Recently our website got affected by the Japanese Keyword hack. We cleaned up the site but somehow received a contact form submission from an unknown url which seems to be from hacked source. How does Hubspot allow generating contacts from hacked pages? Need to resolve the issue.
That submission appears to have been sent to the v2 form submission endpoint; if you or your team aren't actively using that endpoint to send form submissions, then I would expect this to be a spam submission. The best way to block these submissions is to clone the form, replace the old form with the new form, and delete the old form. Since the new form as a new unique form ID, the spam submissions will no longer be accepted.
I'm not 100% clear on all the details just yet, but the Form Submission API is a publicly accessible endpoint. If your website was hacked & someone got access to your portal ID & form ID, it's possible for them to submit form submissions to that form. If you can give me a link to the contact in question (and/or the form) I'm more than happy to take a closer look.
Also, if you prefer, you can delete the existing form and replace it with an identical new form, which will have a new ID (therefore preventing submissions to the old form with the compromised ID).
That submission appears to have been sent to the v2 form submission endpoint; if you or your team aren't actively using that endpoint to send form submissions, then I would expect this to be a spam submission. The best way to block these submissions is to clone the form, replace the old form with the new form, and delete the old form. Since the new form as a new unique form ID, the spam submissions will no longer be accepted.