Increase In Spam

Hi,

A bot shouldn’t be able to figure out the challenge question. Unless it specifically knows the way our plugins works, but it’s not a plugin that’s used by millions so unlikely the bot creator would make it know how our plugin works.

So I think it’s a human doing it.

But let’s try and figure it out. Can you let me know what are the Host and Agent information from the spam messages.

Timely reply, thanks…

I just received 33 messages on another web site (and have now temporarily commented out the contact form).

Host: 125-230-111-62.dynamic-ip.hinet.net
Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

Thanks for investigating,
Ron

Hi Ron,

That IP is marked for spam. It’s from Taiwan. The Agent is pretty common, so doesn’t give much information on whether it’s a bot or not.

In any case, we’ll implement “honeypot” in the plugin ( a hidden field that is not supposed to be filled, humans do not see it so they don’t fill it but bots do see it and do fill it, so if the field is filled we know it’s a bot ).

We might also implement a time check. Basically checks the time difference in seconds between loading and submitting the form, if it’s for example less than 5 seconds it’s safe to assume it was a bot.

Sounds great, I’ve used another contact form with a honeypot that seemed to be effective – but it will be great to stay with your solution which is so elegant and simple.
R

Thanks.

Currently the update is scheduled for December 13th ( tomorrow ). I’ll try to push it for today but if not today, definitely tomorrow.

I confirm that some robots seem to be able to get through the anti SPAM challenge question of the contact form. For a bit more than a month now, I get between 5 and 10 SPAMS every day. Always the same kind of sex related stuff with a link. I’ve changed the challenge to no effect. I’ve banned the IP but some new ones are coming along, so it’s endless.
I’ve been using this plugin for more than 4 years without any issue like that and was more than happy with it before.

Hi,

Almost done with the new update ( the honeypot ). It’s a bit late ( 11:35pm ), so I’ll finish up first thing tomorrow and release it.

In case spam still manages to get through we’ll also go with the time check.

Just released the new version with honeypot functionality.

It’s disabled by default, can be enabled in WP admin > Settings > Contact Form > Plugin Options > Antispam.

Give it a try and let me know how it goes.

Thanks, have switched it on. Will let you know how it goes…

Thank you.

Hi,

Still getting an increased number of spams messages on one site, maybe three per day, which is not much I guess, but more than the 1 every 2-3 weeks I used to get.
Ron

Hi,

I see you switched to a different plugin for forms. What’s the situation with that one, are you getting spam?

Yep sorry, I go through mailgun so didn’t want to risk SPAM to take me over the free threshold.

No spam with the replacement.

This one also uses a honeypot. Perhaps they have some additional checks in there other than the honeypot, will have to check.

But I do have to ask, you did enable the honeypot functionality, correct? It’s disabled by default.

Sure, I enabled the honeypot.

Just to let you know, the same format spam has started to appear on the other contact form. Maybe spam bots can now learn how to circumvent honeypots?