csmicfool

Hi Bookmonster,

I tested the domain above against both grubdujour.com and https://www.grubdujour.com which worked as expected and was blocked.

However, I see that if we use an IDN to ASCII conversion, which is what happens in some browsers when UTF8-based languages such as those with cyrillic character – the spam is getting through.

The ASCII version of that domain is “xn--q1a.xn--b1aube0e.xn--c1acygb.xn--p1ai”

I will work on an update today and over the weekend which should ensure better matching for both the IDN and ASCII versions of the hostname so that these spammers are more effectively blocked.

Are you seeing any spam sneak through on English-character domains?

Thanks!

Hello,

I’ve tested the domains traffic2cash.xyz and share-buttons.xyz against both your domain and my own.

I was seeing that all tests were properly blocked on both sites. I will investigate further and provide an update today or over the weekend.

Thanks!

Hello,

Every domain in the list should be blocked immediately after being added. If you are using a CDN, varnish, or other type caching, it’s still possible for spammers to load cached content from their nearest proxy. The same can be true for RUM as both are dependent on client-side javascript execution. However, I take these reports very seriously and will investigate.

Can you please let me know the specific domain(s) you’re seeing in analytics as well as the version number of the plugin you currently have installed.

I will test against my own sites with the information you provide. If you’re willing to provide your own domain I will test against yours as well. Testing is a harmless process where I spoof a referrer and test to ensure that requests are properly blocked.

Thanks!

Hi Harley,

Good questions!

First, yes – when you add domains to the list with the “allow data sharing” option enabled, it will submit your additional domains to our servers in order to be reviewed for inclusion in the master list. Not all new domains are added to the master list, but all are reviewed. Those deemed appropriate are included in future releases. On average, users are submitting approximately 5-6 new hosts per day. About 80% of them are included in later updates.

Prior to version 1.0, your edits were respected because refreshing the list was a manual (“dumb”) process. Since 1.0 has been released the list update function now merges your custom additions with the core list during updates.

Please let me know if you have any extra questions – I’m happy to answer them for you.

-Jacob

Hi Dave,

I noticed you’ve not had a chance to respond. The best way to correct the problem is to use FTP or control panel to delete or upgrade the plugin.

Starting from the wordpress directory on your server you will need to locate the folder named “custom-referral-spam-blocker” which should be inside of “wp-content/plugins/”.

You can either download version 1.0.3 and overwrite the exsting files in wp-content/plugins/custom-referral-spam-blocker/ or delete the custom-referral-spam-blocker folder.

Please let me know where your website is hosted and what access you have available if you need further assistance.

Best Regards,
Jacob

La Juana,

I appreciate your patience, feedback and confirmation.

Again, I’m terribly sorry for the inconvenience.

Best of luck!

-Jacob

La Juana,

I’ve just pushed version 1.0.3 as well. This adds specific code which will reduce the likelihood of false matches from the list as well as ensure that there will not be redirect loops even if your own domain does get added to the list.

Please let me know how this update works on your end.

Thanks,
Jacob

Hi La Juana,

I’ve double-checked this a couple of times but I want to make sure this is solved for you.

Although I cannot reproduce it locally I saw one possible source of the problem and made a new patch (version 1.0.2).

Would you please try once more and let me know if this successfully resolves the problem for you?

Sorry for the inconvenience.

Where is your website hosted? Do you have FTP or control panel access?

Hi Dave,

Again, I apologize for the trouble you’ve experienced. I’ve just tested and uploaded a new version of the plugin which eliminates this bug.

I would like to continue to offer my support in resolving the problem and hope that you will reconsider your rating of the plugin upon successful resolution.

Thank you for your patience.

Hello,

I’ve just uploaded version 1.0.1 which resolves this infinite redirect loop. I apologize for the trouble you’ve experienced.

I understand that you may be locked out from your wordpress dashboard. I can help provide assistance uploading the new version, or uninstalling the plugin, to resolve the problem.

Best Regards,
Jacob

lajuana,

I’ve just committed version 1.0.1 which has a bug fix for the problem you’ve described.

The redirect loop was occurring under conditions where the block list was loading up blank values which caused a global match of any domain name on affected systems.

I would appreciate if you would please give my plugin one more test using the newest version (1.0.1) and provide me with any feedback you may have. If you feel the plugin is working properly and is suitable to your needs I would appreciate it if you would please revise your rating based on the successful resolution.

Update:

I’m now able to reliably reproduce the bug and should have a fix posted within the next 1-2 hours.

I appreciate your patience and hope that you will reconsider your feedback once this issue has been resolved.

lajuana – I see your domain was in your initial feedback. I’m testing for a resolution now. Appreciate your patience.

Hi lajuana,

Sorry for the trouble. Can you please send me your domain name so I can run some tests. This was reported by one other user since the update I released yesterday and I’m working to pinpoint the issue.

My goal is to resolve this as quickly as possible.