Contact Form Attack

This classic contact form attack had happened few hours ago on a customer website. The log below spans over 3 hours and shows 3 tentatives. One contact form attack per hour per website. There are about 66 millions WP websites...

The contact form on a website is filled with two links to a bad website.

For future search engine reference the email text is :
" You have been chosen by WordPress community to try out our new All in One SEO Pack Pro v2.1. " attaque-formulaire-de-contact_562x288 We can see the usual symptoms of spams:

  • personalization : "You have been choosen..."
  • domain name looking like a respectable official website: "WordPress Community"
  • social influence : "community"
  • official reference: "WordPress"
  • spoofed sender email address: ysmxoaojhl@wordpress.org is not a valid email address

The header shows the date and time of the attack: Wed, 4 Dec 2013 23:22:53. There is one hour difference between the server time located in UK and the email receiver location in France. So the attack was done about 6h18 before. The plug-in Wordfence shows the previous visits on the contact pages: (note the time on the image is slightly shifted when I edited the image by copy-paste) So the IP attacking is the top one of the image below. Note this is probably an infected computer (or zombie) and the owner is unaware. attaque-formulaire-de-contact_864x1152