May 1, 2018 3:55 PM - edited May 2, 2018 11:09 AM
Notification that your form has been recognized as insecure by bots
If you have received an email like the one above, it means that one or more of your publicly facing forms have been detected by bots as insecure. This exposes your forms to be used in a "list-bombing" attack.
"If there’s anything positive about it, it’s that with these kinds of attacks you’re more than likely not the one under attack, but rather you’re simply used as a vehicle to help out with one." -klaviyo
List bombing is when an mail address (the victim of the attack) is submitted on thousands of non-captcha forms automatically, flooding their inbox. It's normally used in tandem by hackers trying to break into the victim's bank account to obscure the alert emails from their bank. For instance, a hacker might launch a list bombing attack while utilizing a password reset functionality to hide the password reset emailfrom ever being seen.
The risk to you has to do with the deliverability of your emails. Spamhaus has dealt with this issue by blacklisting any IP address used to facilitate a "Subscription bombing" attack (another name, same thing). Having your IP blacklisted on Spamhaus is bad. If that happens it can result in 60-70% of emails soft bouncing.
If the victim's address is not already in your database then enabling CAPTCHA or DOI will completely eliminate this risk. So if you see this email please do either as soon as you can to protect the deliverability of your emails.
Mar 31, 2021 5:02 PM
Hi Paxton,
The person and email that is quarantined has been using my contact page which has a CAPTCHA on it for weeks. Apparently, it's more than a bot. I found out by googling this person's name, Joe Madison, that this person or bot is a nuisance to many people. I am not sure what else I can do. I am happy that Hubspot quarantined the email and IP address for now. I don't think I have double opt-in activated. Is that done via Hubspot or my website? Do you have any recommendations for me to better secure my contact page?
Apr 1, 2021 4:12 AM
Hey @TScardaCFE
Welcome to the Community!
You can find here the steps on how to use the opt-in functionality
Another option is to block specific email domains or free email providers, (this is only available for Marketing subscriptions).
I hope this helps
Thanks
Sharon
![]() | ¿Sabías que la Comunidad está disponible en Español? ¡Participa hoy en conversaciones en el idioma de tu preferencia,cambiando el idioma en tus configuraciones! Did you know that the Community is available in other languages? Join regional conversations by changing your language settings ! |
May 2, 2018 5:44 AM
Thanks for sharing @paxton