1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone else getting much more email spam after enabling Account Upgrades?

Discussion in 'General XenForo Discussion and Feedback' started by Dean, Aug 20, 2011.

  1. Dean

    Dean Well-Known Member

    Early in July 2011 I enabled Account Upgrades on my xf forum. 2 days later I started to receive all sorts of of silly emails to that particular email account. The email address for Account Upgrades / Paypal is dedicated to just paypal and used for nothing else. 90% of the spam is from a place called gvomail.

    Has this happened to anyone else?

    (Brogan, if you think this belongs somewhere else, please feel free to move it)
     
  2. CyclingTribe

    CyclingTribe Well-Known Member

    Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?
     
  3. Dean

    Dean Well-Known Member

    I'm not sure how that could happen, hence I started this thread.

    Based on the lack of responses, it may be a fluke.
     
  4. Cezz

    Cezz Well-Known Member

    The email address is indeed exposed in the html of the upgrade page... example

    HTML:
    <form action="https://www.paypal.com/cgi-bin/websrc" method="post" class="upgradeForm">
          <div class="cost">5.00 GBP for 6 months</div>
          <input type="hidden" name="cmd" value="_xclick">
          <input type="hidden" name="amount" value="5.00">
          <input type="submit" value="Purchase" class="button">
          <input type="hidden" name="business" value="*********n@hotmail.co.uk">
          <input type="hidden" name="currency_code" value="GBP">
          <input type="hidden" name="item_name" value="Account Upgrade: Elite Upgrade">
          <input type="hidden" name="quantity" value="1">
          <input type="hidden" name="no_note" value="1">
          <input type="hidden" name="no_shipping" value="1">
          <input type="hidden" name="custom" value="1,1,token,1,1314295877,nnnnnnnnn2e8826422ae8d81d387473c4f27dc0d9ff">
          <input type="hidden" name="charset" value="utf-8">
          <input type="hidden" name="email" value="***@cezz.co.uk">
          <input type="hidden" name="return" value="http://wereadit.co.uk/account/upgrade-purchase">
          <input type="hidden" name="cancel_return" value="http://wereadit.co.uk/forum/">
          <input type="hidden" name="notify_url" value="http://wereadit.co.uk/payment_callback.php">
    </form>
    Though not sure if it actually shows for guests so the bots would have to register first.
     
  5. Dean

    Dean Well-Known Member

    Exactly...

    Though I'm not sure how xf compares with vb3.8 in that regard (which is what we switched from).
     
  6. CyclingTribe

    CyclingTribe Well-Known Member

    You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

    You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

    Cheers,
    Shaun :D
     
  7. Dean

    Dean Well-Known Member

    Obviously they got it from somewhere.. I do have some 'buy now' paypal buttons accessible, but I cannot tell where that revels the actual paypal account email address. I *could* have posted something like email at mysite.com. But I certainly do not recall that ever being done.

    Just thought the timing was really strange.

    I did change from a Premium to Business pay pal account about the same time. Perhaps?
     

Share This Page