Does Mailpoet 3 stop fake signup?

  • Resolved lickthespoon

    (@lickthespoon)


    7 years, 1 month ago

    I am a Mailpoet 2 premium user and currently frustrated at your zero response to my urgent fake signup request made through a support email. Your 2 part signup is being hijacked by bots to send first stage signup emails en mass to apparently valid email addresses causing a huge bounce list, unhappy email server host, and possible contribution to ddos attacks.
    After scouring server logs and trying to block the Russian ip I’ve temporarily deactivated mail poet to avoid being blacklisted whilst I work on a solution.
    You released a Mailpoet 2 throttling patch, but it doesn’t work in the pattern of this spammer.
    You imply in this forum that the problem doesn’t exist in Mail poet 3 – what’s different? I have a test site and am wiling to migrate if it has better security.
    But unless you’ve implemented a recaptcha or other logic in the signup widget it’s hard to see how. The throttling of multiple sign ups from a single ip hasn’t worked for me against this spammer.
    It’s disappointing that despite having acknowledged security flaws in the past and vowed to do better (I stuck with you) you still have no signup form protection.
    Every other contact form plugin has some form of recaptcha option. But unfortunately having said it’s not needed and two stage sign up is the best solution it’s now being used against you as a flaw.
    I’ve wasted several days on this and despite being premium for several years have been unable to get any support.
    Do you realise how frustrating it is that the only advice on the Mailpoet website is it’s not needed, no acknowledgment of any issue. I have daily anti virus scans, full https site, firewalls, numerous other protection, and yet your signup form is providing the perfect spammers tool!
    So if I migrate to mail poet 3 is your signup better protected or are you going to recommend using an alternative spam filter rather than take your own signup security seriously?
    Are you really going to abandon mail poet 2 with a sign up fix that doesn’t work and offer no support to protect signup?

Viewing 4 replies - 16 through 19 (of 19 total)

  • @agilityjeff did you ever find a solution for this at all?

    Suggestion…

    Like other lists, perhaps also add a feature where certain “subscribe” domain (email domains) can be added to a blocklist?
    Doing so helps to prevent all users attempting to subscribe with an email address from xxxx@<blocked-domain.com>

    To make an invisible “Google recaptcha” on your mailpoet 2.x forms, you can do it with the Native “Google recaptcha” mailpoet build in and a bit of CSS and JS code.

    To do so, first you have to activate the Google recaptcha on your site (you will need a google key).

    After that add a CSS line:
    .g-recaptcha { display:none; }

    And a JS code in your theme/footer.php :

    jQuery( document ).ready(function() {
	jQuery('.wysija-input').focus( function(){
		jQuery('.g-recaptcha').show();
	});
});

    This code will hide the recaptcha window, but if the user clicks on the input box (wysija-input) then the recaptcha window will be shown.

    You will may have to do some CSS adjustments to show nicely the recaptcha window.

    Hope it’s usefull!

    • This reply was modified 6 years, 7 months ago by gtamborero.

    They even register when the site is protected by a password…

Viewing 4 replies - 16 through 19 (of 19 total)
  • The topic ‘Does Mailpoet 3 stop fake signup?’ is closed to new replies.