Massive spam with Newsletter Made Simple

[10010110]

Hey people,

I’m using Newsletter Made Simple (there’s no current replacement for it yet) and it has been working great so far but lately I’m getting massive bot sign-ups that apparently use the signup form (I’m getting thousands upon thousands of “Undelivered mail” return emails). And this has only increased massively after sending out the last newsletter. Does anyone know how this could be connected?

The thing is: I’ve already removed the form from the website and I’m still getting a lot of bot traffic. I can see the IPs doing POST requests in the server logs and I’ve even blocked many IPs but somehow I’m still getting malicious signups by the second. The only thing that helped was to uninstall NMS. And when I reinstalled it, the bots came back. How are they able to send POST requests without a form? As far as I know there isn’t even a special URL parameter that could be abused, or is there?

[chrisbt]

It's not a perfect solution, but I've had quite a bit of success lately using Cloudflare to block bots from a couple of sites. Just the free version seems to help a lot.

[reneh]

I use NMS for years.
But on all sites membership handling is manual so none of these site have the membership handling pages visible.
I have never seen a single false sign-up.