Looping spam mail 127.0.0.1?

Hi,

I am doing a website for a client and they have expressed they have overnight received over 450 spam emails.

I have had a dive in the google analytics and all seems fine and doesn't currently reflect that level of activity.
An example form recived has the IP address 127.0.0.1 which from a quick look is some looping IP address?

Can anyone shed light on this for me and how to prevent such spam bots as I am not a networking guy formost?

127.0.0.1 is the localhost address, it's the address of the local machine. It's unlikely that you're receiving spam from yourself so you may have read the activity wrong or you're looking at the wrong thing.

1 Like

Thats what i thougt, but this is a forwarded email from the client ?

please find the screen shot the client provided me minus personal details

Is it the same each time? It could be that something is broken with the form submission causing it to resend continuously.

Thanks, i will see if the client has any others they can send me, unfortunately they said they deleted them all :/

I suspect it could be a form error as the analytics don't really show anything suspicious.

Have you looked on the server for a php mailer script?

Easiest way to find out is to look at the headers of the emails for the "x-origin" tag.

if you get nothing there then depending on the OS of the server, it dictates what to do next.

Cheers I will look into this mate

There's no place like 127.0.0.1..... (sorry, I just couldn't not...)

3 Likes

if the localhost submitted the form to itself, that mean that it was even able to contact the external mail server. Which would mean, what ever script you're using for mail is broken. Is this a Wordpress site? If so, then it looks like the mailing script/plugin has a vulnerability that is being exploited. Get a different one or contact the developer. And in continuation; for any wordpress site I would recommend you get Wordfence.