Anyone else getting much more email spam after enabling Account Upgrades?

Dean

Well-known member
#1
Early in July 2011 I enabled Account Upgrades on my xf forum. 2 days later I started to receive all sorts of of silly emails to that particular email account. The email address for Account Upgrades / Paypal is dedicated to just paypal and used for nothing else. 90% of the spam is from a place called gvomail.

Has this happened to anyone else?

(Brogan, if you think this belongs somewhere else, please feel free to move it)
 

CTXMedia

Formerly CyclingTribe
#2
Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?
 

Dean

Well-known member
#3
Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?
I'm not sure how that could happen, hence I started this thread.

Based on the lack of responses, it may be a fluke.
 

Cezz

Well-known member
#4
The email address is indeed exposed in the html of the upgrade page... example

HTML:
<form action="https://www.paypal.com/cgi-bin/websrc" method="post" class="upgradeForm">
      <div class="cost">5.00 GBP for 6 months</div>
      <input type="hidden" name="cmd" value="_xclick">
      <input type="hidden" name="amount" value="5.00">
      <input type="submit" value="Purchase" class="button">
      <input type="hidden" name="business" value="*********n@hotmail.co.uk">
      <input type="hidden" name="currency_code" value="GBP">
      <input type="hidden" name="item_name" value="Account Upgrade: Elite Upgrade">
      <input type="hidden" name="quantity" value="1">
      <input type="hidden" name="no_note" value="1">
      <input type="hidden" name="no_shipping" value="1">
      <input type="hidden" name="custom" value="1,1,token,1,1314295877,nnnnnnnnn2e8826422ae8d81d387473c4f27dc0d9ff">
      <input type="hidden" name="charset" value="utf-8">
      <input type="hidden" name="email" value="***@cezz.co.uk">
      <input type="hidden" name="return" value="http://wereadit.co.uk/account/upgrade-purchase">
      <input type="hidden" name="cancel_return" value="http://wereadit.co.uk/forum/">
      <input type="hidden" name="notify_url" value="http://wereadit.co.uk/payment_callback.php">
</form>
Though not sure if it actually shows for guests so the bots would have to register first.
 

CTXMedia

Formerly CyclingTribe
#6
You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

Cheers,
Shaun :D
 

Dean

Well-known member
#7
You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

Cheers,
Shaun :D
Obviously they got it from somewhere.. I do have some 'buy now' paypal buttons accessible, but I cannot tell where that revels the actual paypal account email address. I *could* have posted something like email at mysite.com. But I certainly do not recall that ever being done.

Just thought the timing was really strange.

I did change from a Premium to Business pay pal account about the same time. Perhaps?
 
Top