Weird Email-subscribers

@andrewmperryman
Could you link to the plugin you are referring to?

Are you saying you are not getting these russian sign ups?

We did some of the listed things but they just keep on coming!

There are 2 Disable XML-RPC plugins in the repository, which one?
thanks

Disable XML-RPC

by Philip Erb

But I think the other does the same too..

I also have this problem and installed the plugin ‘WordFence’ as I thought it might fix it for me. While not directly stopping it (I tried blocking IP’s and IP ranges, but no IP repeats the sign-up), I discovered a few commonalities about the bots.

1) They all call on a certain ‘page’ or ‘function’ (I’m no programmer so don’t know, and I won’t list it here). This call is somehow inserting the spam email address and name. This is why removing the plug-in from the webpages still results in spam as this element is still ‘live’, only when the plugin is disabled does spam stop.

2) So far, the bots inserting email/names all have the same ‘browser user agent’. None of the humans visiting my site have the same user agent value as the bots.

3) There is different bot attempt to inject the email/name direct into the fields, but this is not resulting in new registered spam addresses. I guess this type of attack is fixed?

To try and stop it, I used the WordFence Firewall Blocking page with a certain string match for ‘User Agent’ to filter out these bots. It has been running for 12 hours and I have no new .ru email subscribers.

Strangely, WordFence does not report any blocked bots so far, which means either I have not been targeted since, or WordFence is working but not reporting the blocks.

@andrewmperryman and @sea-intake

Thank you for all your suggestions.
As of now we are working on the fixing of the issue.
We are almost there and testing this on our local environment.
If all goes well we will release the new version of Email Subscribers and Email Subscribers – Group Selector on Monday(2nd April 2018).

Thank you all for your patience.

I am curious as to whether the PRO version is also having the same issue?

@dragonsjaw

Did disabling XML RPC help stop your spam?

Good question about the PRO version too.. ??

I deactivated the plugin. I am hoping Icegram is correct and that they will have fix by Monday.
I did not want to disable XML RPC as this is a news site and soemtimes stringers may be using some sort of remote posting.

When it is fixed, it will be a good time for us to implement the groups plugin and sign people up for the specific category they want..thanks again for the help with that.

An update on the WordFence work-around I posted: still no new .ru signups since applying the filter 36 hours ago.

Looking forward to the proper fix in a few days. Thanks!

All,@dragonsjaw,

Just for interest, you can still use remote posting (post via email etc) after disabling, closing XML-rpc is good security practice, reducing risk if this functionality is not being used. No config is required,

Wordfence does the same thing.

Looking forward to a fix & update in readiness for the european GDPR law change this May 25th for both plugins too..

@andrewperryman
Once again, thank you for that info.

I will implement that plugin for closing XML-rpc

@icegram
Any news on the fixed version being released today?

By the way: has anyone tried any captcha-plugins? Will it be part of the icegram-solution? Or may be as an add-on?

For me, this started a few weeks ago. My workaround consists of deactivating the email subscribers & newsletters plugin, reactivating it only when posting a new blog and then deactivating it immediately afterwards. So it is open for 2 to 3 minutes max during which the post notice goes out and at most only one bot mail enters.

Unfortunately, this workaround disallows new subscription requests. To handle those, I added a text widget that tells interested people to send me an email requesting that I add them to the subscribers’ list which I do manually. It’s not good, but so far it has worked OK.

I am still looking for a better way to solve this problem and I hope the developers come up with one soon.

Was hoping the update for the plug would of been today had this problem for a week now.