WordPress.org

Ready to get started?Download WordPress

Forums

WordPress-to-lead for Salesforce CRM
[resolved] SPAM issue (12 posts)

  1. kozza42
    Member
    Posted 8 months ago #

    Overnight about 3 weeks ago I started receiving a lot of spam. This plugin stopped it all a while back, but all of a sudden it has started again. Any ideas on what I can do to stop it? I've got the captcha working and everything, but I'm still getting spam.

    Thanks

    http://wordpress.org/plugins/salesforce-wordpress-to-lead/

  2. Nick Ciske
    Member
    Plugin Author

    Posted 8 months ago #

    I'd need to know more about the spam:

    You're seeing it in salesforce?
    In the admin notification emails?
    Both?

    The same spammer/content or does it vary?

    Can I see some of the spam records?

    Did anything else change around the same time?
    e.g. did you install or update other plugins, change themes, etc?

  3. kozza42
    Member
    Posted 8 months ago #

    Hi Nick,

    I'm seeing it in Salesforce, and getting admin notifications as well. All of the spam is different.

    The only thing that I did around the same time is update Contact form 7.

    I will post some records when I get a chance, probably tomorrow need to find the login details.

    We were getting spam for a while before I configured this plugin, and then all the spam stopped. It was going great! And then, it started again.

    Thanks for your help so far!

  4. Nick Ciske
    Member
    Plugin Author

    Posted 8 months ago #

    Can I see:

    The form this is happening on?

    A few of the spam emails?
    http://ThoughtRefinery.com/contact

  5. kozza42
    Member
    Posted 8 months ago #

    Do you need a log in? or just want to see the site?

  6. Nick Ciske
    Member
    Plugin Author

    Posted 8 months ago #

    Let's start with a link to the form getting the spam and a few examples and go from there.

  7. kozza42
    Member
    Posted 8 months ago #

    ok... :)

    The link is: eMoney

    If you click "Enquire now" in the top right corner, it'll come up, OR if you hover over "Contact Us" it'll come up too.

    I'm still trying to get the log in for salesforce from the boss, but I'll email them to you direct.

    Thanks.

  8. kozza42
    Member
    Posted 8 months ago #

    Hi Nick,

    Apparently no one can find the emails that get sent. Saleforce themselves looked at the code and said that we're being compromised because of the source code. They said that the capture is able to be seen in the source code, so it's easy to get spam that way. Is there any way to hide that?

    Also is there a way to make the form into 2 columns?

    Thanks

  9. Nick Ciske
    Member
    Plugin Author

    Posted 8 months ago #

    Hmmm... I wonder if they are spamming the Salesforce API directly? That would explain the lack of emails from the plugin. How they got your Org ID is a mystery though.

    Salesforce themselves looked at the code and said that we're being compromised because of the source code. They said that the capture is able to be seen in the source code...

    The captcha value is never output in the source code... the value is one way hashed to insure that a spammer cannot see it... if they think there's a vulnerability there I'd love more information on how they think spammers are cracking/seeing it.

    RE: 2 Columns
    I the latest version, yes, you can use custom CSS to do so using the divs each field is wrapped in, but it's not a simple matter...

  10. kozza42
    Member
    Posted 8 months ago #

    Hey Nick,

    Just curious, Salesforce sent me a link that should be able to fix the issue (according to them).

    Do you think that would work? and could you let me know how to set it up if it might?

    Thanks for all your help.

  11. Nick Ciske
    Member
    Plugin Author

    Posted 8 months ago #

    The plugin itself already has that feature (and the captcha is even stronger protection), but it can't protect you if the submissions are going to Salesforce directly (as they seem to believe?) as that bypasses the plugin completely.

    In this case, you could simply add a custom field in SF and a hidden field in your form, called, say, LeadFromWebsite__c or something, set it to Yes, then 'filter out' any lead submissions that don't have that field set to the expected value.

    Or use the existing Lead Source field -- which is always set and passed by the plugin. Set it to something unlikely to be submitted by a spam bot, then validate against that field.

  12. Nick Ciske
    Member
    Plugin Author

    Posted 7 months ago #

    Did you ever get this figured out?

Reply

You must log in to post.

About this Plugin

About this Topic

Tags