Hackers trying to gain access?

Is anyone else getting hundreds of emails a night via Pressbooks contact submission forms from sample@email.tst and testing@example.com? Last night, they sent over 300 requests between 10:41-11:50 pm PDT. They’ve been sending similar messages to a colleague’s LibCal calendaring system.

We suspect these are hackers trying to regain access to our U of A Pressbooks network. We had a hacking issue several years back (they were registering as a U of A student to get a NetID and register for Pressbooks). We switched to mediated Pressbooks signups, which seems to be effectively thwarting their access. I added example.com and email.tst to our list of Banned Email Domains in Settings, but is there any way to block a specific email domain from even submitting a contact form? It’s annoying to wake up to 300+ emails from the same sender.

Thank you to Thomas Weideman in Support for letting the tech team know about this issue and asking them to prioritize restricting bots from using that contact form on the homepage.

Cheryl, this happened at JMU last night, too. We received hundreds of contact form submissions from testing@example.com. I’m glad to know I’m not alone, but a little perplexed as to the why. Going to clean up my Inbox now …

So sorry to hear that!

Sorry to hear about that. I have an update from the tech team on this one: they’ve implemented new rules across all production networks that should block some of the spam coming through these contact forms. The aim is to prevent cases like this from happening again, but they’re also working on additional measures to further reduce spam. We’d be curious to hear if you notice an improvement. If this happens again, please let us know.