Caleb

Aah.. Checking vCita’s web-site I see why all this is happening.

vCita offer revenue share (affiliate style) for their partners.
In this case landing page with ID ‘partner_fast_secure’.

The more I check this out, the more offended I get.

The system is basically setup to bypass front-end spam blockers, and by using the contact form logic (without actually using the web form) making my own system send email on behalf of the ‘vCita Team’, but using my email address as the From: address, but [email protected] as the Reply-To: header.

Plus, since it appears as internal email (from me to me, with the Reply-To: header set to [email protected]), my own system DKIM signs the email bypassing DKIM control, bypasses normal SPF restrictions, DNSBL lists, and other external SPAM blocks, since it is not received from the outside.

Basically, the plugin seems to have put vCita in partial control of my systems, so they can decide when to send me Spam from my own system.

And of all things letting my own system be scheduled to go “pick up” my Spam on schedule at 3 AM in the morning. Across sites.. It seems they basically just queue a spam in their database, and let my own system go pick it up and send it to me, on a normal page-load or my cron-scheduled wp-cron runs. YIKES.

I sort of feel like I have been conned into installing an infection on my own system!!!

See my post on the same topic. Your email address(es) have already been sent off to vCita. So will any new email address you enter to have form data sent to. With your blog address and name.

I just found that I still have a browser tab sitting with the loaded “bad” link being displayed. Below is what my browser states is behind it. (Can’t see the actual code, since reloading would make it disappear, as site no longer had Digg -Digg.)

Also. The site was a new blog I was adding on a multi-blog system, where I merely enabled the already installed plugin. (Probably how the “new” defaults appeared.)

Browser info:
In the div with class ‘buffer-add-button’:
data-count = vertical
class = buffer-add-button
href = https://bufferapp.com/add

Other
Font Family: arial
Font Size: 22.8px

Ancestors
div .entry-content clearfix
div .dd_post_share
div .dd_buttons
div .dd_button

BTW.. The buffering service as such is not necessarily a bad idea. I actually at one point started doing buffering myself, to assure that twitter posts from my blogs would happen at more opportune times. Never finished it at the time, though.

Personally, if I finish the plugin, I would rather buffer the pending twitter submissions locally on the individual blog where they belong, for later scheduled submission through normal wp-cron management, rather than connecting every post to an external buffering service.

But thats probably just me. ??

Well.. Digg-Digg has been deleted so I can no longer see it, and re-testing is not high on my priority list right now.

But FYI.. Here aere some of the signs one sees when using this new Digg-Digg.

I run my browser(s) with a Javascript blocker add-on, that by default block new Javascript load-sources until I have “allowed” them.

When Buffer suddenly magically tried to show up(and I certainly did not request anything related to Buffer through the configuration so it must have been a newly added default), I learned the first thing that happens to any reader not loading the Buffer Javascript: The word “Buffer” in bold, 23px font magically shows up at the end of posts. (on the front-page at the end of excerpts). Likely where the sharing buttons would otherwise have been.

Wondering why my posts suddenly was stamped ‘Buffer’ in bold letters, hovering the word it turns out the be a link to ‘/add’ on the bufferadd web-site. Where I do not really want to send my readers off to.

I did not check your code. After I saw the ownership change on the admin page, the added loads from yet another external web-site, and all the ugly ‘Buffer’ links spattered over my posts, I merely hit the delete plugin link. But I’d guess that this text is actually a placeholder not replaced because the Javascript does not run. (because it is blocked).

So, FYI.
a) I did not ask for anything in the configuration related to Buffer. At that time i did not even know what it was, and yet it was suddenly trying to load from your site. But was blocked by the browser add-on.

b) Currently it appears that any reader out there that happens to have new Javascript loading sites (such as here bufferadd[.]com) blocked by default will instead see a link with the word “Buffer” in big bold letters scattered around the web-site they are reading, with a link to the bufferadd[.]com website. Something the blog-owner (with Javascript enabled) will likely not realize until someone asks them about it.

Very similar. Some parts started from Akismet.
But obviously a very different back-end.
Plus security blocks in front.

[Ad copy moderate]
NOTE: CrudArrest requires a free for personal sites API key from CrudArrest.com.