19 / 19
Apr 2011

Is anybody else receiving spam that appears to be sent through the e-junkie contact form? I received some last night and now some more this morning to another email address I have, but neither of these are addresses I use with e-junkie. I wrote to support about this when the first one arrived but obviously it's a problem when messages from e-junkie start getting labelled as spam.

  • created

    Apr '11
  • last reply

    Apr '11
  • 18

    replies

  • 1.5k

    views

  • 12

    users

Yes! Came here to research this and see if anyone else was experiencing the same thing.



Here's a recent subject line example:



<<< Make_Money. An IDEA Use By BANKS For Centuries! >>> - Contact form at E-junkie.com



I started receiving them on 4/13 and have been getting a couple a day ever since.

Mine have been "__ Learn how I earned $1,000-$3,500 a DAY! Any ATM! Yes, ANY ATM!!!__[][] - Contact form at E-junkie.com".



Then I had ">>> Make_Money. An IDEA Use By BANKS For Centuries! <<< - Contact form at E-junkie.com"





I've checked out the long header data and it all verifies like a legitimate email sent from e-junkie, which passes spf and domain keys tests. Do we know if this is only limited to e-junkie users? I have so far received messages to two addresses but neither of them is the one I use with my e-junkie account.

I am getting more of these now. "[REAL VIDEO PROOF] 10 Minutes to First Page of GOOGLE! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< - Contact form at E-junkie.com"



I hope e-junkie can do something to stop this.

I'm seeing the same thing. Starting today, I've received several spam emails from different IP addresses. I hope they get this fixed quick or this will affect my company's desire to continue using E-Junkie.

I received this email yesterday as well. The thing is, I have never posted to this forum before. I hope their email list hasn't been somehow compromised.

Me too... very frustrating. I've just sent a message to Sales... but I don;'t really know which department at E-Junkie is the one to handle this.



If it keeps up, I'm going to find another vendor....

Yes, I got 2 today. I hope they fix this or I will have to cancel my account, too.

yes. i received TONS! wrote to support. no answer, yet.



thanks for posting.

and yeah, I'll delete my account, too if they don't do something about it.



i wish i could just turn those contact form off, completely!

We are aware that someone has been using our contact form to Spam our users. We have locate this person and block all of their know addresses from our system and canceled their E-junkie accounts. We are also working to keep this from happening in the future as this is obviously something we do not want happening.



We apologize for any inconvenience.

Can other spammers get access to our email addresses? I was going to sign up for a paid account, but will cancel completely and use another service if this is to be an ongoing risk.



They didn't get the addresses from the forums, because I've never posted before.



@e-junkie staff, I'm sure this is a headache for you, but you owe it to your subscribers to answer support emails in a more timely manner and explain what happened and what personal info, if any, was compromised.

Sorry for that annoyance, everyone. :(



Someone defeated the CAPTCHA on our contact form and was using that to spam our sellers (i.e. you)



We have disabled the form for the time being while we upgrade the CAPTCHA, add some throttling and tighten up the existing ip-based blocklist system.



Rest assured your email addresses were not exposed, nor was any other personal info.



We are also looking into making the form optional for sellers who do not use our marketplace; however, we will probably require that it remain active for marketplace sellers just to be sure buyers have a way to contact them.

Just for the record, I have never posted to this forum before now but I did email e-junkie on one occasion a few months ago. Yesterday I rec'd this spam below at the same email and came here to investigate why; if it should matter, I am posting the info here:



Subject: [Norton AntiSpam]...[REAL VIDEO PROOF]...10 Minutes to First Page of GOOGLE!!!! - Contact form at E-junkie.com

Sender: <notifications@e-junkie.com>

From: "RealVideoProof@10MinutesToGoogle.com" <RealVideoProof@10MinutesToGoogle.com>

Reply-To: "RealVideoProof@10MinutesToGoogle.com" <RealVideoProof@10MinutesToGoogle.com>

Content-type: text/plain; charset=UTF-8

MIME-version: 1.0

X-Priority: 3

X-Mailer: E-junkie.com

Message-Id: <20110415180053.2D64211C1422@europa.e-junkie.com>



Please keep us updated in this thread.



Thank you!

I don't understand how the spammer used the contact form to send messages to addresses that are not associated with my e-junkie account and that I don't use for contacting e-junkie. Surely if it was just going through the contact form all messages would be limited to the address used for our e-junkie accounts.

djoseph,



It appears they were just cycling through client IDs in the url for the bio page; it didn't matter if you had posted in the forums before.



Ashley,



You're right, it is not possible for the form to submit messages to arbitrary email addresses; they can only be sent to the address listed as the display email address in a e-junkie account profile.



I looked in the database and I see another account for you; the login and display email address set on it are both the same as the paypal address on your other account. Would that account for it?



If you'd like us to research this further for you, please send an email to development@e-junkie.com with the address(es) you received the spam at and/or message headers from the spam itself. I can get that information in my Gmail by selecting "show original" from the drop-down menu on the message; your email system should have a similar function.

I received emails at two different addresses and one of those wasn't connected with my PayPal account. I'll prepare an email with the different emails copy pasted including the long headers, so you see what was happening. I figure the more information you have, the easier it will be in future for e-junkie to block this kind of thing.

I had a trial of e-junkie and I just signed up for subscription from e-junkie yesterday, and now I am getting spam that says "submitted from e-junkie contact form"



Hacked e-junkie account?

It looks like a spam BOT has easily bypassed the verification system for the Contact Form. e-junkie is going to have to change this soon... how can we disable receiving e-mail from contacts?



Looks like the BOT is going through the forums and sending spam e-mail to everyone who has posted a message.