Spam message: will be possibile a better managment?

  • Resolved peopleinside

    (@peopleinside)


    1 year, 4 months ago

    Hi,
    I’m again here to report my issue and to try to giving an idea for a future implementation.

    First I see a new update 3.0.6 has been release who should add compatibility with Wordfence plugin: thank you! I will try this.

    I’m using your plugin and I discover this plugin because it’s really hard to stop spam in forminator. With your plugin seems the spam is really blocked so it’s the only plugin who really work for this. I tried many other captcha and honey field protection but is not fully working: spam was able to continue to submit bad messages.

    Using your plugin still cause some issue to me because many not spam message as reported as spam, those are not users message but system message. For Wordfence since yesterday many Wordfence system message was flagged as spam, now maybe with the new version those message will be no more registered? I need more time to see if this works.

    I use also the security shield plugin and this, also with your latest version 3.0.6 produce a lot of spam messages. Can be possibile to insert a sort of button in tose message that help user to ignore that kind of message?

    I try to explain myself better.
    imagine I go on spam messages and I open a message that is a system message from the plugin security shield. Will be nice if near the two black actions button to move to messages or trash will exist another button to ignore that messages from the security shield plugin.

    In another support thread, where I reported compatibility issue with Wordfence, before the latest update you suggested to enable the explicit mode but this will really limitate the plugin because will be no more active everywhere but only on manual Explicit actions inserted manually. Instead of limitate the use of the plugin, for example only to forminator, cannot exist a button to stop the generation of spam messages stored like a ignore button that will find what action has generated that spam message and add to a ignore list?

    For have this plugin working in forminator, comments, etc I have to contact each plugin support for let they give me the Explicit actions? Seems now the only way I have to reduce others plugin conflict is turn on the Explicit mode but after this I need for example ask to the support of the plugin wpDiscuz what actions I need insert for have your plugin protecting me from spam comments. Seems complicated for me.

    I like the idea that plugins works everywhere and can simply learn how to ignore spam message to store from the spam message actions buttons. I don’t know if this can be developed or not.

    I show an example:

    This is a message that I don’t wanna see stored in spam messages. Will be nice if an ignore action button can exclude this kind of messages by adding the relative request that generated this to an ignore list in the settings so next time messages like this are no more stored in the spam messages.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter peopleinside

    (@peopleinside)

    In less then 12 hours I have 10 spam message, many of this are just system message like the screenshot above. Seems also with the latest plugin version 3.0.6 I will still have system messages from Wordfence. In a day your plugin can register like 50 system spam messages and this looks to be an issue to me. I can disable spam message store to avoid this big storing of not useful messages but I’m sad to loose the possibility to have stored users spam messages.

    I imagine as solution a button to exclude those messages or a different folder and settings to store this settings messages and the possibility to not store them. I want have only comments or form spam submission stored, not system messages from plugins or login.

    I discovered also this plugin can show user password when they login, I was able to read my password in clear used for the login if message are stored. All this system message create a big not useful data stored in my production setup. Maybe useful if user need run a diagnosis for your plugin configurations but not useful in the normal use of the plugin.

    For now if I still get this large number of spam system message I need disable at all the spam message storage.

    Plugin Author Matthias Nordwig

    (@matthiasnordwig)

    Hi.

    The wordfence_syncAttackData should not occure with 3.0.6 anymore.

    The idea with the button is great I’ll implement that.

    For the password, I wonder how this works, as the plugin usually marks password fields and leave them out when a message is saved. The only way passwords should be logged is, when the login-area is attacked as in this case it is not possible to differentiate between a password field and an textfield on server-side. But if you have this problem, and you mean the WordPress-Login, you can you can just uncheck the option “Apply for WordPress-Login”.

    For the messages, you can uncheck the option “Save clean messages” as this is rather intended to be used for testing-purposes.

    Best regards,

    Matthias

    Plugin Author Matthias Nordwig

    (@matthiasnordwig)

    I’ve just added a button to whitelist unwanted spam-submission-types directly.

    But this will only work for ajax-calls that follow the WordPress-standard for now. I am thinking for a way to offer this function for non-ajax as well. But I need to think about that very carefully, as this may open the window for spam attacks

    Cheers

    Thread Starter peopleinside

    (@peopleinside)

    Good news thanks.
    I have many spam message from non-ajax that are system message so will be great when will find a solution. Not urgent, for now I disabled message storage ??

    Thanks again for your amazing support.

    Thread Starter peopleinside

    (@peopleinside)

    Much better now, enabled again message store seems with the integration of Wordfence is better I don’t have anymore spam message full and generated every minute. Great fix.

    Plugin Author Matthias Nordwig

    (@matthiasnordwig)

    Hi.

    I have released a new version with a less restrictive blocking for non-ajax-requests.

    Cheers, Matthias

    Plugin Author Matthias Nordwig

    (@matthiasnordwig)

    Hi again.

    As you requested this:

    1. You can now log the IP adresses. One more thing: The spam protection is running before the password check. Therefore, if an IP address is attacking your login page, it will not pass the spam protection as long it is processed by a bot. That means, even if it would guess a user/password combination correctly it wouldn’t recognize it
    2. The logging of passwords really happend and I’ve fixed it. I got the same issue reported from another user. It happened for nested fieldnames in the html-tag such as name=”test[password]”. Form builders like Elementor, or WPForms are using nested field names.

    Cheers, Matthias

    Thread Starter peopleinside

    (@peopleinside)

    Thanks for the update Matthias, I appreciate that.
    I will see if the new update will be better in any case now the plugin works well and I’m using ?? All updates really improved.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Spam message: will be possibile a better managment?’ is closed to new replies.