This classic contact form attack had happened few hours ago on a customer website. The log below spans over 3 hours and shows 3 tentatives. One contact form attack per hour per website. There are about 66 millions WP websites…
The contact form on a website is filled with two links to a bad website.
For future search engine reference the email text is :
» You have been chosen by WordPress community to try out our new All in One SEO Pack Pro v2.1. » We can see the usual symptoms of spams:
- personalization : « You have been choosen… »
- domain name looking like a respectable official website: « WordPress Community »
- social influence : « community »
- official reference: « WordPress »
- spoofed sender email address: firstname.lastname@example.org is not a valid email address
The header shows the date and time of the attack: Wed, 4 Dec 2013 23:22:53. There is one hour difference between the server time located in UK and the email receiver location in France. So the attack was done about 6h18 before. The plug-in Wordfence shows the previous visits on the contact pages: (note the time on the image is slightly shifted when I edited the image by copy-paste) So the IP attacking is the top one of the image below. Note this is probably an infected computer (or zombie) and the owner is unaware.