I’m frastated from spam mails which i get from my website contact form, The user fillup form again and again every minute and system does’nt detect it as a spam
Previous hosting provider have webmail but their system detect this spam mail and add into junk but virtualmin not stop this spam mails just sent it to inbox
Please help me to how to stop this spam emails cause it coming from my contact form i can’t block this sender as it my own domain
The best solution is to stop it at source. The fault lies in the contact form and its design. WordPress site? then certainly some rubbish plugin.
Otherwise you are down to blocking the user’s IP (but they will just move to another) you are also at risk of being blacklisted.
You say it is happening every minute (that suggests a bot rater than a genuine user). Most well designed contact forms have easy to implement mechanisms to prevent reuse or repeat use as humans do not use them in that fashion and tend to use them infrequently.
Local spam, as I call it, is the one that comes from your own website. Here are some effective actions, but you have to arm yourself with patience and study the behavior of those who use it, humans or bots.
First of all, separate in the log all successful submissions of the form (grep, awk). Check if those who cause you trobule have particularities. For example, they access the form directly without going through the website, they have a certain user agent. If they have a user-agent you can block it in .htaccess, there are references on the Internet related to BAD_BOT.
Use Fail2Ban on the webserver log. Any IP that successfully submits the form is blocked. When you receive a message that is normal, find the IP address and unblock that IP from the Fail2Ban chain. You apply this method when the proportion of the normal ones is bellow 1/3 of the fake ones.
Use IPSet and create a special set for the form. You add each IP address to the set manually. After a while you can list the set and sort it. If you have more than 3-4 IPs in a range of 255 IPs, delete them and block the entire range, for example 192.134.400.0/24. You can use IPRange pack to do this task automatically.
If the Body of the message has a certain format or contains certain phrases that are repeated, you can filter it and transfer it with the help of Procmail to a special directory.
If the Body of the message has a template you can use SpamAssassin rules.
Changes can also be made in MTA (postfix, exim, …) but I’m not a fan of reject or defer actions, I prefer that all messages go inside the VM (obviously not over a certain size) so that they can be evaluated and not lose anything. This applies to companies where important messages can pass as SPAM for various reasons.
Ya its wordpress site, so what should i do now? remove that form then how should user contact me?
Should i turn on under attack mode in cloudflare which show some security challange who visit my site or else if you have some better option please let me know @stefan1959 FYI
Go back to the designer “novice” of the form and “suggest” they incorporate some very basic form checks on the backend of their “plugin” (putting a simple hash on the form is all that is required with the backend validating the hash. validation can be a simple date → invalid forms expire or more complex as rate limiting) even something as a basic as a simple question (eg what is 1 + 1) can be enough to deter the idiot user - though easily beaten by bots. Everyone knows the easiest way to attack a website is through a form. Too little attention is paid to their design and handling.
You must learn to use the webserver log file with Fail2Ban. It is not very difficult, you have to set the filter and the action. You need knowledge of REGEX, if you make a mistake, it’s no problem because you can easily check your work it in the CLI. You can start studying an implementation from here
