WordPress.org

Ready to get started?Download WordPress

Forums

Growmap Anti Spambot Plugin
SPAM Getting Through (31 posts)

  1. Patrick
    Member
    Posted 10 months ago #

    Also on 3.6.1

    Ive updated to the latest version and still about 200 SPAM comments per day are getting through, these are definitely not manual comments being made.

    I am experiencing the same thing on WP 3.6 on my other sites with all the latest version of GASP with various different themes and frameworks.

    I must say this plugin works great when it is working. For about 6 months everything was lock-tight, until one day it quit working.

    I even wrote a blog post about how much I love it and how well it filters SPAM.

    http://wordpress.org/plugins/growmap-anti-spambot-plugin/

  2. ViOnline
    Member
    Posted 10 months ago #

    I think the issue posted earlier
    http://wordpress.org/support/topic/help-my-site-is-once-again-beset-my-spam?replies=66
    is still not resolved.

    GASP is not stopping spam for a month already. Yes, it did decreased after last GASP update, but I was forced to switch back to Akismet on my blogs.

    I have blogs with different WP versions(3.4.2, 3.6.1), all with latest GASP (1.5.2), but all of them are spammed.

    Andy, let me know what details do you need to fix it.

  3. zadro
    Member
    Posted 10 months ago #

    I agree that a new thread is needed because it's still not working to block spam after the most recent release.

    All cache plugins have been cleared and secret key is active.

    What now? Thanks.

  4. Andy Bailey
    Member
    Plugin Author

    Posted 10 months ago #

    I think perhaps there maybe a vulnerability if you're getting 200 spam a day because GASP only allows 3 comments in moderation so if the comments are being submitted normally it wont allow 200 in one day from the same person.

    I recommend that you do a security check on your sites

    I've been running it on one of my high visibility sites that used to get a huge amount of spam and it has dropped that down dramatically. That site has no extra plugins and is working on a default theme after a timthumb vulnerability was found on the premium theme it was using

  5. ViOnline
    Member
    Posted 10 months ago #

    Andy,
    I checked smaller website with default (Twenty Twelve) WP theme and all spam submitted by robots as I couldn't find any of their IPs in my stat analytics.
    Before August I wasn't using Akismet on that site and GASP was doing excellent job, but not any more.

    I'll try to turn off all other plugins. I am not not using many on this site, but just in case.

  6. Andy Bailey
    Member
    Plugin Author

    Posted 10 months ago #

    hmm ok.. perhaps I can add some stuff to the plugin to log some things like referrer and time of comment etc so I can see how this is happening..

    it certainly feels like a vulnerability in wordpress if so many people are suddenly reporting the same problem at the same time

    leave it with me and I'll see what I can add to the plugin

  7. Dave
    Member
    Posted 8 months ago #

    Yep, unfortunately since the last update spam has resumed again. Some of it seems bot like as well with insane text or just characters.

  8. Andy Bailey
    Member
    Plugin Author

    Posted 8 months ago #

    have you tried setting GASP to deny the comment instead of send it to moderation?

  9. Dave
    Member
    Posted 8 months ago #

    I don't see that option anywhere Andy. Closest I can find is "Where to send suspicious comments?"

  10. Andy Bailey
    Member
    Plugin Author

    Posted 8 months ago #

    yes that is the one. use the drop down box to select 'spam' and save settings so suspicious comments are sent to spam and you don't have to moderate them

  11. Dave
    Member
    Posted 8 months ago #

    Thanks Andy.

  12. FireMyst
    Member
    Posted 8 months ago #

    TOday I've had several SPAM comments come through on my "About Me" page and "blogs" page:

    http://blogs.davelozinski.com/about-me

    and
    http://blogs.davelozinski.com/blogs

    Is this a bug? The result of the new WordPress release? Something else?

    Thanks!

  13. FireMyst
    Member
    Posted 8 months ago #

    PS: as a follow up to my previous comment, the spam doesn't seem to be coming through on blog "posts", only "pages".

