Anyone else getting much more email spam after enabling Account Upgrades?

[Dean]

Early in July 2011 I enabled Account Upgrades on my xf forum. 2 days later I started to receive all sorts of of silly emails to that particular email account. The email address for Account Upgrades / Paypal is dedicated to just paypal and used for nothing else. 90% of the spam is from a place called gvomail.

Has this happened to anyone else?

(Brogan, if you think this belongs somewhere else, please feel free to move it)

 

[CTXMedia]

Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?

 

[Dean]

Is it possible that your email address for subscriptions is being "revealed" in the HTML somewhere and has been grabbed by a less than friendly bot?

I'm not sure how that could happen, hence I started this thread.

Based on the lack of responses, it may be a fluke.

 

[Cezz]

The email address is indeed exposed in the html of the upgrade page... example

<form action="https://www.paypal.com/cgi-bin/websrc" method="post" class="upgradeForm">
      <div class="cost">5.00 GBP for 6 months</div>
      <input type="hidden" name="cmd" value="_xclick">
      <input type="hidden" name="amount" value="5.00">
      <input type="submit" value="Purchase" class="button">
      <input type="hidden" name="business" value="*********n@hotmail.co.uk">
      <input type="hidden" name="currency_code" value="GBP">
      <input type="hidden" name="item_name" value="Account Upgrade: Elite Upgrade">
      <input type="hidden" name="quantity" value="1">
      <input type="hidden" name="no_note" value="1">
      <input type="hidden" name="no_shipping" value="1">
      <input type="hidden" name="custom" value="1,1,token,1,1314295877,nnnnnnnnn2e8826422ae8d81d387473c4f27dc0d9ff">
      <input type="hidden" name="charset" value="utf-8">
      <input type="hidden" name="email" value="***@cezz.co.uk">
      <input type="hidden" name="return" value="http://wereadit.co.uk/account/upgrade-purchase">
      <input type="hidden" name="cancel_return" value="http://wereadit.co.uk/forum/">
      <input type="hidden" name="notify_url" value="http://wereadit.co.uk/payment_callback.php">
</form>

Though not sure if it actually shows for guests so the bots would have to register first.

 

[Dean]

Though not sure if it actually shows for guests so the bots would have to register first.

Exactly...

Though I'm not sure how xf compares with vb3.8 in that regard (which is what we switched from).

 

[CTXMedia]

You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

Cheers,
Shaun

 

[Dean]

You're absolutely sure that that specific email address isn't published or posted in a thread or on an openly accessible web page anywhere? (just a double-check)

You haven't used it for donations or posted an obfuscated version anywhere that could be pieced back together?

Cheers,
Shaun

Obviously they got it from somewhere.. I do have some 'buy now' paypal buttons accessible, but I cannot tell where that revels the actual paypal account email address. I *could* have posted something like email at mysite.com. But I certainly do not recall that ever being done.

Just thought the timing was really strange.

I did change from a Premium to Business pay pal account about the same time. Perhaps?