Spambot Subscriptions

The bots still subscribe, but there is no visible subscription form anymore!

• This reply was modified 6 years, 8 months ago by aceone999.
• This reply was modified 6 years, 8 months ago by aceone999.

Bots, does not use subscription forms to subscribe but the subscription address a form is connected to. Each form (subscription, registration, contact and so on has a action address).

We’re releasing a version with a black list configuration and you can block the ip addresses asking the provider to help you on that task. Some security plugin are able to detect too frequent requests from an ip address and block them.

The antiflood in Newsletter has been to to an high value?

Stefano.

Can you ask the provider which site url they’re invoking and with which GET parameters?

We can continue the discussion via mail at stefano @ thenewsletterplugin.com so you can eventually provide few more detail of your server.

Stefano.

Yes but it’s from different IPs.
But it was only the widget only!
And can I change the action address?

• This reply was modified 6 years, 8 months ago by aceone999.

The form location does not matter. Theip address usually are from a range that can be blocked with a single rule. The action address cannot be changed right now.

Stefano.

Okay, but it’s seems to be many different IPs. This never happend before.
My provider had the site blocked because of this, it’s online again because i manged to convince them that I can figure this out. But there is basically no way but deactivate the plugin?
There is no other way to make this action address depended on some captcha or or some type of security?
Okay that is two stupid things.
1) action address that can be accesses when it should be offline
2) action address with out any option of spam prevention.
I was trying to find a howto for newsletter and recaptcha couldn’t find anything.

• This reply was modified 6 years, 8 months ago by aceone999.

URL is most of the time “/” and that’s the request: “POST /?na=s HTTP/1.1”
The Server is a hosting company so it’s only an account.

There is an hidden form with javascript, so there is a form of protection but now bots are written with browsers engines so they can execute javascript.

We’re adding a captcha, but it is an integration which requires the rewriting of code and so we cannot release it in few hours.

Have you increased the antiflood time?

Stefano.

Antiflood time is 30 Minutes, but this makes basically no difference. The bot’s have different IP’s. Seam to be mostly from Russia or Brazil, maybe its over TOR. They try to register with fake emails, but this doesn’t work because it’s double opt in, and we get for every bot a delivery failure email.

Hi, you should see TWO calls to that url from the same ip, are you?

No, seams to be one call from one ip.

Uhm, the antibot option is active? Since you should see two call.

Stefano.

Yes it is set to NO for not deactivated. But I don’t have access to the logs directly, i have only what my hoster gave to me and that’s only an small portion of the logs from yesterday. I fear they would maybe restrict the site again if I ask them about access logs and they see there are still bots active.

See my email about last Newsletter update. The provider must give you the access logs, you should be able to get them for at least one or two months… they are gold to analyse problems, not only the one you’re experimenting now.

Stefano.

Concerning the Newsletter Plugin I installed the latest Version (5.2.8) today but the bots still get trough. Antispam and antiflood is active but that doesn’t change anything, so I decided to deactivate the Plugin. Hope there will be a solution because I wouldn’t want to change to another Newsletter Plugin.
By the way, the problem is also discussed in the newsletter plugin support forum. In this forum there is also a problem concerning to see more than the first page of the forum. There are no buttons for the next or the previous page, you should take care to fix this too ??

Daniel

• This reply was modified 6 years, 8 months ago by djoppl.