    At least, not yet.

  14. FireMyst
    Member
    Posted 8 months ago #

    Looks like there's hard coded version numbers in the code. Or bug? :-)

    I'm using WordPress 3.7.1.

    On my plugin page is says it's using GASP "Version 1.5.4 ". However, when I click on "settings" for the plugin it says, "Version 1.5.2 GASP has caught this many bot comments : 0"

    I've never had a version of GASP prior to 1.5.4, so don't know why it would say version 1.5.2?

  15. Tippy
    Member
    Posted 8 months ago #

    I was gonna try this plugin but why should I. After reading these problems , who needs them. I was using Block Spam By Math Reloaded, and will continue. All the junk goes to the spam folder. WP Optimize clears the spam folder weekly.

  16. Dave
    Member
    Posted 8 months ago #

    Andy, spam's flying in again mate.

  17. Andy Bailey
    Member
    Plugin Author

    Posted 8 months ago #

    there must be something else going on with your site then because there are literally thousands of blogs with this plugin and they're all not reporting this so perhaps there is a vulnerability in your theme (like the timthumb vulnerability) or another plugin is putting a back door in

    every blog gets spam.. if you let in spam previously then you're marked as someone who gives backlinks so you'll get more spam

    the plugin helps to prevent spam and detect it, set your settings to send suspicious comments to spam and you wont have to moderate them and eventually the bots will see you don't give links and make sure you're using the latest version so comments awaiting moderation don't show links

  18. Permasolutions
    Member
    Posted 8 months ago #

    Hi Andy

    It might be a matter of people not bothering to report it to you, I don't know, but I can confirm the same issue. I'm running the latest version of WordPress (3.7.1) and the latest version of GASP (1.5.4) and I also still get about 300 or 400 or so automated spam comments per day. I've used GASP for only about a month, and from reading the reviews I anticipated a drop to zero spam comments, or close to that, but alas they continue. It's perhaps a half, or a third of what I used to get, but still they come. Site: http://www.permaculturenews.org

  19. FireMyst
    Member
    Posted 8 months ago #

    Andy:

    Yeah, same thing as Permasolutions. Everything was fine when I had WordPress 3.6.xxx. As soon as I upgraded to 3.7.1 the spam started again. Most major sites aren't going to upgrade to 3.7.1 right away, so that might be why you're not receiving a lot of people reporting issues either.

    Now while you can just "brush off" these reports as nothing wrong, so far you have at least two users who upgraded WordPress to 3.7.1 from an earlier version and are now reporting issues with spam coming through. To me that would raise a flag that maybe as a developer I would want to upgrade a site to 3.7.1 and see what happens.

    Anyway, here are my settings as a reference:
    * Checkbox Label: Check to verify you are NOT a spammer
    * Checkbox Name: cl_check_568
    * Secret Key: Use secret key? (is ticked)
    * Allow Trackbacks?: (unticked)
    * The user forgot to check the checkbox: Please check the box to confirm that you are NOT a spammer
    * The user does not have javascript enabled: You may have disabled javascript. Please enable javascript before leaving a comment on this site.
    * The form has a hidden field added with a labe...: You appear to be a spambot. Contact admin another way if you feel this message is in error
    * User refer check?: YES
    * Maximum comments in moderation?: DISABLED
    * Maximum number of URLs allowed in comment text: 0
    * Maximum number of words allowed in name field: 0
    * Where to send suspicious comments?: PENDING

    I also do not have any cache plugins.

    Thank you.

    PS: Andy: you also never responded to the bug report below:


    On my plugin page is says it's using GASP "Version 1.5.4 ". However, when I click on "settings" for the plugin it says, "Version 1.5.2 GASP has caught this many bot comments : 0"

    I've never had a version of GASP prior to 1.5.4, so don't know why it would say version 1.5.2?

    ???

  20. jhmattern
    Member
    Posted 8 months ago #

    I'm having the same issue. This was a problem with 3.6 before the last update. And when I upgraded to 3.7.1, the spam floodgates seemed to open again. I'm getting hundreds through, and almost nothing is being sent directly to the spam folder (and that's where my GASP settings are telling suspicious emails to go).

