Contact Form Attack

This classic contact form attack had happened few hours ago on a customer website. The log below spans over 3 hours and shows 3 tentatives. One contact form attack per hour per website. There are about 66 millions WP websites…

The contact form on a website is filled with two links to a bad website.

For future search engine reference the email text is :
 » You have been chosen by WordPress community to try out our new All in One SEO Pack Pro v2.1.  » attaque-formulaire-de-contact_562x288 We can see the usual symptoms of spams:

  • personalization : « You have been choosen… »
  • domain name looking like a respectable official website: « WordPress Community »
  • social influence : « community »
  • official reference: « WordPress »
  • spoofed sender email address: ysmxoaojhl@wordpress.org is not a valid email address

The header shows the date and time of the attack: Wed, 4 Dec 2013 23:22:53. There is one hour difference between the server time located in UK and the email receiver location in France. So the attack was done about 6h18 before. The plug-in Wordfence shows the previous visits on the contact pages: (note the time on the image is slightly shifted when I edited the image by copy-paste) So the IP attacking is the top one of the image below. Note this is probably an infected computer (or zombie) and the owner is unaware. attaque-formulaire-de-contact_864x1152