No spam protection(captcha) for a comment subscription form  

  RSS

Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
31/07/2018 5:19 pm  

Please, help me to fix the issue related to a comment subscription form. I am getting a lot of spam messages(comment subscription notifications) last weeks because bots with random emails are trying to subscribe on the comments. Ideally I want to have a captcha here. But seems I only have an option to disable subscription bar completely to avoid these spam subscriptions.

I also saw there is "Invisible spam protection" feature available but I am not sure it will work in comment subscriptions.

 

Regards,
Eugen


Mary Goldwin liked
ReplyQuote
Tom
 Tom
(@tomson)
Support Team Admin
Joined: 4 years ago
Posts: 2768
01/08/2018 12:01 pm  

Hi  Eugen,

I'm really sorry but there is no option to add an antispam protection to this form yet. We're going to work on this, and make it available as soon as possible. Probably we'll add it in next version release.


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
01/08/2018 3:10 pm  

Thanks Tom. I'll be waiting impatiently 🙂


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
10/09/2018 6:17 pm  

Hey guys, I just saw the latest changelogs(5.1.6/5.1.7)  and there is no fix for missing spam protection on a comments subscription form. Is it scheduled for a next release?


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
04/10/2018 12:39 am  

Hey guys, I just checked the changelog for v5.2.0 / v5.2.1 and there is no spam protection on a comment subscription form. Is it scheduled for an implementation at the nearest time(month-two)? 


ReplyQuote
Astghik
(@astghik)
Support Team Admin
Joined: 12 months ago
Posts: 1384
04/10/2018 5:12 pm  

Hi @eugen,

The changes are already included, as wpDiscuz uses WordPress nonces for spam protection on a comment subscription form.


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
04/10/2018 8:17 pm  

Thanks for letting me know - I'll try out the new functionality. 

Cheers, 

Eugen. 


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
07/10/2018 7:39 pm  

Hey guys,

I checked my install and there is one interesting thing. When I created this issue I had wpDiscuz  version 5.1.5. But this version already have WP nonces on comment subscriptions.

Does it mean that WP nonces don't work in our case?

The second important question: is there an ability to add a captcha field to the subscription form? Maybe some code hook or action? So not only to add a field but also have an ability to validate on a back-end?

 

Cheers, 
Eugen


ReplyQuote
Astghik
(@astghik)
Support Team Admin
Joined: 12 months ago
Posts: 1384
08/10/2018 2:58 pm  

Hi Eugen,

Does it mean that WP nonces don't work in our case?

Could you please explain what you mean saying "don't work in our case?" How you've checked it? 

is there an ability to add a captcha field to the subscription form? Maybe some code hook or action?

I'm sorry, but there are no any hooks yet. We'll take it into consideration for sure. 


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
09/10/2018 2:35 am  

Hey guys, 

When I said "don't work in our case" I meant this doesn't prevent us from getting spam messages. Not sure how they did it, is it robots or human but since we enabled subscriptions bar on a comment form we are getting a spam again.

I am right that the only suggestion here is to disable subscriptions bar entirely?

 

Cheers, 
Eugen


ReplyQuote
Astghik
(@astghik)
Support Team Admin
Joined: 12 months ago
Posts: 1384
13/10/2018 1:22 pm  

Hi @eugen,

this doesn't prevent us from getting spam messages

Please explain step by step. How you get an email notification? So if users subscribe to any post you get an email notification? 


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
13/10/2018 8:34 pm  

Hi @astghik

The problem is that anyone can submit any fake email address in a comment subscription form. That's wht we're getting hundreds of subscription confirmations from fake email addresses. 

Answering your question: Not sure why I am getting all these messages but maybe because I am a post author so I can see all the activity on an article. Is there any options to control this?

There is my setup: 

BAEL 7914 wpdiscuz subscription settings

There is a possible explanation of how the did it:

BAEL 7914 wpdiscuz comment subscription form

 

Actually I have two questions: 

  • Can I stop to receive these subscription confirmations on email?
  • Is there ability to request a captcha to be added on a comment subscription form?

 

Cheers, 
Eugen


ReplyQuote
Astghik
(@astghik)
Support Team Admin
Joined: 12 months ago
Posts: 1384
15/10/2018 3:06 pm  

Hi @eugen,

Please note wpDiscuz doesn't send any email notifications to post author, admin etc. when someone subscribes to replies. Please deactivate all plugins except wpDiscuz) and check again. 


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
16/10/2018 6:06 pm  

Hey @astghik,

We keep receiving emails saying specifically that they're a confirmation to comment subscription:

 

"Hi, 
You just subscribed for new comments on our website. This means you will receive an email when new comments are posted according to subscription option you've chosen. 
To activate, click confirm below. If you believe this is an error, ignore this message and we'll never bother you again. "

 

It is accompanied with confirm & cancel subscription links and a link to the post where the subscription took place. The problem is, we get a lot of these and many email addresses in them make no sense. 

 

We've also tested this manually and subscribing to comments does send an email like this one to our email account. 

Some time ago we deactivated comment subscription in wpDiscuz settings and the emails stopped arriving (we re-activated it after the initial feedback in this thread). 

 

wpDiscuz is the only comment plugin that we use on our site.

 

Cheers,

Eugen

This post was modified 1 month ago by Eugen

ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
16/10/2018 9:24 pm  

Also, to be clear - I tested this myself, directly on the site. 

I went into a random thread, I manually subscribed to comments with a separate email and, immediately - this email gets sent. 

I've done that several times, just to be super sure - the email is always being sent. 

Does that help clear things up?

Cheers, 

Eugen. 


ReplyQuote
Eugen
(@eugen)
Active Member
Joined: 4 months ago
Posts: 11
17/10/2018 10:16 pm  

I have an update here.

So we discovered that this issue is related to spam messages and happens only when someone enter invalid email address in a comments subscription form. Next, our Post SMTP plugin is trying to deliver email to a receiver but it's failed - that's why we are getting all these spam messages. 

Since it's clear why we have this problem my last question here is can you please add a captcha to a comment subscriptions bar? This will help us to filter all these errors.

 

Cheers, 
Eugen


ReplyQuote
Share: