Support » Plugin: Constant Contact Forms » Receiving Spam signups, despite having Recaptcha?

  • Resolved emmanade

    (@emmanade)


    Hi,

    I installed the Constant Contact forms plugin recently, and included the Recaptcha codes. Over the past few days (since Friday June 16), I have been receiving many (35+) spam email signups where the first / last name is just a string of numbers. The traffic stats do not match the number of email signups (5 views, 1 visitor, 25+ email signups).
    Most of the spams are not updating to the Constant Contact list, which is good, however I would like to know how to stop this from happening. (Isn’t that what Recaptcha is for??)

    Thanks for any help!
    Emma

Viewing 12 replies - 1 through 12 (of 12 total)
  • Michael Beckwith

    (@tw2113)

    The BenchPresser

    Hrmm, not sure what exactly may be going on at the moment.

    Do you have a link to the website/page that is housing the form?

    I know I was looking over the reCAPTCHA docs heavily when we were adding the feature, and I hope we implemented correctly.

    Hi Michael,

    Thanks for the prompt reply. I have the form on a sidebar widget, which appears on each page of my site.
    http://www.emmanadecrafts.com/

    Emma

    In support of this (not meaning to hijack EMmanade’s thread), I am experiencing the same thing – I reported it at https://wordpress.org/support/topic/spam-comments-40/ by reopening the support case.

    Thanks.

    Michael Beckwith

    (@tw2113)

    The BenchPresser

    Not seeing anything obviously wrong with the setup, and if you’re getting the “i am human” checkbox as a whole, then I’m sure you have your keys properly set. Leaves me wondering if they’re somehow presently “trusted” by Google itself. I don’t really know how things work on Google’s end here.

    We do have a honeypot field by default now too, but apparently it’s getting through that as well, which is maddening and frustrating for everyone involved.

    I am presently further brainstorming on what we can do to help avoid the topic for everyone who is using the plugin. Ideally, my head says the more we can do automatically, the better for our users who simply don’t have to do anything and reap all the benefits.

    Sean

    (@designicu_org)

    Just want to add a report of similar behavior on a site I manage http://stoneridgelibrary.org/

    One issue is that you can only have one captcha per page. So if you have a form in the main content area of a page, and another in the sidebar, only one of them will get the captcha — leaving the other exposed/open for the bots to pummel.

    However, I have closed this loophole on this site and I’m still getting some spam coming through…

    Subject: Great News: You just captured a new visitor submission

    Congratulations! Your Constant Contact Forms plugin has successfully captured new information:
    Email: [redacted]@verizon.net
    First Name: 595291fd44bd4
    Last Name: 595291fd44ced

    One thing that would of great help would be if the plugin could send the URL of the submitting page as part of the email. A form can be used in multiple places on a site via a shortcode and it’s hard to be sure you’ve caught them all. Having the URL where the submission originated would be so helpful for debugging.

    Thanks,

    Sean

    Sean O’Dwyer
    [personal contact info redacted]

    • This reply was modified 2 years, 1 month ago by  Steve Stern.
    Plugin Author Constant Contact

    (@constantcontact)

    Released version 1.3.2 with some extra timer-based spam prevention. Hopefully this takes out a lot of lingering spam getting through.

    If anyone can confirm seeing a drop in results after updating, I’d love to hear about it.

    Does the plugin require that recaptcha and opt-in be used? It seems like I have received an increase in emails telling me people have signed up but the number of emails is significantly less than the number that gets to my Constant Contact list. I don’t use recaptcha or opt-in as I have the signup on the footer of my website as a quick feature.
    https://TheBizPalCompany.com

    The message subject is “Congratulations! Your Constant Contact Forms plugin has successfully captured.” whereas I set my plugin success message is “Your information has been submitted” and I send visitors to special Thank you Page. Google Analytics shows 4 hits to my personalized thank you page since Nov 1 2017 and my list has 5 new contacts added to Constant Contact in the same time period. The number of emails I have received with the subject “Congratulations! Your Constant Contact Forms plugin has successfully captured.” for the same time period is much higher than 4 or 5 emails.

    Please let me know your thoughts.
    Thank you.

    Becky

    Michael Beckwith

    (@tw2113)

    The BenchPresser

    No, the recaptcha is not required, and as I recently realized during some code reviewing, the opt-in is not required either, like I had previously thought. My mistake there, for anyone who had heard otherwise from me.

    If you have your constant contact account connected, and a list set up for the form, it should be attempting to send the signups to the list chosen. That’s not to say that something along the way for that can’t fail though. The “Congrats” message is not tied to the the success/failure of sending to the ConstantContact list. It is tied to the form itself.

    Hard to say at the moment what may be going on with the analytics and the thank you page, but if I’m reading you correctly, you’ve received a lot more emails than you have additions to the list in question, correct? Curious if the list addition requests are returning some sort of error during the process.

    Hi. Yes. I am receiving more emails than the number of ones that get added to my list. I am not aware of where to see the error messages you are describing. Where would I find these? On the Constant Contact side?
    Thanks for your prompt reply to my first message.
    Becky

    Michael Beckwith

    (@tw2113)

    The BenchPresser

    Errors regarding the API requests aren’t presently surfaced and exposed anywhere, so we’d need to go in directly and inspect what’s going on there.

    Just out of curiosity and in case it’s playing a part. Do you have the “Bypass Constant Contact cron scheduling” setting used at all? It’s possible that the scheduling mechanism that we use by default isn’t firing like it should. Checking that bypass setting will have it sent right away with the form submission, instead of with a brief delay.

    Yes. Thanks do have this setting enabled.

    Michael Beckwith

    (@tw2113)

    The BenchPresser

    With all those details covered, I am left wondering if something between the communications is failing. However, we would need to go in manually into the plugin itself to confirm.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Receiving Spam signups, despite having Recaptcha?’ is closed to new replies.