[email protected] spammer

Hi,  Someone know about this.

Basic fact
Recapcha is installed
I remove all the form and deactivated message template
The spammer still found a way to send reviews trought this page or function:

https://folisexe.com/productreviews/5252

Where is that page productreviews and how can I deactivate it6

And that thing is able to bypass all recapcha
Also the reply to have some sort of command:

reply-to:  "(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v) +'+(select(0)from(select(sleep(15)))v)+*/" <[email protected]>

Now I even turn out the task in Nop to send email and still the emails are comming in.

Thank you if you have more information. I don't know where to look now and I can't stop the mail server.

UPDATE: No new mail since 5 minute I stop the sendmail task in nop. But obviously I will have to turn it back on.

What version of nopCommerce?

These in All Settings may interest you:
producteditorsettings.allowcustomerreviews
catalogsettings.productreviewpossibleonlyafterpurchasing
catalogsettings.productreviewsmustbeapproved

You can enable honeypot, but I believe it's for the registration only.  (But
Configuration > Settings > General settings.
In the Security settings tab, select Enable honeypot
(You can also search for "honeypot" in All Settings)

RE: " reply-to:  "(select(0)from(select(sleep(1...  "
It's an attempt at "SQL injection" to hack your system.  nopCommerce is very resistant to it.