Suspicious activity on your HubSpot forms

paxton
HubSpot Product Team

Notification that your form has been recognized as insecure by botsNotification that your form has been recognized as insecure by bots

If you have received an email like the one above, it means that one or more of your publicly facing forms have been detected by bots as insecure. This exposes your forms to be used in a "list-bombing" attack.

 

"If there’s anything positive about it, it’s that with these kinds of attacks you’re more than likely not the one under attack, but rather you’re simply used as a vehicle to help out with one." -klaviyo

 

List bombing is when an mail address (the victim of the attack) is submitted on thousands of non-captcha forms automatically, flooding their inbox. It's normally used in tandem by hackers trying to break into the victim's bank account to obscure the alert emails from their bank. For instance, a hacker might launch a list bombing attack while utilizing a password reset functionality to hide the password reset emailfrom ever being seen.

 

The risk to you has to do with the deliverability of your emails. Spamhaus has dealt with this issue by blacklisting any IP address used to facilitate a "Subscription bombing" attack (another name, same thing).  Having your IP blacklisted on Spamhaus is bad. If that happens it can result in 60-70% of emails soft bouncing.

 

If the victim's address is not already in your database then enabling CAPTCHA or DOI will completely eliminate this risk. So if you see this email please do either as soon as you can to protect the deliverability of your emails.

 

3 Replies 3
roisinkirby
HubSpot Product Team

Thanks for sharing @paxton

TScardaCFE
Member

Hi Paxton,

The person and email that is quarantined has been using my contact page which has a CAPTCHA on it for weeks. Apparently, it's more than a bot. I found out by googling this person's name, Joe Madison, that this person or bot is a nuisance to many people. I am not sure what else I can do. I am happy that Hubspot quarantined the email and IP address for now. I don't think I have double opt-in activated. Is that done via Hubspot or my website? Do you have any recommendations for me to better secure my contact page?

0 Upvotes
sharonlicari
Community Manager

Hey @TScardaCFE 

 

Welcome to the Community!

 

You can find here the steps on how to use the opt-in functionality 

 

Another option is to block specific email domains or free email providers, (this is only available for Marketing subscriptions).

 

I hope this helps

 

Thanks

Sharon 


¿Sabías que la Comunidad está disponible en Español?
¡Participa hoy en conversaciones en el idioma de tu preferencia,cambiando el idioma en tus configuraciones!

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !