I just wanted to make sure I’m understanding the GeoIP blocking correctly. If you enter a country code in Allowed browser languages, does that mean that submissions from any other location will be disallowed?
Thanks
]]>Hi!
I have installed this plugin and I am getting a 403 error when trying to save the initial configuration without any changes. The website is in a shared hosting and there are no other antispam plugins that can interfere with it. How can I fix the error? Thanks!
]]>Hi,
I have installed this plugin on my website, but when I try to save the initial configuration (without any changes) I get a 403 Forbidden, You don’t have permission to access this resource.
I don’t have any other antispam plugins that can be interfering with it. Any idea of why I am getting this error? The website is in a shared hosting with the standard configuration. Thanks!
]]>Hello,
D8 gives me a result of 100%, but the mail is still not marked as spam and gets delivered. Any ideas?
Kind Regards!
]]>Hello, if I manual set a message to spam, it is not in the blacklist table. As I use a script to extract and report those spammers ips, it would nice to have this.
]]>TypeError: null is not an object (evaluating 'document.getElementById("cf7a_download_button").addEventListener')
/cf7-antispam/build/admin-scripts.jsHave this error on all installs…
]]>Hi Erik!
Hopefully you are doing okay!
I use your plugin on multiple websites I built.
I use a basic list that contains common english bad words. Sometimes a false positive is caused by the words I use in my bad words list. Please note that our visitors are mostly dutch.
For example, the english bad word “offer” also occurs partly in the dutch word “offerte” (invoice). This caused a false positive.
– Is there a way to prevent these false positives?
– If not, do you recommend using a english list with bad words on a dutch website?
– And also: can you recommend a good list with english bad words?
As always, thank you for creating and maintaining this plugin!
Kind regards,
Benjamin
I love your plugin. It has greatly reduced the spam coming through the forms. However, I am having a problem on 2 different websites with Firefox ignoring the Autocomplete turned off, and auto filling in the hidden honeypot fields. Thus regular real visitors to the website are getting flagged as spam and unable to submit the form.
I noticed that the honeypot field was always “name”. In the settings, I went to the “Name for the honeypots inputs” and removed the first 3 (name, email, address) as those would be the 3 most likely to be auto completed. However, the honeypot field is still always name.
So we have 2 problems: 1. Firefox autocompletes the honeypot fields 2. unable to change the name of the honeypot field.
These 2 problems are able to be reproduced in 2 different websites on 2 different domains and 2 different servers.
]]>Is it possible to see a breakdown of the spam score for an individual message? For example, I received a genuine enquiry but it was given a spam score of 12 and sent to Spam. I would love to know exactly why it received this score so I can troubleshoot and tweak my configuration. Thanks!
]]>Hello, at one of my installations all mails are marked as spam with: no_ip: Address field empty.
How can I fix this? The settings are all the same.
]]>Hi Erik, at the moment I am getting a lot of honeypot false positives. Like these
Spam log: data_mismatch: Version mismatch ” != ‘0.6.2’; bot_fingerprint_extras: activity 0, mouseclick_activity, mousemove_activity, webgl, webgl_render; honeypot: name, zip, ship-address
I am sure this email wasn’t spam. And so there are more.
Any ideas?
]]>When the antispam plugin is activated, the stylesheet of every page and blog post is changed.
On desktop devices, no change is visible. But on mobile devices, the height and width of the website is changed. The size of the content remains the same, but the navigation-burger is not visible. You have to scroll to the right, to access the menu. When scrolling down, the menu disappears, although it should stay on top. It’s possible to zoom out. Then the menu stays on top and occupies the whole width of the page. But then, the content is way too small.
This occurs on Firefox, Chrome, Edge and Safari.
I know, my problem is very specific, I’m not using a default theme and I did a lot of modifications to the appearance of the website. So reproducing this bug is hard.
I couldn’t figure out, how I could fix this behavior, since no element on the page seems responsible for a width/ height change. Also, I can’t reproduce it myself on my test-system of the page (although it is no exact copy of my main page, which is probably the reason).
