Plugin Used for spam

  • Resolved yoni y

    (@yoni-y)


    5 years, 6 months ago

    I’ve been getting a lot of spam when using this plugins.
    Some bots just keep subscribing the same email every couple of hours (dozen of different emails).
    I guess the poor owner of the e-mail is getting hundreds of subscribe requests each day.
    It would be much better if the plugin will only send a confirmation e-mail once and will not allow to users to resubscribe if an e-mail was already sent to them.

    I assume some e-mails might fail to send so maybe a retry every 24 hours up to 3 retries is OK, but allowing for unlimited retries just opens the process for explotation

Viewing 5 replies - 1 through 5 (of 5 total)

  • @yoni-y

    The plugin ships with 2 features that help here.

    Firstly, you can block subscription requests from specific domains in the Settings page.
    Secondly, you can use the plugin API to set a lockout that will block multiple requests grin the same IP address. You need to add some simple code to your site preferably in a custom plugin or in the themes functions.php file:

    function my_s2_lockout() {
	// return number of seconds for the dessired lockout
	return 3600;
}
add_filter( 's2_lockout', 'my_s2_lockout' );

    Finally, it’s always worth using anti-bot plugins like the excellent Bad Behaviour.

    Thread Starter yoni y

    (@yoni-y)

    Hi @mattyrob
    This issue doesn’t really affect me personally as I already patched my subscirbe2 code.
    The Not sure if the lockout mechanism is good enough as there should be some maximum limit to how many time and address can be subscribed.

    also 1 hour is hardly enough of a block time (I see subscribe attempts 4 hours a part)

    I’m pretty sure this is a targeted attack specifically targeting subscribe2 installs so it’s better to enable the locking mechanism by default (and allow users to modify it in the settings).

    @yoni-y

    The code above is an example, the lockout duration can be altered anywhere up to 24 hours.

    If you created a patch already we’d be happy to take a look and potentially include in future versions.

    Thread Starter yoni y

    (@yoni-y)

    Sure thing.
    I was trying to look if you have a github repo to send pull requests but I couldn’t find it.

    @yoni-y

    My Github code for Subscribe2 is here:
    https://github.com/mattyrob/subscribe2

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Plugin Used for spam’ is closed to new replies.