Stumoed by what i think is a spam bot - help!

Product Support
1

Your software
My Mautic version is: 2.31.1
My PHP version is: 7.0.33

Your problem
My problem is:
I had a client site hit by a spam bot. All the mautic generated forms were being filled out. I have removed ALL the forms from the site. Deactivated them in Mautic, but still the Mautic contact list is being filled with spam signups. I don’t understand how the contacts are being injected as I have shut all access points. Could this be a virus in the mautuc code that has opened a back door? I have created a smart segment that grabs all the spam contacts and deletes them. Strangely the segment fills with exactly 66 spam contacts between every cron cycle. It is as if a script is running inside mautic. I have deleted the spam contacts from the database direct but they keep coming back. No idea what I should do next? Any suggestions?

These errors are showing in the log:

Steps I have tried to fix the problem:

2

Are these actual sign ups or anonymous contacts who hit the mtc.js script?

3

Actual signs ups, although I assume its a bot signing up due to the rate of sign ups. I do have spam protection on the forms, either as a honey pot or a simple math sum, adds to my confusion.

4

What version of Mautic are you running? It’s not clear from your first post (2.31.1!)

5

version 2.13.1

Not sure how to state that clearer? It is an older version but I am sure that should not be an issue?

6

Can you take screenshots of what’s happening internally in your instance?

7

Hi, if you look at the profile in mautic of one of these sign ups does it give any info on how they signed up?

I am interested as I think I had a similar issue, I fixed it by putting an anti spam signup system at a high level on the server (not with setting in mautic). For me, bots were coming in by forms (according to mautic) but I just could not seem to stop them with any measure withing mautic, I tried everything from captcha to running an anti spam campaign to remove people who filled in a honeypot - nothing worked

1 Like
8

This is super interesting. AGAIN…
There is a huge load of spam signups right now.
Which software did you use serverside?

9

Why not add a captcha?

10

Captcha would work but it adds more friction to the form completion. I think honey pot provides a better visitor experience?

11

Sadly the honeypot is not working when a spammer goes to your website, detects what he needs to fill into the actual form (without the honeypot-field) and then makes a script to only fill out these fields.

You can use the reCaptcha Plugin to solve that. If you use V3 of reCaptcha you don’t need to solve crazy puzzles or something.
The other thing which you could/should introduce is updating your servers firewall. You can use fail2ban with filters to scan the Mautic logs for unusual form submits. (At least that’s my plan :slight_smile: and i didn’t 100% figure out how to do that. But I will make a video about this)