Joomla Contact Spam 5

At the moment we see spamming mails, which are sent via the contact form, on many customer servers running a current Joomla and OS.

The logs contain lines like:

117.90.137.141 - - [08/Sep/2017:20:01:37 +0200] "POST /index.php/kontakt HTTP/1.1" 302 483 "http://www.WEBSEITE.de/index.php/kontakt" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"

or

185.135.80.139 - - [08/Sep/2017:09:21:44 +0200] "POST /kontakt.html HTTP/1.1" 302 1498 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

The URLs called first using GET and directly afterwards POST (see above) are a little bit different from website to website. In all cases, /kontakt is included.

We use the ISPProtect BanDaemon on our servers and most of all customes running this nice tool, too. So it is very easy to ban the corresponding IPs if you assume that a contact form is not filled in by a normal user several times within seconds.

Just create /opt/ispprotect_bandaemon/conf.d/200.conf:

ident = joomla-contact
log = /var/log/ispconfig/httpd/*/access.log
regex = /^\s-\s-\s\[(?P\w+\/\w+\/\d+:\d+:\d+:\d+\s.*)\]\s.POST\s.*\/kontakt.*/i
alt_regex =
if_web = true
ignore_alltime = false
ignore_previous_bans = false
scope = web
bantime_factor = 1
reduce = 1

and restart the Ban-Daemon.

A more closely regex (matching the lines above) may look like this:

regex = /^\s-\s-\s\[(?P\w+\/\w+\/\d+:\d+:\d+:\d+\s.*)\]\s.POST\s\/index\.php\/kontakt.*/i

or

regex = /^\s-\s-\s\[(?P\w+\/\w+\/\d+:\d+:\d+:\d+\s.*)\]\s.POST\s\/kontakt\.html.*/i

Leave a Reply to Chauncey Cancel reply

Your email address will not be published. Required fields are marked *

5 thoughts on “Joomla Contact Spam

  • Reply
    Serena

    EASE YOUR PAIN IN 10 MINUTES EFFORTLESSLY

    Be Free from sore muscles and joint pain
    Try FitRx Wireless Massager & Relieve YOUR Pain Effortlessly In 10 Min!
    Save 50% OFF + FREE Priority Shipping

    Shop Now: https://EaseRelief.net

    Best Wishes,

    Serena

  • Reply
    Chauncey

    Hi there

    I wanted to reach out and let you know about our new dog harness. It’s really easy to put on and take off – in just 2 seconds – and it’s personalized for each dog.
    Plus, we offer a lifetime warranty so you can be sure your pet is always safe and stylish.

    We’ve had a lot of success with it so far and I think your dog would love it.

    Get yours today with 50% OFF: https://caredogbest.com

    FREE Shipping – TODAY ONLY!

    The Best,

    Chauncey

  • Reply
    Jerrod

    Hello there

    I wanted to reach out and let you know about our new dog harness. It’s really easy to put on and take off – in just 2 seconds – and it’s personalized for each dog.
    Plus, we offer a lifetime warranty so you can be sure your pet is always safe and stylish.

    We’ve had a lot of success with it so far and I think your dog would love it.

    Get yours today with 50% OFF: https://caredogbest.com

    FREE Shipping – TODAY ONLY!

    All the best,

    Jerrod

  • Reply
    Leanna

    Hi there

    Is your dog’s nails getting too long? If you’re tired of going to the vet or groomer to get them trimmed, why not try PawSafer™?
    With PawSafer™, you can trim your dog’s nails from the comfort of your own home, and it only takes a few minutes!

    PawSafer™ is the safest and most convenient way to trim your dog’s nails, and it’s very affordable.

    Get it while it’s still 50% OFF + FREE Shipping

    Buy here: https://pawtrim.shop

    Regards,

    Leanna