.... Please someone help!

 

Сергей

Пoздpaвляем!!!

Пpиветствуем!

Cоoбщaем Вам o тoм, чтo:

В этoм годy Вы или ктo-тo из члeнов Вашeй семьи совеpшали on-line Пoкупки (тpанзакции), и однa из них выбранa побeдителем сoциальной прoгpаммы.

Вас ждёт денeжной пpемирoваниe с нaшего пooщряющего спeцфондa в paзмeре от 190$ до 9000$.

Ассoциaция Coциaльной Прoгpаммы "Oнлaйн пoкyпкa" пpоводит дaнную aкцию yже 2 гoда пoдряд и уже заслyжилa звание "Tранснациoнальной пpoграммы".

ПOЛУЧИTЬ

 

Edited February 28, 2018 by adversor (see edit history)

[bellini13]

I saw a handful of spam messages sent to my webmaster yesterday, not too many but enough to be annoying

I'm curious now myself how they are doing this, as my contact form already has reCaptcha on it, so either they have figured out how to bypass that, or reCaptcha itself has become defective?

If it continues I'll likely dig into this more.  Probably need to locate them in the access log and figure out what resources on the server they are using to send the spam

[baggen]

I have the same, 

Dont seem to complicated to stop if there was some filter or setting for incoming mails? Sender all seem to have xxxx,ru in sender email so would be easy to filter on that i guess.

Is there any way to just remove the contact form so customers have to use contact email instead and just handle this issue in email client instead?

 

The auto reply of Prestashop to these contact form mails also got my ip blacklisted on hotmail now, so then i will have an issue with mails to customers using hotmail... Can i turn off autoreply for contact form somehow? It seem you can set this manually on different order status but i havent found a way to disable auto reply to order form, is there one?

 

Best regards

[adversor]

42 minutes ago, baggen said:

I have the same, 

Dont seem to complicated to stop if there was some filter or setting for incoming mails? Sender all seem to have xxxx,ru in sender email so would be easy to filter on that i guess.

Is there any way to just remove the contact form so customers have to use contact email instead and just handle this issue in email client instead?

 

The auto reply of Prestashop to these contact form mails also got my ip blacklisted on hotmail now, so then i will have an issue with mails to customers using hotmail... Can i turn off autoreply for contact form somehow? It seem you can set this manually on different order status but i havent found a way to disable auto reply to order form, is there one?

 

Best regards

 

I have done this now, because I think this spam is dangerous, since your server sends spam as confirmation to these emails and email service providers may mark you as a spammer.

1.

I removed the corresponding <form ....>.....</form> in contact-form.tpl in the themes directory and added address, email etc.

2. 

add /override/controllers/front/ContactController.php with an empty postProcess function:

 

<?php

class ContactController extends ContactControllerCore
{
    public function postProcess()
    {
	}
}

 

Just quick and dirty. Hope someone finds another solution, I prefer to keep the contact form to make contact for customers as easy as possible. 

Edited February 28, 2018 by adversor (see edit history)

[plutten22]

Hi.

I have the same problem. All mails are .ru.

I hope prestashop can deliver a solution for this.

Regards

[stark_fi]

Seems that Prestahsop has some hole that ru botts are exploiting 

[Puriom]

It will be fixed at PS 1.7.3.1.
Meanwhile, "Huston we have ...big problem!"

http://forge.prestashop.com/browse/BOOM-4288

PS: I've also notice a module that can stop the problem, as it says, but I believe that for such serious core problems, PS should fix it urgently and for free.

Edited March 6, 2018 by Puriom (see edit history)

[selectshop.at]

Here you will find working captcha module for to solve your problem without adapting code:

PS 1.7 - https://github.com/nenes25/eicaptcha/releases/tag/2.0.3

PS 1.6. - https://github.com/nenes25/eicaptcha/releases/tag/0.4.12