A hosting site I use was breached and a landing page form is hacked. The hack does not affect my other domains or their forms.

I have reset .httaccess, swapped out the email address I use for the form, changed the PHPMAILER_master with the original, and put in a honeypot script. The hacks, bogus info coming to the email address on form, stops for a bit then continues in 3 to 2 minute intervals. any ideas to handle this.

Please expand on this. If you put up a form and someone writes a bot to send you garbage, that's not a hack job and not a hacked web page.

You may have to add some other verification to stop the garbage delivery.

landing page form is hacked

Why would you say it is 'hacked', what happened. With more information we can assist, right now the question is very general with tons of possible options to solve.

I have reset .httaccess, swapped out the email address ....

The problem might be in your landing page code and not elsewhere, again, information is key.

bogus info coming to the email address on form, stops for a bit then continues in 3 to 2 minute intervals ...

What exactly happens and when, what info etc.

Many bots are able to get around honeypots and CAPTCHAs. Try using a different honeypot as well as captcha. The latest version of ReCaptcha might not be good enough on its own anymore.

I have lots of online submission forms. Most of them get real submissions but there's a few (1 or 2 or so out of a total of about 20-30) that I get those bogus garbage submissions. I'm in the process of upgrading ReCaptcha/php 7.4 to ReCaptcha 3/php 8.2. The form(s) in question haven't been upgraded yet but after that's completed, if the bogus submissions stop then that means ReCaptcha 3 works better than ReCaptcha (c. 2017). I can keep you posted on what I find after that upgrading.

Why not give us the url of the page in question, then someone might spotted a weakness in the code that lets spammers through.

If someone uses a browser with javascript deliberately switched off they will totally bypass your spry validation scripts. And the recaptcha script as well. Spry is antique code from about 2005 anyway, and some posts I saw elsewhere from about 8 years ago say it is considered useless even then.

The only js files are your spry and recaptcha scripts, the only php file is your email script.

So unless your host has confirmed a hack, forget the idea that your host and site were hacked, as there is not extra coded added to the page that would do anything.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.