Did you enabled CAPTCH on ContactUS, Refer a fried and all other open form which show on public side?
Also are you sure that email is sending from your nopCommerce site? Are you able to see logs of spam email in message queue? if so then you should be able to figure out based on email template content that from where spam email is sending out from your site and you should enable captcha appropriately.
Thank you for your help on this.
CAPTCHA has been enabled on all pages.
I checked the message queue and I see a myriad of emails being sent from our email address ([email protected]
, I son’t want to disclose this email address). A total disaster! The hackers haven’t used any email template. They’re sending emails with suspicious content using our nopcommerce shop and [email protected]
email address. This is clearly a security breach and I wonder why nopcommerce isn’t aware of this issue.
Any further assistance would be appreciated.