NSQRT

Much appreciated, @programmerbear!

I had a couple of attacks again over the weekend. The IPs are the same than you had noted on your blog, by the way.

Is there a way to use invisible ReCaptcha with MailPoet? My attempt to implement it has failed.

Even if that is the goal, I have seen no confirmation from MailPoet that v3 is not affected by this issue.

I’m still having fake signup attempts and various direct accesses to admin-ajax.php.

Any suggestions?

Hi,

@jiks – thanks a lot for notifying me on this, this issue has been causing a lot of problems for me as well, resulting in the hosting service shutting down the accounts where the plugin was running and in the server IPs getting blacklisted due to the spam caused (this has affected at least two of the sites where MailPoet is installed).

I first had this problem much earlier, going back to at least January 2018, and there is an initial report on the forums about this going back 5 months or so. I was running an earlier version of MailPoet 2 at the time and updating it to a more recent version (2.8.1, I believe) at least seemed to fix the issue for a while but it has come back again in full force in recent weeks. The more recent attacks seem to be less intensive and subscription requests take place every two minutes or so, whereas earlier there would be a flood of tenths of subscriptions within one or two minutes. Probably the IP based throttling is what is preventing the more massive attack.

I know you’re no longer providing support for version 2 yet it would be appreciated if @wysija could advise on the following:

– I have selected ‘Invisible reCAPTCHA’ when signing up, yet after I enable reCaptcha on the site and added the Site and Secret keys I got, I still see the reCAPTCHA form. Is this expected?

– Does changing to MailPoet 3 solve any of the above (that is, prevent mass subscription attacks or use Invisible reCAPTCHA properly)?

Kudos in the meantime to @programmerbear for the workarounds, too.

Thank you,
JM

@agilityjeff did you ever find a solution for this at all?

Thanks for the input

Yes, I have noticed several hits on that file on my log files as well yet I am still to find any solutions or proper help online which is strange given our widely the plugin is used.

I agree that the Captcha solution is horrible for a layout, for sure.

Have you tried Invisible Captcha when you generated the Site / Secret keys, just out of curiosity?

Hi,

I am having similar issues.

Can anyone confirm the following:
– does 2.8.1 prevent this kind of attack, even WITHOUT enabling reCAPTCHA?
– I have selected ‘Invisible reCAPTCHA’ when signing up, yet after I enable reCaptcha on the site and added the Site and Secret keys I got, I still see the reCAPTCHA form. Is this expected?
– does changing to MailPoet 3 solve any of the above (that is, prevent mass subscription attacks or use Invisible reCAPTCHA properly)?

Thank you.
JM

Hi,

I have double sign-in enabled for my newsletter subscriptions, and just updated MailPoet to 2.8.1 following mass subscriptions from the same email address which generated several hundred activation confirmation emails and lead to my account getting suspended for spamming by my hosting company.

Can anyone confirm the following:
– does 2.8.1 prevent this kind of attack, even WITHOUT enabling reCAPTCHA?
– I have selected ‘Invisible reCAPTCHA’ when signing up, yet after I enable reCaptcha on the site and added the Site and Secret keys I got, I still see the reCAPTCHA form. Is this expected?
– does changing to MailPoet 3 solve any of the above (that is, prevent mass subscription attacks or use Invisible reCAPTCHA properly)?

Thank you,
JM