    This worked just fine with my previous plugin line-up. The only new plugin I'm using is a match captcha plugin, and that was put in after GASP started letting a ton of spam through to try to minimize the problem. I've since disabled the captcha for everything but the registration form as spam seems to have picked up there significantly too lately. Spam is getting through on multiple sites using this plugin -- I've noticed it on at least three of my own, although I haven't dug into the rest of them yet. All of their plugin line-ups are different, and I tested two sites with nothing else enabled, so it doesn't appear to be a plugin conflict. All of those sites are on 3.7.1 now. I'm hesitant to update the rest of my installations.

    On my main site as an example (although settings are different on each), the secret key is on, trackbacks are off, user refer check is on, it's set to 3 maximum comments in moderation, and it's set to send suspicious comments to spam (although it doesn't appear to be doing that).

    I also have CommentLuv enabled on that site if that matters in any way.

  21. FireMyst
    Member
    Posted 8 months ago #

    Hey all:

    Shortly after my last post I deactivated the GrowMap plugin and installed the "HumanCaptcha" plug-in; the spam count for both comments and user registration on my sites has dropped to zero.

    For those in a bind, here's a link to the plugin which after a few days is working fabulously for me:
    http://wordpress.org/plugins/humancaptcha/

  22. Andy Bailey
    Member
    Plugin Author

    Posted 8 months ago #

    are they spam comments or spam trackbacks? (trackbacks aren't tracked by gasp)

    I've had numerous reports of users who say they're being spammed and gasp is not catching it only to find it is not comment spam but actually trackback spam

    you can tell it is a trackback if it does not have an email address showing on the comment in your dashboard

    @permasolutions

    is it possible to show screenshots of 300 or 400 spam comments in a day?

    even without gasp and commentluv not running, I don't get that on a very big site with tens of thousands of hits so it appears that it must be something else causing this on your site

    ---

    if this is happening with blogs that upgraded to 3.7.1 from 3.6 then perhaps it is a wordpress thing that is bypassing gasp?

    if the same plugin is being used on 3.6 and 3.7.1 and you're only getting spam on 3.7.1 then the finger is pointing at wordpress

    I'm sorry I can't help more. WordPress is a complex piece of code and literally every blog is different so perhaps something changed in 3.7 that allows spammers to bypass the normal actions that wordpress uses and GASP listens to?

  23. justatest47
    Member
    Posted 8 months ago #

    Andy, could you please take a look at my problem?

    GASP checkbox and text are misaligned and they show up somewhere in the right. I have no idea why. First I've suspected the Subscribe to Comments plugin is conflicting with GASP which also uses a checkbox (the checkbox with "Notify me of followup comments via e-mail"). So I disabled "Subscribe to Comments" but that didn't fix the problem.

    I tried other ways to fix but nothing worked. How can I fix this issue? Which GASP file do I have to edit and what do I need to do?

    I have attached a screenshot so you can see what I'm talking about:

    http://img834.imageshack.us/img834/1806/o2r8.jpg

  24. esmi
    Forum Moderator
    Posted 8 months ago #

    @justatest47: It is considered impolite to interrupt another poster's ongoing thread unless you are posting a solution or suggestion. It causes significant problems for the forum's volunteers and prevents us from being able to track issues by topic. Please post your own topic.

  25. Permasolutions
    Member
    Posted 8 months ago #

    Hi Andy

    The spam comments I'm getting are definitely not trackbacks.

    In regards to how many I get a day, I only guessed at about 300-400 per day. The reason it was just a guess is because I empty the spam comments folder about 10 times per day (while I'm moderating legitimate comments), so I wasn't clear on the total for a 24 hour period. But, after I made the comment above, I found that the amount of spam is actually a lot higher - as after a lazy Saturday I had over 1000 comments in a 24 hour period.

