Notifications
Clear all

No spam protection(captcha) for a comment subscription form

20 Posts
5 Users
1 Likes
2,638 Views
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Please, help me to fix the issue related to a comment subscription form. I am getting a lot of spam messages(comment subscription notifications) last weeks because bots with random emails are trying to subscribe on the comments. Ideally I want to have a captcha here. But seems I only have an option to disable subscription bar completely to avoid these spam subscriptions.

I also saw there is "Invisible spam protection" feature available but I am not sure it will work in comment subscriptions.

 

Regards,
Eugen


   
Mary Goldwin reacted
Quote
 Tom
(@tomson)
Famed Member Admin
Joined: 9 years ago
Posts: 4168
 

Hi  Eugen,

I'm really sorry but there is no option to add an antispam protection to this form yet. We're going to work on this, and make it available as soon as possible. Probably we'll add it in next version release.


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Thanks Tom. I'll be waiting impatiently 🙂


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Hey guys, I just saw the latest changelogs(5.1.6/5.1.7)  and there is no fix for missing spam protection on a comments subscription form. Is it scheduled for a next release?


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Hey guys, I just checked the changelog for v5.2.0 / v5.2.1 and there is no spam protection on a comment subscription form. Is it scheduled for an implementation at the nearest time(month-two)? 


   
ReplyQuote
Astghik
(@astgh)
Illustrious Member Admin
Joined: 6 years ago
Posts: 5872
 

Hi @eugen,

The changes are already included, as wpDiscuz uses WordPress nonces for spam protection on a comment subscription form.


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Thanks for letting me know - I'll try out the new functionality. 

Cheers, 

Eugen. 


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Hey guys,

I checked my install and there is one interesting thing. When I created this issue I had wpDiscuz  version 5.1.5. But this version already have WP nonces on comment subscriptions.

Does it mean that WP nonces don't work in our case?

The second important question: is there an ability to add a captcha field to the subscription form? Maybe some code hook or action? So not only to add a field but also have an ability to validate on a back-end?

 

Cheers, 
Eugen


   
ReplyQuote
Astghik
(@astgh)
Illustrious Member Admin
Joined: 6 years ago
Posts: 5872
 

Hi Eugen,

Does it mean that WP nonces don't work in our case?

Could you please explain what you mean saying "don't work in our case?" How you've checked it? 

is there an ability to add a captcha field to the subscription form? Maybe some code hook or action?

I'm sorry, but there are no any hooks yet. We'll take it into consideration for sure. 


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Hey guys, 

When I said "don't work in our case" I meant this doesn't prevent us from getting spam messages. Not sure how they did it, is it robots or human but since we enabled subscriptions bar on a comment form we are getting a spam again.

I am right that the only suggestion here is to disable subscriptions bar entirely?

 

Cheers, 
Eugen


   
ReplyQuote
Astghik
(@astgh)
Illustrious Member Admin
Joined: 6 years ago
Posts: 5872
 

Hi @eugen,

this doesn't prevent us from getting spam messages

Please explain step by step. How you get an email notification? So if users subscribe to any post you get an email notification? 


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Hi @astghik, 

The problem is that anyone can submit any fake email address in a comment subscription form. That's wht we're getting hundreds of subscription confirmations from fake email addresses. 

Answering your question: Not sure why I am getting all these messages but maybe because I am a post author so I can see all the activity on an article. Is there any options to control this?

There is my setup: 

BAEL 7914 wpdiscuz subscription settings

There is a possible explanation of how the did it:

BAEL 7914 wpdiscuz comment subscription form

 

Actually I have two questions: 

  • Can I stop to receive these subscription confirmations on email?
  • Is there ability to request a captcha to be added on a comment subscription form?

 

Cheers, 
Eugen


   
ReplyQuote
Astghik
(@astgh)
Illustrious Member Admin
Joined: 6 years ago
Posts: 5872
 

Hi @eugen,

Please note wpDiscuz doesn't send any email notifications to post author, admin etc. when someone subscribes to replies. Please deactivate all plugins except wpDiscuz) and check again. 


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Hey @astghik,

We keep receiving emails saying specifically that they're a confirmation to comment subscription:

 

"Hi, 
You just subscribed for new comments on our website. This means you will receive an email when new comments are posted according to subscription option you've chosen. 
To activate, click confirm below. If you believe this is an error, ignore this message and we'll never bother you again. "

 

It is accompanied with confirm & cancel subscription links and a link to the post where the subscription took place. The problem is, we get a lot of these and many email addresses in them make no sense. 

 

We've also tested this manually and subscribing to comments does send an email like this one to our email account. 

Some time ago we deactivated comment subscription in wpDiscuz settings and the emails stopped arriving (we re-activated it after the initial feedback in this thread). 

 

wpDiscuz is the only comment plugin that we use on our site.

 

Cheers,

Eugen

This post was modified 5 years ago by Eugen

   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

Also, to be clear - I tested this myself, directly on the site. 

I went into a random thread, I manually subscribed to comments with a separate email and, immediately - this email gets sent. 

I've done that several times, just to be super sure - the email is always being sent. 

Does that help clear things up?

Cheers, 

Eugen. 


   
ReplyQuote
(@eugen)
Active Member
Joined: 6 years ago
Posts: 11
Topic starter  

I have an update here.

So we discovered that this issue is related to spam messages and happens only when someone enter invalid email address in a comments subscription form. Next, our Post SMTP plugin is trying to deliver email to a receiver but it's failed - that's why we are getting all these spam messages. 

Since it's clear why we have this problem my last question here is can you please add a captcha to a comment subscriptions bar? This will help us to filter all these errors.

 

Cheers, 
Eugen


   
ReplyQuote
(@dcwebman)
New Member
Joined: 4 years ago
Posts: 2
 

I found this thread because I am having the same problem. It got so bad with all the bad emails that G Suite (Gmail) disabled my account because of sending spam. Thankfully I got it enabled, but I need to stop this problem. 

The database table for subscriptions had thousands of email addresses which were obviously from spam email addresses. I have cleaned up that table but in the process of doing so, I know I lost some valid emails because I was not going to manually go through thousands of emails to try and determine valid ones.

At the moment, I have had to disable the subscriptions so this problem stops.

When can we see captcha to avoid this problem in the future so we can use this useful feature?


   
ReplyQuote
Astghik
(@astgh)
Illustrious Member Admin
Joined: 6 years ago
Posts: 5872
 

@dcwebman,

Sure this is already added in the wpDiscuz 7 version. You can download and check it:

https://beta.wpdiscuz.com/demo/

More info here: https://beta.wpdiscuz.com/docs/wpdiscuz-7/plugin-settings/google-recaptcha/#display-on-subscription-form

 


   
ReplyQuote
(@dcwebman)
New Member
Joined: 4 years ago
Posts: 2
 

Hi @astghik,

Sounds good. When will it be released?


   
ReplyQuote
Elvina
(@elvina)
Support
Joined: 5 years ago
Posts: 1403
 

@dcwebman,

I'm sorry but we can't provide an exact date yet(no ETA).

 


   
ReplyQuote
Share:
Scroll to top