Your software
My Mautic version is: 2.31.1
My PHP version is: 7.0.33
Your problem
My problem is:
I had a client site hit by a spam bot. All the mautic generated forms were being filled out. I have removed ALL the forms from the site. Deactivated them in Mautic, but still the Mautic contact list is being filled with spam signups. I don’t understand how the contacts are being injected as I have shut all access points. Could this be a virus in the mautuc code that has opened a back door? I have created a smart segment that grabs all the spam contacts and deletes them. Strangely the segment fills with exactly 66 spam contacts between every cron cycle. It is as if a script is running inside mautic. I have deleted the spam contacts from the database direct but they keep coming back. No idea what I should do next? Any suggestions?
Actual signs ups, although I assume its a bot signing up due to the rate of sign ups. I do have spam protection on the forms, either as a honey pot or a simple math sum, adds to my confusion.
Hi, if you look at the profile in mautic of one of these sign ups does it give any info on how they signed up?
I am interested as I think I had a similar issue, I fixed it by putting an anti spam signup system at a high level on the server (not with setting in mautic). For me, bots were coming in by forms (according to mautic) but I just could not seem to stop them with any measure withing mautic, I tried everything from captcha to running an anti spam campaign to remove people who filled in a honeypot - nothing worked
Sadly the honeypot is not working when a spammer goes to your website, detects what he needs to fill into the actual form (without the honeypot-field) and then makes a script to only fill out these fields.
You can use the reCaptcha Plugin to solve that. If you use V3 of reCaptcha you don’t need to solve crazy puzzles or something.
The other thing which you could/should introduce is updating your servers firewall. You can use fail2ban with filters to scan the Mautic logs for unusual form submits. (At least that’s my plan and i didn’t 100% figure out how to do that. But I will make a video about this)