So my question would be, if someone experienced something similar, or if I can deactivate the part of the plugin, which changes the stylesheet/ the content of the website.
I’m really thankful for this plugin, since my page receives up to five spam-messages per day and this plugin was the only way to regulate it.
]]>Hi Erik,
I think I’m missing something. There are 42 IPs banned in the list, but my setting are
Automatic spammer IP Blacklist V
Mail blocked before Ban 3
Automatic Unban 5min
Shouldn’t those IPs be gone after 5 minutes? Or is it possible that they get on this list in another way, and stay there?
]]>Hi Erik, how are you doing. Some questions.
I found this banned:66.249.71.196[unban ip] [ban forever]
blacklisted score: 4; b8: 0.97
That’s Google. Any idea what could have happened?
And this one:
data_mismatch: Version mismatch ” != ‘0.6.2’; bot_fingerprint_extras: activity 0, mouseclick_activity, mousemove_activity, webgl, webgl_render; honeypot: name, address, zip; b8: 1
These types are bots, right?
And when there’s written:
blacklisted score: 4;?b8: 1
What does the blacklisted score mean?
This weekend, I saw some changes in the amount that went to the blacklisted list, especially via zen.spamhaus.org.
Would it be an idea if you added a date to the blacklist items so that we can check if these changes happened after a setting change or plugin update?
]]>Hello,
I tried your plugin and it seems that it stops spam emails, but there is an issue.
Some users reported that they can’t send email and after inspection I noticed that Submit button on forms is disabled for some user (not sure why not for all, but only some users) and they can’t click on button to even try to send email.
When plugin is deactivated this issue is gone. I just installed the plugin without changing any settings. Is there maybe some setting for this issue?
Additionally I can tell you that we also have installed honeypot plugin and we have setup integration with reCAPTCHA.
Can you help us solve this issue?
Hello,
This plugin sounds interesting, however I can’t make it work as expected.
1. Everytime I try to submit the form, it ends up on the front-end with an error message (like “error in submitting the form”).
The JS console shows the following error:
Uncaught TypeError: Cannot read properties of null (reading ‘setAttribute’)
at s (script.js?ver=a36b04cf8b501e85565c:1:1933)
at HTMLDocument.t (script.js?ver=a36b04cf8b501e85565c:1:7873)
It points to a script in Antispam’s plugin folder, and more specifically to this portion:
2. No email is sent to the mailbox it is supposed to reach on form submit success.
3. But the form content is saved in Flamingo’s spam folder.
4. In Antispam settings, I see my IP (ipv6 if it matters) getting blacklisted at every submission. The reason mentionned is “no_ip: Address field empty” (both being logged in to the blog and being a visitor lead to same result). No matter whether I unban it just before (whereas autoban is set to work after only 3 blocked attempts) and added it to the whitelist.
5. I set the following in wp-config.php.
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'CF7ANTISPAM_DEBUG', true);
define( 'CF7ANTISPAM_DEBUG_EXTENDED', true);But there is nothing in wp-content/debug.log after attempting a new form submission.
