Attack on web-to-lead form

Hi all,

I’m running SuiteCRM 8.2.3. Lately my web-to-lead form been targeted by some kind of attack, but I’m not sure what the point is.

Thankfully the incidents are low volume so far, but occasionally someone/something is signing up using randomly generated names like “45TyThT0 Otq4NfMG” and email addresses like “”. All the form does is create a lead, so I’m not sure what could possibly be gained. I’m using confirmed opt-in, so all they get is a confirmation email (which they don’t respond to).

Does anyone have any idea what the goal of such an attack is, or what might be at risk?

I’ve just been deleting the records. The addresses all seem to be at the domain, so it might be slightly helpful to be able to blacklist certain domains from being converted to leads.

That looks strange indeed…

I guess what most people do with SuiteCRM is set up fail2ban on their servers. In fact, there was a PR a few years ago to facilitate using that tool with SuiteCRM.

But that was for login attempts, I am not sure if it’s easy to get the same thing going for the WebToPerson end-point.