WhatsApp Multi Agent spam breach detected

Hi,
I have created a Joomla site to one of my clients, that uses the WhatsApp Multi Agent plugin. Everything was fine until last January, 24th, when they started to receive several spams from the site. I´ve searched every plugin and module from the site to find out where the breach was. Then I found out that the spam was coming from the offline form from WhatsApp Multi Agent module.

I was using the version 1.6 that was happening to not show the form on the Joomla 5. So, I bought a new license to update the module. The form now shows correctly, but the spam persists.

I have Recaptcha v3 enabled in the plugin, but it seems to bypass it. When the form wasn´t showing because of the version 1.6 issue, the spammer was sending like hell! Because of this I wonder if there is some breach in the module´s code that allows a external spammer to send unauthorized emails.

Can you take I look on this, cause it is a serious flaw in the module?

Let me know if you need more details.

Kudos!
1 month 5 days ago #1 by semmerket

Please Log in or Create an account to join the conversation.

  • Posted by TemplatePlazza (5310) Offline
Strange, the form already uses the standard secure Joomla mailer method. The form also has validation and utilizes reCAPTCHA 3, which is more difficult for bots to bypass. Additionally, the form uses cookies to limit email submissions to one message every five minutes.

Could you try increasing the threshold score of reCAPTCHA 3 and see if you still receive spam emails?

Also, could you please send a screenshot of the sample spam email header sent by the spammer? If possible, please send it to This email address is being protected from spambots. You need JavaScript enabled to view it.
1 month 5 days ago #2 by TemplatePlazza

Please Log in or Create an account to join the conversation.

Yes, it´s very strange. But, I run some tests through the last 3 weeks and cannot get rid of the spammer at all.

I have increased the Recaptcha v2 threshold, I have used Recaptcha v3, also tested with the simple captcha. But, in every case the attacker sent e-mail through the form. Even if the form is offline, completely disable from the site, the attacker successfully sent spam through it. This make me think if there is some kind of code breach in the form that the attacker can exploit.

But, that I will let it to you to take a look. :)

I will send you a sample of the email later.

Thank you for the response.
1 week 4 days ago #3 by semmerket

Please Log in or Create an account to join the conversation.

  • Posted by TemplatePlazza (5310) Offline
Is it possible that the file itself has been modified? Have you tried reinstalling the module?

I will send you a sample of the email later.

yes please
1 week 4 days ago #4 by TemplatePlazza

Please Log in or Create an account to join the conversation.

  • Posted by TemplatePlazza (5310) Offline
Hi semmerket, I have updated the WhatsApp module to version 1.8.0 with some improvements to prevent spam emails, such as token checks and reCAPTCHA 3 enhancements. Could you try it and check if the spam issue still persists?
1 week 2 days ago #5 by TemplatePlazza

Please Log in or Create an account to join the conversation.

Hi! I´ve downloaded the updated version and reinstalled on the site. Unfortunately, we received a spam even with the improvements. If you need more information, let me know.
2 days 15 hours ago #6 by semmerket

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum