Jump to content


Photo

Receiving spam from webmaster@blorpazort.com after vulnerability scan with Barracuda?


  • Please log in to reply
3 replies to this topic

#1 Jaime

Jaime
  • Members
  • 2 posts

Posted 03 September 2018 - 06:14 PM

Hi, I am receiving every day hundreds of spam emails from my website form since the day I did a scan of the website with Vulnerability Manager. The spam comes from webmaster@blorpazort.com and googleing that email address I saw that blorpazort.com
seems to be related with Barracuda. Does it have any sense? Is it possible that scanning with Barracuda will cause spam to be sent from the form?


Thanks

#2 Pavel Komisar

Pavel Komisar
  • Members
  • 1 posts

Posted 04 September 2018 - 01:46 AM

Hi,

 

Yes, blopazort.com is the testing website.

What kind of spam are you getting?

 

Thank you



#3 Jaime

Jaime
  • Members
  • 2 posts

Posted 04 September 2018 - 02:04 PM

Hi Pavel,

 

I have been receiving always the same email: the submission of one of the forms in the website with the following content:

 

"
From: webmaster@blorpazort.com

Name: | /bin/cat /etc/passwd |


Phone: 11
City: 11
Brand: 11
Year: 11
Model: 11
Comments: 11

1.gif
1.gif
"
 
A person from Wordfence Security has told me the emails are a stress test from Barracuda.
 
The website forms use Mailjet to send the form submissions and have a sending daily limit of about 200 emails. After the limit is reached the service is blocked until the next day when the story repeats... We can't remove the messages queued in Mailjet so we have blocked temporarily the website domain to avoid the spam but this is not the best solution. (If I can't find a better solution I will wait 5 days until Mailjet automatically delete the queued emails)
 
Do you know the number of emails that Barracuda send in a stress test?
 
I have removed the test in Barracuda control panel so I understand that Barracuda will not send this kind of emails any more?
 
Thanks,
 
Jaime.


#4 Nitzan Miron

Nitzan Miron
  • Moderators
  • 9 posts

Posted 08 September 2018 - 08:59 PM

Hi Jaime,

 

If you're running a scan using Vulnerability Manager and that causes the spam, it means you have an unprotected contact form that is sending those emails.  I highly recommend you secure that form by adding a captcha or other bot-limiting feature - that will stop the spam.

 

If you do not want to modify the application, you can also configure Vulnerability Manager to exclude the form that is causing the email to be sent.  See https://campus.barra...g-side-effects/for more information.

 

Let us know if you need additional assistance.

 

Nitzan