I just discovered that over the last 5 days I have been getting 50-100 newsletter subscriptions per day. I use an auto-responder for Confirmation and none of these submissions are actually confirmed.
The problem is that the Confirmation is acting like an email attack against the recipients - several of the Confirmation emails bounce and indicate that the destination mailbox is receiving mail at a rate that prevents delivery, and in two cases the bounce stated that the account was under "email attack".
I would just like to tell my host the URL of the newsletter submission form, but my form is built into the footer, like the default store and there is no real independent page for the form. There is no option to enable image verification for newsletter forms, and really, no room for it in the design of the form in the footer anyway.
Can someone tell me what URL a bot would be using to submit subscribers in v4.3.x?
I'm hoping I can block some IPs and stop the bot. I can't seem to find anything in my access logs (other than requests from the checkout page - which are legitimate).
Someone has apparently decided to use CS-Cart's Newsletter Subscription forms for a DDoS attack. The forms are wide open for exploit - there is no Image Verification on the form built into the default themes.
I could turn off the Autorespond Confirmation and that would stop me from sending the unwanted email messages, but then I have NO WAY of determining legitimate subscriptions from the robot-generated requests.
This is bad. It buries the recipient with unwanted emails, and it turns me into a spammer!
Because the form is embedded into the home page, I don't know what to find in my access logs. Each of these subscription requests should be a POST method, but I can't find them in the logs... It seems as though they are just not written in to the logs. I'm certain my server has not been compromised. It's driving me nuts.