• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Anyone else getting much more email spam after enabling Account Upgrades?

Dean

Well-known member
#1
Early in July 2011 I enabled Account Upgrades on my xf forum. 2 days later I started to receive all sorts of of silly emails to that particular email account. The email address for Account Upgrades / Paypal is dedicated to just paypal and used for nothing else. 90% of the spam is from a place called gvomail.

Has this happened to anyone else?

(Brogan, if you think this belongs somewhere else, please feel free to move it)
 

CTXMedia

Formerly CyclingTribe
#2
Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?
 

Dean

Well-known member
#3
Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?
I'm not sure how that could happen, hence I started this thread.

Based on the lack of responses, it may be a fluke.
 

Cezz

Well-known member
#4
The email address is indeed exposed in the html of the upgrade page... example

HTML:
<form action="https://www.paypal.com/cgi-bin/websrc" method="post" class="upgradeForm">
      <div class="cost">5.00 GBP for 6 months</div>
      <input type="hidden" name="cmd" value="_xclick">
      <input type="hidden" name="amount" value="5.00">
      <input type="submit" value="Purchase" class="button">
      <input type="hidden" name="business" value="*********n@hotmail.co.uk">
      <input type="hidden" name="currency_code" value="GBP">
      <input type="hidden" name="item_name" value="Account Upgrade: Elite Upgrade">
      <input type="hidden" name="quantity" value="1">
      <input type="hidden" name="no_note" value="1">
      <input type="hidden" name="no_shipping" value="1">
      <input type="hidden" name="custom" value="1,1,token,1,1314295877,nnnnnnnnn2e8826422ae8d81d387473c4f27dc0d9ff">
      <input type="hidden" name="charset" value="utf-8">
      <input type="hidden" name="email" value="***@cezz.co.uk">
      <input type="hidden" name="return" value="http://wereadit.co.uk/account/upgrade-purchase">
      <input type="hidden" name="cancel_return" value="http://wereadit.co.uk/forum/">
      <input type="hidden" name="notify_url" value="http://wereadit.co.uk/payment_callback.php">
</form>
Though not sure if it actually shows for guests so the bots would have to register first.
 

CTXMedia

Formerly CyclingTribe
#6
You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

Cheers,
Shaun :D
 

Dean

Well-known member
#7
You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

Cheers,
Shaun :D
Obviously they got it from somewhere.. I do have some 'buy now' paypal buttons accessible, but I cannot tell where that revels the actual paypal account email address. I *could* have posted something like email at mysite.com. But I certainly do not recall that ever being done.

Just thought the timing was really strange.

I did change from a Premium to Business pay pal account about the same time. Perhaps?