Hello,
I have just launched a website with a cf7 form and I installed flamingo to be able to access the messages from the admin panel.
After a few hours of the website being live I have a few messages from the form. They look semi-suspicious, but I might be mistaken. However, going into the address book I see two admin emails and in their history tab I can see these inbound messages, as if they were send from those emails?
It might be normal as a feature (even though bad UI) but it might also be suspicious? Any takes on that?
PS. I can also see in the address book the individual mails that send the messages (probably taken from the your-email field) and they are not the ones connected to the admin users. I suppose you can write whatever email you want on that field. Additionally I had failed login attempts (WP Cerber) on the admin users, so I am somewhat alarmed.
[ad_2]
Do you have spam protection? ReCAPTCHAs?
Use Cloudflare Turnstile or HCAPTCHA if free is your only option.
Cleantalk.org if you have the budget and it’s very affordable
Email field in a contact form accepts any email input that a bot or a legitimate user may enter, even your email. In many cases, bots try to end an email with your domain to avoid spam filters.
Just make sure to have a spam filter on your form. Look into OOPSpam (paid). It supports CF7. As a free alternative, check out Turnstile.