    Back to today: I had cleared the spam folder just before getting notification of your above comment. Here's a screenshot from only 20 minutes or so after clearing the spam folder (you'll see that after only 20 minutes I already have 21 spam comments):

    http://www.permaculturenews.org/temp_screenshots/spam_comments.jpg

    Not sure what else to tell you, except that I'm running the latest WordPress, with the bootstrap theme.

    I'll just keep clearing the spam folder I guess. :)

  26. Dave
    Member
    Posted 8 months ago #

    Andy,

    I'm following up here. I deactivated GASP about two weeks ago as just like everyone else here I've been inundated with spam.

    Strange thing is with GASP deactivated suddenly the spam slowed down to a bare crawl.

    I activated GASP again and it shot up. Deactivated and the spam virtually stopped.

    As I've been using GASP for years it's a shame to see this happen. There's no theme conflict unless your last couple of updates would have changed that. Likewise other plugins. Just like everyone else this all started with the last big WP upgrade.

    For now my spam issue is under control as I don't have GASP activated.
    I hope this helps you in fixing this plugin. And if not then maybe others reading here can try similar things or alternative solutions if GASP is not working for them.

  27. notevenwrong
    Member
    Posted 7 months ago #

    About two months ago spam started getting through GASP on my site (it had been working wonderfully until then). The amounts getting through have gotten larger and larger (over the past day or so, over 2000). I suppose this could have something to do with a wordpress update, but I doubt it. It seems very clear that someone out there has written a GASP-aware bot that can get around it. I'm willing to help look into this, I control completely the web-server being used. From the logs, nothing looks unusual to me, a typical spam comment that bypasses GASP just looks like

    222.77.225.122 - - [22/Dec/2013:17:17:31 -0500] "POST /~woit/wordpress/wp-comments-post.php HTTP/1.1" 302 - "http://www.math.columbia.edu/~woit/wordpress/?p=6476/" "Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0"

  28. jhmattern
    Member
    Posted 6 months ago #

    I finally deleted GASP on my blogs, and the problem resolved immediately. So if there isn't a problem with the plugin itself, then it does look like spammers found a way to target it and get past the spam filters. So for those getting slammed with hundreds of spam comments a day like I was, your only option seems to be deleting the plugin, at least temporarily.

  29. handig
    Member
    Posted 6 months ago #

    Hi,
    I had the same problem, but I think I found out why SPAM was getting through.

    I think spammers found a way to use the trackbacks. So I disabled trackbacks and the flood of spam diminished. Go to Options > Discussion panel to disable trackbacks on future posts.

    For existing posts Go to Edit posts and uncheck Allow Pings from the Write Post SubPanel.

    Hope this helps and Andy thanks a lot for making this great plugin. It still works great for me with this settings for trackbacks.

  30. jhmattern
    Member
    Posted 6 months ago #

    handig, I don't think that was the issue. I had trackbacks off on multiple blogs when trying to troubleshoot this. And I was getting hundreds of spam comments in my queue every day with this plugin installed. It didn't matter if the blog had a few thousand posts, a few hundred, or a few dozen. Spam comments were in the hundreds regardless. And it all stopped the moment the plugin was deleted. It seems pretty clear that someone figured out a way to target users of this plugin.

    I can't explain why all sites using it weren't hit. Perhaps the spammers are targeting only blogs with several factors -- like the plugin being installed plus a certain Pagerank. Only my oldest, highest pagerank sites were being slammed (in different hosting accounts too, so it wasn't an issue on my server letting them in). All sites hit were several years old and had a Pagerank of at least 3. That's the only similarity other than the plugin that I could find. Newer and smaller blogs didn't have the problem.

    Even if it were an issue of trackbacks, spam wasn't coming through on other blogs with trackbacks enabled. The plugin shouldn't be doing anything that makes trackbacks more susceptible to spam. While I'm not sure exactly what the problem is, it really does need to be looked into, especially given how long people have been pointing out these problems.

Reply »

You must log in to post.

About this Plugin

About this Topic