Viewing 8 replies - 16 through 23 (of 23 total)
  • Thread Starter rmast

    (@rmast)

    reCAPTCHA for Contact Form 7 and the Stop Spam Control plugin did not shut out this spammer.

    I now tried to reposition the Heartbeat Control plugin in the plugin-list to ZHeartbeat Control. Let’s await this spammer for a new test…

    Thread Starter rmast

    (@rmast)

    I wonder whether your plugin doesn’t just whitelist every spammers that hits the admin-ajax.php:

    modules/chkscripts.php contains some questionmarks in the comments:

    // some scripts need to be Allow Listed. So far wp_cron.php, but maybe some others – ajax?
    // if(strpos($sname,’admin.php?’)!==false) return “allow admin.php?”;
    if(strpos($sname,’admin-ajax.php’)!==false) return “allow admin-ajax.php”; // necessary?

    Function sfs_handle_ajax_check seems always to look for the same hardcoded IP-address that isn’t blacklisted:

    includes/ss-admin-options.php line 265 contains:

    https://www.stopforumspam.com/api?ip=91.186.18.61

    As plugins use AJAX to render content and perform functions I can’t let stop spammers check for spam every time someone makes an AJAX call.

    On your site there is a plugin using AJAX to do logins or leave comments. The plugin will not be able to protect you if it does this.

    The standard comment form is very boring. The login screen is a full screen. If you have plugins that do popups for these functions using a javascript form then Stop Spammers will not help you.

    Keith

    Thread Starter rmast

    (@rmast)

    If the scope of your plugin is not meant for Ajax-calls, you could also decide just to do nothing with them, not to put every call in the Good cache, which opens the door for every other way SPAM could come in.

    Right now I am ignoring ajax calls which allows spammers to register and leave comments with plugins that use ajax. admin-ajax.php is used for almost everything and not just logging in and comments. I can’t let Stop Spammers interfere with things that are not related to spam.

    If I remove the line, then the page may not render for some people, instead the captcha screen would show.

    I made the decision that I could not support non standard methods for logging in or leaving comments. The plugin will only work on plain vanilla websites. Any other way means that I have to code exceptions for hundreds of plugins. It is up to a plugin author to make his code work with Stop Spammers, and not up to me to support hundreds of plugins.

    You should try commenting out the admin-ajax line and see how your site renders. Add a line to the deny list to keep yourself out, delete the cache, logoff and try browsing the site. If the page renders correctly and the site still blocks you from leaving a comment, then leave it that way. If the plugin blocks spammers and lets normal people through, let me know.

    Remember, I make no money from Stop Spammers. I wrote it for my personal needs, but I am happy that other people find it useful. I will not be updating it unless I find something seriously wrong with it. There are hundreds of anti spam plugins out there. One of them has to be better than my plugin.

    Keith

    Thread Starter rmast

    (@rmast)

    Ok, I’ll do a new attempt in modifying your code to ignore admin-ajax to not put up a captcha and not put it in the good cache.

    Thread Starter rmast

    (@rmast)

    I think apart from Allow and Deny there should be an Ignore-possibility.

    Thread Starter rmast

    (@rmast)

    My Knews-subscription showed 0 and didn’t register the mail despite my whitelisted IP-address. I turned off the (unmodified) SFS-Beta-plugin and it worked again.

    So I’m afraid the beta-plugin gives some instability which requires me to pick attempted subscriptions from the log. I guess I’d best just skip any stop spam-plugin and filter spam afterwards.

Viewing 8 replies - 16 through 23 (of 23 total)
  • The topic ‘CIDR format in block list not recognized. For example 114.96.0.0/19’ is closed to new replies.