Integration with Comments – wpDiscuz

Hi.

this cannot be avoided in total, as each plugin is using its own JSON-structure to signal error messages. But with the last release I have added a useful one for wpDiscuz.

Cheers

Thank you!
I have I hope the last question about wpDiscuz.

I never had spam issue with wpDiscuz even before I installed your extension. Since I installed it for protect the forminator form I get a lot of real spam message captured by your plugin. My wpDiscuz form has a captcha (reCaptcha), is possibile that when a spam comment is posted is blocked before from your plugin and not pass to your plugin after the captcha verification?

As you can see the wc captcha field showed here looks empty.
Can your plugin process the form just after the captcha check so maybe the recaptcha present stop some spam before your plugin and I get less spam messages? When your plugin is not active, even if I have askimet disabled, I never see so many spam message so I suppose the Google ReCapcha usually block it.

Another question is: in this spam message example the IP of the spammer is not showed. This depends from your plugin that never look at this field or I need as to the plugin wpDiscuz? When the comment is posted in WordPress the IP is showed in WordPress comment.

The IP can be useful for ban the same IP when produce a lot of spam messages.

Thanks

My wpDiscuz form has a captcha (reCaptcha), is possibile that when a spam comment is posted is blocked before from your plugin and not pass to your plugin after the captcha verification?

Yes, that is exactly what happens. In the case of wpDiscus the plugin intercepts at the earliest possible point and in order to save server ressources, interrupts every further processing of the submission. The built-in CAPTCHA is in a later stage und thus doesn’t receive the spam anymore. So if you didn’t have any spam before, the ReCaptcha from wpDiscuz did a good job. I think the standard from wpDiscuz is google’s ReCAPTCHA which is pretty good, but loads massive scripting and thus is slowing down the response-time of the respective pages.

As you can see the wc captcha field showed here looks empty.
Can your plugin process the form just after the captcha check so maybe the recaptcha present stop some spam before your plugin and I get less spam messages?

If you don’t want the spam-protection be applied on the comments of wpDiscuz you can just whitelist the respective AJAX-Call. You can do that via button from the spam inbox.

But I think the ressources consumed by the saved messages are comparatively low in contrast to the download- and processing-time of the CAPTCHA in place. Alternatively, in order to cope with the spam messages, you can either stop them from beeing saved at all, or autodelete them after a couple of days (I am using 1 day for my pages).

Cheers

Oh very interesting, thank you!
it’s a news for me discover that captcha take more server resources that your plugin stop and message saving. Thanks again ??

PS: As the screenshot show there is no button to whitelist that spam message. The extension is updated to the latest version.

Another question is: in this spam message example the IP of the spammer is not showed. This depends from your plugin that never look at this field or I need as to the plugin wpDiscuz? When the comment is posted in WordPress the IP is showed in WordPress comment.

The IP can be useful for ban the same IP when produce a lot of spam messages.

I know, many security plugins implement that, as it is very easy to be implemented and it looks fancy. But the most spams come from botnets and thus from changing IP-adresses. In the most cases the current owner of an IP-address don’t know about being part of a botnet. If you block an IP-address you will block not only the current owner, but all future owners too. And the owner of an IP-address may change very often, as for instance you get a new IP each time you connect to the internet. If your machine is part of a botnet, it will spam via this IP-address. If I block it, I will block your machine for a short time. As soon as you log out, your IP-address will be reallocated and the new owner is blocked.

I was thinking to introduce an option for that. The point is, that in Europe this would conflict with data-privacy law as Google’s ReCAPTCHA does.

As the user can decide on his own, it would be possible to implement that, but from my point of view this neither will save performance nor does it raise the security.

umh… In forminator I have the IP field and I used by those day because a single IP does more then 200 attacks to the affected website. Ban the IP has helped to stop the abuse.

Even comments that are made in Wordoress show to admins the IP to take actions in case of abuse..

If your plugin catch a spam from forminator I can see the IP in the spam message showed by your plugin but not for wpDiscuz.

Oh very interesting, thank you!
it’s a news for me discover that captcha take more server resources that your plugin stop and message saving. Thanks again?

You can measure it very easy: If you press f12 you can identify Google’s ReCAPTCHA-scripts, look at their size (I think it’s more than 1 MB) and measure the respective loading-time. The loading time isn’t too problematic as I think it will be lazy-load and I guess google’s crawler won’t penalize Google-products. But other search-engines may do so..

PS: As the screenshot show there is no button to whitelist that spam message. The extension is updated to the latest version.

This is true, as it is no ajax-call. The respective comment was submitted just with an ordinary submission, but WPDiscuz is using AJAX-calls. I think for this, it is no spam protection required at all, as the request would got to nowhere anyway. But not all bots are stupid like that..

If your plugin catch a spam from forminator I can see the IP in the spam message showed by your plugin

Can you? Could you give me please screenshot of the message?

Ban the IP has helped to stop the abuse.

Even comments that are made in Wordoress show to admins the IP to take actions in case of abuse..

Ok, you get this option with the next release ??

Can you? Could you give me please screenshot of the message?

In forminator, when you create a form you can customize fields. You can insert hidden field and then you have to select from a dropdown what tipe of hidden field add, in my case I added the IP. This help to prevent abuse like a spam attacker that submit spam or ping more then 200 times. This hidden IP field added is also visible when a spam message is filtered by your extension and this is very useful.

For see the IP field also in your extension a hidden field with the choice of IP should be added to the forminator form.

The IP in forminator submission on your extension will be showed near a hidden1 field called hidden1. The value near that row will be an IP. I don’t post a screenshot as I need to censor everything and I think with this explain you have what you need.

I don’t know if is wpDisuz that never send the IP address info, but why if message are not spam the IP is visible in the WordPress comment? Or if maybe you can just look and add this as this can depend from your plugin. No idea. If never depend by your plugin I will need as to wpDiscuz ?? how can I solve that issue.

Ok, you get this option with the next release ??

I used Wordfence for ban the IP. Wordfence let also insert a comment for motivate the ban, this is good. I don’t think I need an IP ban function on your captcha plugin but the indication of the IP in the wpDiscuz comment flagged as spam, this will be essential to stop an IP to still submit a lot of spam messages when an attack is not single but massive.