I've been noticing that my websites receive lead and contact forms filled out with real people's names, addresses, and email addresses. The problem is, these individuals definitely aren't the ones submitting the forms. There are no dangerous links or attachments, so I'm puzzled about why this is happening. At first, I thought it might be someone maliciously signing up others, but it's happening too frequently with so many different names. I'm familiar with fake info, but this is real data that seems to serve no obvious purpose. Is there an exploit involved here, or could they be trying to gather IP or domain information from my auto-response emails? Any insights would be appreciated!
5 Answers
I've encountered bots using comments to slip malicious headers into fields, but it seems like yours are just sending normal data. Their goal is often to exploit form validation issues to inject their spam headers, but this is less common now, especially if you're using APIs for email.
Are you using Cloudflare to proxy your site? Setting up challenges helped me cut out hundreds of spam signups. Now I hardly see any bot activity, but it can be a bit dull without the usual traffic.
Yes, I do run Cloudflare to proxy HTTPS traffic with a checkbox reCAPTCHA in place.
I experienced something similar a while back. My conclusion was that these bots are pretty clueless and just fill in forms randomly. They often aim to sign up for something and leave advertisements in profile comments or sections.
This isn't a phishing attack; what you're seeing is likely lead fraud and list washing. People who do this usually scrape real data and submit it to make it appear as legit leads. Your auto-replies confirm that an inbox exists, which helps them figure out who to resell the data to later on. To prevent this, consider adding a honeypot field and requiring a delay before submission. Also, make sure to do email verification before creating the lead. If the issue persists, think about using reCAPTCHA v3 to cut down on bot activity and rate-limit incoming requests by IP. If you want, share a redacted sample of the submissions, and I can help identify specific patterns you might want to filter out!
Interesting, I'll check those options out. It's awesome that Bluehost engages here to support folks!
If you're running ads, like with the Google Display Network, this could be a tactic for ad click fraud. They click your ad for a payout and then fill your form to look like a valid lead.
I'm not using the Google Display Network for my sites, though I do manage my own campaigns to bring traffic in.
I haven’t encountered that kind of activity. It’s just standard names, emails, and addresses along with generic messages like "I’m interested in your service." This makes it clear that the submissions are not actually from genuine inquiries.