fjordkommission

Two days and no reply… Looks like the plugin has been abandoned.

Oh well, then I guess I’m going to look somewhere else. Uninstalling now.

Don’t bother replying, I won’t be using the plugin anymore.

Nachdem das Plugin nun wie beschrieben arbeitet, bleibt noch der Punkt offen, dass Cookies erst dann gesetzt werden dürfen, wenn der Besucher dies explizit gestattet hat.

Kann das Plugin das unterbinden, wenn die Website erstmals besucht wird?

Anyone?

OK, I entered a RegEx and a plain path in the AntiSpam settings. Like this:
/kontakt/?my-subject
{\/kontakt\/.my-subject=[\w\D]*}

In Traffic Inspector I have whitelisted the following two RegEx’s:
{\/.fbclid=[\d\w\-_]+}
{\/kontakt\/.my-subject=[\w\D]*}

I tested the RegEx with https://regex101.com and the expression covers the entire string, so I presume I wrote it correctly.

However, still the request to my contact form with the subject as URL parameter is being blocked.

How can I achieve this to get working?

@gioni Has there been a recent change to Traffic Inspector making it not accept the regex like described above?

OK, I thought that blacklisting was the consequence, not the cause…

Unfortunately the activity tab does not give a reason WHY it considered the access to the theme file a malicious request. Here’s what it says for the respective timestamp:

176.9.89.148 host76.checkdomain.de 14. M?rz 2019, 11:22
Malicious request denied IP blacklisted
URL: hundebetten.shop/

The IP address is the web server’s own address. After I whitelisted it I could edit the file as usual.

I’m having trouble with Traffic Inspector again, blocking access to my contact form with custom subject lines as URL parameter and clicks from Facebook with the fbclid URL parameter.

I copied and pasted the regex “{\/\?fbclid=[\d\w\-_]+}” as you suggested above, but cannot save this to the settings as Traffic Inspector says ‘You may not specify the query string with a question mark: {\/\?fbclid=[\d\w\-_]+}’

How can I express a regex that makes Traffic Inspector allow requests in the shape of

<my-domain>/?fbclid=IwAR0sivnz5goCqNIcnP5andRf3YOOcWTtrwFqvo6CUQEkD3GQx-NleWB47LE
or
<my-domain>/contact/?my-subject=Please%20help

I had to disable Traffic Inspector entirely again, after seeing several blocked attempts to use my contact form, and potentially losing customers by that. ??

Cheers,
Sascha

Hi,

if you only use a page builder it’s probably the issue. AFAIK the search field only shows in the Classic Editor.

When I use the Elementor page builder for example, there is no search field, either.

The workaround would be to use a separate page with the classic editor to get the shortcodes and then copy/paste them to your page builder.

HTH, cheers,
Sascha

@poro It’s probably the Traffic Inspector that thinks certain URL parameters are suspicious. I don’t run WooCommerce myself, but I could imagine that it makes use of URL parameters when performing a search or putting an item in the shopping cart.

In the settings for the Traffic Inspector you can define a regular expression, which whitelists certain parameters so that the requests won’t be blocked.

I had similar issues with traffic coming from Facebook where each URL on my website is added a tracking parameter “?fbclid=…” by Facebook. Traffic Inspector would block those requests, too.

Hope that helps,
Sascha

I will try the extended regex you suggested.

However, despite the less restrictive regex, Traffic Inspector would consistently block requests coming from facebook on another website I’m running. Complaints kept piling in so I had to disable Traffic Inspector entirely.

About the “unblocking specific IPs”: People (potential clients) who have been denied access because of the ?fbclid parameter are now blacklisted IPs. I presume that they cannot access the website in any way, anymore? Or what effect does the blacklist have?

Traffic Inspector has put a series of IP addresses on the blocked list because of false positives. Such as “uptimerobot.com”, which I mentioned before, and a few others. If I put those on the whitelist, will they be deleted from the blacklist?

Example:
[url=https://abload.de/image.php?img=operamomentaufnahme_24nfpu.png][img]https://abload.de/thumb/operamomentaufnahme_24nfpu.png[/img][/url]
(EDIT: inserting images here doesn’t seem to work. Try: https://abload.de/image.php?img=operamomentaufnahme_24nfpu.png)

Uptime Robot simply requests the home page of my website, without any additional parameters. It’s a plain and simple HTTP request (I would think), like any browser would see it. But still it got blocked. I don’t understand the mechanism and the reason for that.

Cheers,
Sascha

• This reply was modified 6 years ago by fjordkommission.
• This reply was modified 6 years ago by fjordkommission.

Also, I noticed that periodic requests by the monitoring tool “uptimerobot.com” that only open the root page of my website, without any parameters or requesting php files, are getting blocked by traffic inspector, too.

How would I whiteliste those? ??

Today I created a German translation and uploaded the .mo and .po files into the sub-folder “languages” of the plugin folder. I named them “wp-gdpr-compliance-de_DE.mo” and “wp-gdpr-compliance-de_DE.po”.

However, the e-mail that is being sent, as well as the labels on the website still have their old texts.

What else do I need to do to have the translation files take effect? ??

Thank you in advance,
Sascha

As I cannot edit my post above anymore: I would like to correct myself, it’s not a facebook pixel but an amazon tracking pixel. I was confused because of all the GDPR fuss lately.

Still: Is there any official statement or documentation on how to handle the plugin’s behaviour regarding the new legislation?
What type data is being processed when a user opens a page containing ads created by the plugin?
How do we have to inform the user about the usage of the data?
Will there be an opt-out feature so that a user can choose NOT to see ads and have their page visit tracked?

The GDPR should not be taken to lightly. Site owners can get in serious trouble with eager lawyers just waiting to find breaches and violations of the new laws.

The only alternative, right now, seems to be to NOT use the plugin until everything has been cleared up.

I second that. There should be an easy option to deactivate the facebook tracking pixel.

I don’t understand why there is a facebook pixel in the code, in the first place.