I manage about 35 websites running ninja forms. Often when we use ninja forms on a website within our agency, we do not remove the default form (Contact Me with an ID of 1). This form also does not get published anywhere on the site.
Over the course of the last week, i’ve been getting a number of submissions on this unpublished form. This is been happening across a number of websites with the exact same submission data. Under submissions for the “contact me” form, all I see is the name field populated with “42”.
When it happened on just 1 site, I didn’t think much about it. But now I have seen the exact same thing happening on 7 or 8 sites and it has me questioning if there is some sort of exploit that I’m not aware of. The plugins are fully up to date but i can’t explain where these are coming from since the form is not published anywhere on these sites.
Is anyone else seeing this or have any idea why this is happening? Is there an exploit?
[ad_2]
Probably a bot POSTing to the ninja forms built-in preview url.
Post this in the plugin repo support forum – sounds like something they need to look into.
I have a similar number of sites using the plugin and haven’t received any spam as yet.
I was getting the same message with 42 as well. I updated WordPress and that seems to have fixed it.
I don’t know. But today I caught someone spamming our login trying to guess a password from various global IPs.
They were using the /xmlrpc.php public API that comes enabled when you install WordPress. Allows bots to send commands to your API, not sure if it can also submit forms through there.
Need to disable it using a plugin “disable xml rpc”.