Here are for reference the options of the plugin:
Array
(
[cf7a_enable] => 1
[cf7a_version] => 0.6.2
[cf7a_customizations_class] => fit-the-fullspace
[cf7a_customizations_prefix] => _cf7a_
[cf7a_cipher] => aes-128-cbc
[cf7a_score_preset] => weak
[cf7a_disable_reload] => 1
[check_bot_fingerprint] => 1
[check_bot_fingerprint_extras] => 1
[append_on_submit] => 1
[check_time] => 1
[check_time_min] => 6
[check_time_max] => 31536000
[check_bad_ip] => 1
[autostore_bad_ip] => 1
[max_attempts] => 3
[unban_after] => disabled
[check_bad_words] => 0
[check_bad_email_strings] => 0
[check_bad_user_agent] => 1
[check_dnsbl] => 0
[check_refer] => 1
[check_honeypot] => 1
[check_honeyform] => 0
[identity_protection_user] => 1
[identity_protection_wp] => 1
[enable_geoip_download] => 0
[geoip_dbkey] =>
[check_language] => 0
[check_geo_location] => 0
[honeyform_position] => before-content
[enable_b8] => 1
[b8_threshold] => 0.95
[enable_advanced_settings] => 0
[mailbox_protection_multiple_send] => 0
[bad_words_list] => Array
(
[0] => viagra
[1] => Earn extra cash
[2] => MEET SINGLES
)
[bad_ip_list] => Array
(
)
[ip_whitelist] => Array
(
[0] => {my_ip_for_test_purposes}
)
[bad_email_strings_list] => Array
(
)
[bad_user_agent_list] => Array
(
[0] => bot
[1] => puppeteer
[2] => phantom
[3] => User-Agent
[4] => Java
[5] => PHP
)
[dnsbl_list] => Array
(
[0] => dnsbl-2.uceprotect.net
[1] => dnsbl-3.uceprotect.net
[2] => zen.spamhaus.org
[3] => b.barracudacentral.org
[4] => bl.ipv6.spameatingmonkey.net
)
[honeypot_input_names] => Array
(
[0] => name
[1] => email
[2] => zip
[3] => town
[4] => phone
[5] => credit-card
[6] => ship-address
[7] => billing_company
[8] => billing_city
[9] => billing_country
[10] => email-address
)
[honeyform_excluded_pages] => Array
(
)
[languages_locales] => Array
(
[allowed] => Array
(
[0] => en-US
[1] => en
)
[disallowed] => Array
(
)
)
[score] => Array
(
[_fingerprinting] => 0.1
[_time] => 0.3
[_bad_string] => 0.5
[_dnsbl] => 0.1
[_honeypot] => 0.3
[_detection] => 0.7
[_warn] => 0.3
)
[cf7a_enabled] => 0
)Also for reference, the CF7-related plugins enabled during the test (all up to date):
– CF7
– AntiSpam for Contact Form 7
– Flamingo
– Disable Flamingo Addressbook
– Multi Step for Contact Form 7 (Lite)
– Preview Form
– Avada Theme/Fusion builder (which I believe adds code to the form’s frontend)
9. If I disable the Antispam plugin, I can submit the form right away.
Would you have any advice?
I have noticed, that /cf7-antispam/build/script.js is load on all front pages, even without a contact form.
Could you please load it conditionally only where it is needed?
]]>Erik, can I remove the spam emails from the Inbound message list? Have your plugin and the b8 findings been stored?
Or is it better to leave them there in case I want to rebuild a b8 dictionary again?
]]>Hi Erik,
I’m wondering, will b8 scan messages if I don’t use the [your-message] shortcode in the message body?
For example, I use this in the message body textbox:
This email is about: [_post_title]
Personal information
Name:
[your-name]
Email:
[your-email]
Place of birth:
[your-place-of-birth]
Date of birth:
[_format_your-birthday-date “dd/mm/YYYY”]
Will b8 be able to scan it? And if not, would there be an option? Like, adding all of the shortcodes to the Additional Settings tab?
]]>I am trying to figure out why the Flamingo Inbound messages say 26 emails have been sent, but there are only 8 emails in my inbox. Those emails were bcc in CF7. The emails were BCCed to Gmail. I checked everything; inbox, spam, trash, but no track of the sent emails.
On the email account that should receive all form email, only 1 email was received.
I don’t know if this concerns CF7, Flamingo, WP, or your plugin. In the past, with only CF7, I didn’t have any problems. They started when I installed your plugin and Flamingo.
I also don’t know if your plugin has any influence on sending emails. For instance, when a form is used, the data is stored in Flamingo, and then your plugin decides whether the email should be sent or not.
Just now, I tried to resent an email which was not marked as spam but also not received in the inbox. Neither the one for the inbox nor the BCCed one arrived.
]]>Ciao guys!
I just upgraded to php 8.2 and now I have this warning:
Warning: Undefined array key “mailbox_protection_multiple_send” in/wp-content/plugins/cf7-antispam/core/CF7_AntiSpam_Frontend.php?on line?312
I just wanted to notify you
thanks
]]>Hi, Erik.
