Dear Global IT and P4 teams,
 
A few days ago we received a low scale attack on our GP Slovenia P4 site.
 
A total of 240 entries were submitted to the same form over a single timespan of about 80 minutes.
 
This seems to be very similar to other attacks we have occasionally received on our custom non-P4 WordPress sites for Croatia and Slovenia. The attackers perform a similar burst on a given form, always using the same single email address testing@example.com, then they stop for a day up to a few weeks, then do another burst on another form. None of the entries were even marked as spam, they were all treated as normal submissions.
 
As a response, on our non-P4 WP sites, I've enabled the anti-spam honeypot setting of Gravity Forms for all our forms (pity it cannot be switched on by default) for the countries I'm responsible for (Bulgaria, Croatia, Romania, Slovakia and Slovenia).
 
I thought I also set this for the P4 sites of these countries but I missed Slovenia until now. I was assuming Akismet would protect from attacks of this type on P4?
 
I am also aware of a Gravity Forms addon called Limit Submissions with which we could limit the submission rate based on IP or email address, which we do occasionally use on our non-P4 sites already, although this is nowhere near as intelligent as a proper spam protection tool.
 
Have you seen similar attacks before (I know you've seen much worse but you know what I mean ), do you perhaps have any recommended actions we could take?
 
Other than this attack, we haven't noticed any similar or different spam attacks any recently in the countries listed above.
 
We also still have the HubSpot profile for this email address which lists all the spam submissions/injection attempts until they've hit an entry limit in November 2024.
 
Thanks a lot, best,
Marci
TÖRÖK Márton
Web support engineer, CEE ICT
Greenpeace Central and Eastern Europe
Based in Hungary (CET/CEST)
Email: marton.torok@greenpeace.org | Mobile: +36 20 4212700