Just a heads up for people who just installed this – Spam email attacks

  • Resolved david

    (@davidroose)


    8 years, 9 months ago

    I never used this plugin before, and just installed it on a relatively new WP instance. Within a few hours I started getting spam emails, one after another, pretty consistently. It’s obvious now that bots are attacking users of this plugin through spam email attacks.

    I just installed Recaptcha so don’t have the results yet on whether it’s going to help or not, hopefully it will stop the bot spam emails. If so, then I’d say this is a great plugin. I will report back after a day or two for the Recaptcha results.

    https://www.ads-software.com/plugins/pirate-forms/

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi David,

    Thank you for letting us know about this. I’ll wait for the results when using Recaptcha.

    Regards,
    Rodica

    Thread Starter david

    (@davidroose)

    Hi Rodica, sorry for the delay. And for everyone else – after setting up Recaptcha and letting it run for a couple of days, the spam has completely stopped. This is good, so the Recaptcha is working and the forms continue to work. The downside is if you don’t setup Recaptcha, you’re basically going to get spammed to death.

    I would suggest the plugin makers force users to setup Recaptcha by making it a requirement. Plugin users can opt-out of it if they want by turning it off, but I would recommend it’s on by default. There is too much risk with the spam that someone could phish their information or send malware links, etc. Thanks.

    Hi David,

    Thank you very much for the suggestions. We’ll consider this but I am not sure if we can force users to use Recaptcha, because this wasn’t the case by now, and it would not be ok for a user that doesn’t want recaptcha to suddenly have it on the site, in the next update.

    Regards,
    Rodica

    Thread Starter david

    (@davidroose)

    We’ll consider this but I am not sure if we can force users to use Recaptcha, because this wasn’t the case by now, and it would not be ok for a user that doesn’t want recaptcha to suddenly have it on the site, in the next update.

    Hey there, no problem, glad I am able to help in some way. My recommendation would be to only require it for new users going forward, not for those who already downloaded it. If you can’t, then maybe some sort of warning/recommendation message saying to avoid spam you highly encourage users to turn on Recaptcha.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Just a heads up for people who just installed this – Spam email attacks’ is closed to new replies.

Tags