Weird Email-subscribers

I started seeing similar entries today, all sent to russian email adresses. A quick fix to combat these emails would be to limit the length of the “Name” field, and perhaps also check if there is an URL in the name.

A captcha verification before allowing the registration to occur could be another way.

Perhaps the developer can implement something like this?

I have disabled the plugin on my site till a fix can be put in place.

Me to have this problem.
I hide the subscription form from main page but problem not resolved
Deactivate temporary plugin.

We have the same problem.
An Update on the Plugin would be great with adjustable Settings:
– length of mailadress
– length of Name
– Domain filter (for example *.ru)

Same problem here – will deactivate plugin.

Good suggestions by ‘servicedeskpronovo’

Hoping for a fix soon ??

We also have the same issue now.Getting lot of spam mails like mail.ru, list.ru, inbox.ru.

Please fix this issue as soon as possible, else provide a solution for this.

• This reply was modified 6 years, 8 months ago by gopiakshay.

Same problem here. (French site)

I received only one notification for a new user, but then there were dozens of new users from domains mail.ru list.ru and so on…

I disabled the registration widget, but new users continue to appear.

I created a new group to replace the “Public” group of my regular subscribers (default group from the form), then I deleted everyone in the “Public” group (which also deleted the group), and even redefined the “default” group in the disabled widget.
The new users continue to flow in the “Public” group (which is recreated then).
I think the spammer(s) have memorized the registration URL, which continues to work, even if the widget is disabled.

At least now I can delete any user from the “Public” group without thinking…

I think it would be useful to have an option to forbid any new registration.
My site is a golf school website, and we don’t really need an audience outside the school members, which I register myself, as the administrator. For this kind of use, I think an option to forbid new subscripion will prevent this kind of spamming.

Of course the domain filter, and size limits, as suggested above, would also be very useful.

Good luck to fix this and thank you for this extension, which, up to last week, was doing its job perfectly ??

same is true for my site radundfuss.net. And these are all ru-domains (mail.ru, list.ru, bk.ru). I use double-opt-in, so I can delete all unconfirmed requests of these domains, which of course is manually work every day. So I would also prefer to set a filter like allready proposed by servicedeskpronovo.

Besides that I love this plugin!

Yes. Same problem here. Just in the last couple of days.

This is illegal:

———–

You are receiving this email because you are subscribed to a plugin.

Login and visit the topic to unsubscribe from these emails.

I want to unsubscribe to your crap. But how?

The same situation. I turned off the plugin temporally.
In fact, it seems some vulnerability let spammers to use the plugin for their black business. Subjects of conforming letters look like fishing, and I believe the content is corresponding.

@njjose @arishai @haagamble @ureir @gopiakshay @olliemax @sapozhnik @thnilsen @njjose

Kindly ensure that the Double Opt-in feature is turned on.
Also, make sure you take an export of your subscriber’s list regularly.
About the name fields and email filter, I have taken a note of it and we would surely think on this and we would surely think on this.

Do let me know your views on the same.

I have checked: Double Opt-in is turned on.
When “Spamer” use form of subscription, he paste full text of spam-message in field NAME.
In field “email” he paste real email of user

User receiving email “approving of subscription”
Text:
Hello, [instead of name we can see full spam-message]
….

We should check Name:
* max three words
* don’t contain email
* don’t contain link
….

Video of Example
https://drive.google.com/uc?id=1IWiIhtN1kllV_nRku3H9RddUZDCfA7re

I’ve turned on the double opt-in and removed any {{NAME}} field from the confirmation request message.

At least spammer can no longer use my site for their business…

Same problem on my site. All efforts to stop the spam have been unsuccessful.

I have removed the registration form on my site by removing the widget and pages with the shortcode. There is currently no possibility to see a registration form, but I still see new subscribers with *.ru domain appearing about every 15 minutes. I have spent hours trying to track them down but it seems they’re using a back door to register new users. I have to conclude there’s a vulnerability with the the plugin.

My next step is to turn it off completely until a solution is found.

Same issue here. Even double opt-in is not helpful. A re-captcha in subscription form seems a must.