It would be great if there is an option to save the settings on the Settings page. I had changed the default settings and had to delete the plugin, and had to find out which settings I used.
]]>Fatal error: Uncaught Error: in_array(): Argument #2 ($haystack) must be of type array, string given
in /var/www/vhosts/…/wp-content/plugins/cf7-antispam/core/CF7_AntiSpam_Frontend.php on line 158
Call stack:
in_array()
wp-content/plugins/cf7-antispam/core/CF7_AntiSpam_Frontend.php:158
CF7_AntiSpam\Core\CF7_AntiSpam_Frontend::cf7a_honeyform()
wp-includes/class-wp-hook.php:324
WP_Hook::apply_filters()
wp-includes/plugin.php:205
apply_filters()
wp-includes/post-template.php:256
the_content()
wp-content/themes/hello-elementor/template-parts/single.php:25
require()
wp-includes/template.php:792
load_template()
wp-includes/template.php:725
locate_template()
wp-includes/general-template.php:206
get_template_part()
wp-content/themes/hello-elementor/index.php:21
include()
wp-includes/template-loader.php:106
require_once()
wp-blog-header.php:19
require()
index.php:17Do you need more information about that?
]]>I’ll let you know more in detail later, but could you tell me where the Blacklist and Dictionary are stored?
]]>Hi Erik,
A continuation of this topic: https://www.ads-software.com/support/topic/does-resend-email-actually-works/#post-17345498
So, I got an email marked as spam in the Stats for CF7 Antispam list on the Dashboard widget. After I clicked on the email link that was marked as spam, I clicked “Not spam” in the sidebar widget, then on Update.
Then I found the email back in Flamingo under “Inbound messages”.
The form and Meta fields are still there. Is that the form you were looking for? This form is still there.
After I clicked on the Flamingo “Inbound messages” link in the sidebar, I went to a page where I can click “Resend Email”. When I click that button, the email is sent to the website admin’s email address.
]]>Hey! Love the plugin. Is it possible to add labels to the honeypot inputs (but hidden from screen readers)? I’m getting flags when I WAVE our contact page for these and my client has to have everything compliant. Thanks.
]]>Hi Erik,
Recently I noticed a critical PHP-error is shown when Bulk Actions is used to mark multiple spam messages as “No spam”. So I tried to troubleshoot this problem in MAMP:
Warning: Uninitialized string offset 0 in /Applications/MAMP/htdocs/website/wp-content/plugins/cf7-antispam/includes/cf7a-antispam-flamingo.php on line 200
The following check seems to fix this possible bug:
if(!empty($flamingo_post->meta)){
I’m not very proficient in using Github, so I thought to let you know via this forum post. Hope this helps!
Kind regards,
Benjamin
Hi Erik,
First of all, thanks for developing this great plugin!
I have a question regarding B8 and Flamingo (because I have concerns about GDPR-compliance of Flamingo).
- Is it possible to let B8 do it’s thing when inbound Flamingo messages are periodically removed?
- Also, how much “worse” does your plugin perform on average when Flamingo is absent?
Kind regards,
Benjamin
Hello,
I got an email that is not spam, but was being marked as spam.
I pushed the resend email button because I need to reply to that email, but nothing happens.
p.s. I use Wp mail smtp with Sendinblue(brevo)
]]>This was exposed when a “Drag and Drop Multiple File Upload” field was added to a contact form. Would cause an exception as ‘none’ was being fed into round(); Changing this to 0 fixed the issue.
--- cf7a-antispam-flamingo.php (revision 5970)
+++ cf7a-antispam-flamingo.php (working copy)
@@ -333,7 +333,7 @@
$b8 = new CF7_AntiSpam_B8();
- $rating = ! empty( $message ) ? round( $b8->cf7a_b8_classify( $message ), 2 ) : 'none';
+ $rating = ! empty( $message ) ? round( $b8->cf7a_b8_classify( $message ), 2 ) : 0;
update_post_meta( $result['flamingo_inbound_id'], '_cf7a_b8_classification', round( $rating, 2 ) );
}