False Positives on Login; Compatibility w/ S2Member Login

What I would suggest is to go into the Astounding Spam settings page. First go to the “Log” tab and clear the log. Scroll down to “Show all reasons for rejection” and turn it on. Then cause a rejection.

The log page will then show how the plugin is working and exactly why it rejected the transaction.

Copy the log and send it to me.

Disable the plugin so no one else is rejected while we work this out.

It may be that another plugin is behaving in a way that confuses the Astounding Spam plugin. There are hundreds of form filling plugins for login, data, and other uses. It is impossible code in exceptions for all of them.

Will

Thanks for the suggestion Will. I’ve followed the instructions you’ve kindly provided and have instructed a few helpful website members to report back to me once they’ve attempted to login. I’ll let you know once I have a log of some false positives.

Hi Will,
In the 10 days since I’ve reactivated Astounding Spam (and started a fresh log), everything seems to be working fine. I think the conflict I was experiencing w/ S2Member may have been caused by another spam plugin (WP Cerber Security, Antispam & Malware Scan). Either way, the users who had previously had issues seem fine on their logins now.

Thanks again!
Darren

Thanks for reporting back. I am relieved that things worked out.

Will

Hi Will,
Hope all’s well.

Sometime after my last post, I realized some users were having issues logging in again, so I deactivated your plugin. When I was testing today w/ your plugin reactivated, I managed to login fine, but noticed that registration is where the issue now appears to lie. I had to deactivate the plugin for now, but can turn it back on if you need the log. Let me know if the following error msg that appears after I submitted a registration attempt suffices for troubleshooting for now:

denied registration
bbcode [php in field: ws_plugin__s2member_custom_reg_field_company_type astound_chkbbcode rejection
spam domain: 119.23.133.147 in ws_plugin__s2member_custom_reg_field_company_type astound_chkdomains rejection
spamword: it’s effective in ws_plugin__s2member_custom_reg_field_company_type astound_chkspamwords rejection
Phishing Domain: 000m8ih.wcomhost.com in ws_plugin__s2member_custom_reg_field_company_type astound_chkphish rejection
found Bad Neighborhood: 49.245.115.210 in 49.0.0.0/8 astound_chkbadneighborhoods rejection

Much appreciated in advance,
Darren

It found the host wcomhost.com in the form submit and rejected it because it it is in a known phishing domain.
Uncheck the “check phishing sites” option and also uncheck “check bbcodes”.

Thanks for the suggestion Will. Registration works fine if I uncheck those options.

However, I still want to get to the root of the problem which is that wcomhost.com is trying to phish on all registrations (handled by S2member). Outside of turning off the ability for site visitors to register, how would you suggest I avoid any legitimate user details getting phished via my S2member registration form?

If this phishing site indeed has somehow embedded itself into the S2member registration form on my website (https://tradablepatterns.com/wp-login.php?action=register), how would you suggest for me to clean the phisher from the form, and to eliminate this phishing from taking place, while allowing users to continue with legitimate registration?

Much appreciated in advance!

Darren

I downloaded and checked s2member and I can’t find anywhere that it is trying to load a bad URL, but it encrypts part of the plugin and then decrypts it on the fly each time it loads, so I don’t know what it might be doing. Plugins that do this are usually trying to hide something. It could also be another plugin.
You might try deleting all plugins and then reinstall WP with the previous version. Download and install fresh copies of all the plugins that you use and then restore WP to the current version. This will effectively clean out your site. This a tremendous amount of work, though.
If I had this problem I would find an alternative to s2member.

Will

Hi Will,
Thanks for the suggestion and for the investigation into S2Member. I’ve been using S2Member for 5 yrs or so, and have spent countless hours adapting my website to S2Member (as it was the most functional and adaptable membership plugin I was able to find at the time in the summer of 2014).

I’m still waiting for S2Member to get back to me, but will keep you posted on their response…it might be a few more days before I hear back, as their support’s been quite thin ever since they were acquired by another software vendor.

Ideally, I’ll try holding off for now on deleting all of my activated plugins given some configuration settings will be hard to remember (and will be lost in the plugin deletion I’m assuming).

Thanks again, and hope you’re enjoying your weekend,
Darren