may 1, 20183:55 PM - editado may 2, 201811:09 AM
Equipo de producto de HubSpot
Suspicious activity on your HubSpot forms
Notification that your form has been recognized as insecure by bots
If you have received an email like the one above, it means that one or more of your publicly facing forms have been detected by bots as insecure. This exposes your forms to be used in a "list-bombing" attack.
"If there’s anything positive about it, it’s that with these kinds of attacks you’re more than likely not the one under attack, but rather you’re simply used as a vehicle to help out with one." -klaviyo
List bombing is when an mail address (the victim of the attack) is submitted on thousands of non-captcha forms automatically, flooding their inbox. It's normally used in tandem by hackers trying to break into the victim's bank account to obscure the alert emails from their bank. For instance, a hacker might launch a list bombing attack while utilizing a password reset functionality to hide the password reset emailfrom ever being seen.
The risk to you has to do with the deliverability of your emails. Spamhaus has dealt with this issue by blacklisting any IP address used to facilitate a "Subscription bombing" attack (another name, same thing). Having your IP blacklisted on Spamhaus is bad. If that happens it can result in 60-70% of emails soft bouncing.
If the victim's address is not already in your database then enabling CAPTCHA or DOI will completely eliminate this risk. So if you see this email please do either as soon as you can to protect the deliverability of your emails.
The person and email that is quarantined has been using my contact page which has a CAPTCHA on it for weeks. Apparently, it's more than a bot. I found out by googling this person's name, Joe Madison, that this person or bot is a nuisance to many people. I am not sure what else I can do. I am happy that Hubspot quarantined the email and IP address for now. I don't think I have double opt-in activated. Is that done via Hubspot or my website? Do you have any recommendations for me to better secure my contact page?