APIs & Integrations

Search APIs & Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
khushboo

‎Sep 16, 2019 12:58 AM

Member

Spam Contact Submission from Hacked Page

SOLVE

Recently our website got affected by the Japanese Keyword hack. We cleaned up the site but somehow received a contact form submission from an unknown url which seems to be from hacked source. How does Hubspot allow generating contacts from hacked pages? Need to resolve the issue.

 

Here' the screenshotScreenshot 2019-09-16 at 10.27.33 AM.png

Contacts
0 Upvotes
1 Accepted solution
Derek_Gervais
Solution
HubSpot Alumni

‎Sep 17, 2019 4:44 PM

HubSpot Alumni

Spam Contact Submission from Hacked Page

SOLVE

Hi @khushboo ,

 

That submission appears to have been sent to the v2 form submission endpoint; if you or your team aren't actively using that endpoint to send form submissions, then I would expect this to be a spam submission. The best way to block these submissions is to clone the form, replace the old form with the new form, and delete the old form. Since the new form as a new unique form ID, the spam submissions will no longer be accepted.

View solution in original post

0 Upvotes
4 Replies 4
Derek_Gervais
HubSpot Alumni

‎Sep 16, 2019 2:37 PM

HubSpot Alumni

Spam Contact Submission from Hacked Page

SOLVE

Hey @khushboo,

 

I'm not 100% clear on all the details just yet, but the Form Submission API is a publicly accessible endpoint. If your website was hacked & someone got access to your portal ID & form ID, it's possible for them to submit form submissions to that form. If you can give me a link to the contact in question (and/or the form) I'm more than happy to take a closer look.

 

Also, if you prefer, you can delete the existing form and replace it with an identical new form, which will have a new ID (therefore preventing submissions to the old form with the compromised ID).

0 Upvotes
khushboo

‎Sep 17, 2019 12:55 AM

Member

Spam Contact Submission from Hacked Page

SOLVE

Hi Derek,

 

Thanks for reverting. Here's the link to contact workflow - https://app.hubspot.com/contacts/107458/contact/12107041/

 

Let me know the solution when you can find it.

 

Regards,

Khushboo

0 Upvotes
Derek_Gervais
Solution
HubSpot Alumni

‎Sep 17, 2019 4:44 PM

HubSpot Alumni

Spam Contact Submission from Hacked Page

SOLVE

Hi @khushboo ,

 

That submission appears to have been sent to the v2 form submission endpoint; if you or your team aren't actively using that endpoint to send form submissions, then I would expect this to be a spam submission. The best way to block these submissions is to clone the form, replace the old form with the new form, and delete the old form. Since the new form as a new unique form ID, the spam submissions will no longer be accepted.

0 Upvotes
khushboo

‎Sep 19, 2019 12:21 AM

Member

Spam Contact Submission from Hacked Page

SOLVE

Thanks Derek

0 Upvotes
Sunny

Sign up for the Developer Newsletter

Fresh content delivered to your inbox every month.
Spam Contact Submission from Hacked Page
Developers
Sep 18, 2019