WordPress.org

Forums

WordPress-to-lead for Salesforce CRM
[resolved] SPAM issue (12 posts)

  1. kozza42
    Member
    Posted 1 year ago #

    Overnight about 3 weeks ago I started receiving a lot of spam. This plugin stopped it all a while back, but all of a sudden it has started again. Any ideas on what I can do to stop it? I've got the captcha working and everything, but I'm still getting spam.

    Thanks

    http://wordpress.org/plugins/salesforce-wordpress-to-lead/

  2. Nick Ciske
    Member
    Plugin Author

    Posted 1 year ago #

    I'd need to know more about the spam:

    You're seeing it in salesforce?
    In the admin notification emails?
    Both?

    The same spammer/content or does it vary?

    Can I see some of the spam records?

    Did anything else change around the same time?
    e.g. did you install or update other plugins, change themes, etc?

  3. kozza42
    Member
    Posted 1 year ago #

    Hi Nick,

    I'm seeing it in Salesforce, and getting admin notifications as well. All of the spam is different.

    The only thing that I did around the same time is update Contact form 7.

    I will post some records when I get a chance, probably tomorrow need to find the login details.

    We were getting spam for a while before I configured this plugin, and then all the spam stopped. It was going great! And then, it started again.

    Thanks for your help so far!

  4. Nick Ciske
    Member
    Plugin Author

    Posted 1 year ago #

    Can I see:

    The form this is happening on?

    A few of the spam emails?
    http://ThoughtRefinery.com/contact

  5. kozza42
    Member
    Posted 1 year ago #

    Do you need a log in? or just want to see the site?

  6. Nick Ciske
    Member
    Plugin Author

    Posted 1 year ago #

    Let's start with a link to the form getting the spam and a few examples and go from there.

  7. kozza42
    Member
    Posted 1 year ago #

    ok... :)

    The link is: eMoney

    If you click "Enquire now" in the top right corner, it'll come up, OR if you hover over "Contact Us" it'll come up too.

    I'm still trying to get the log in for salesforce from the boss, but I'll email them to you direct.

    Thanks.

  8. kozza42
    Member
    Posted 1 year ago #

    Hi Nick,

    Apparently no one can find the emails that get sent. Saleforce themselves looked at the code and said that we're being compromised because of the source code. They said that the capture is able to be seen in the source code, so it's easy to get spam that way. Is there any way to hide that?

    Also is there a way to make the form into 2 columns?

    Thanks

  9. Nick Ciske
    Member
    Plugin Author

    Posted 1 year ago #

    Hmmm... I wonder if they are spamming the Salesforce API directly? That would explain the lack of emails from the plugin. How they got your Org ID is a mystery though.

    Salesforce themselves looked at the code and said that we're being compromised because of the source code. They said that the capture is able to be seen in the source code...

    The captcha value is never output in the source code... the value is one way hashed to insure that a spammer cannot see it... if they think there's a vulnerability there I'd love more information on how they think spammers are cracking/seeing it.

    RE: 2 Columns
    I the latest version, yes, you can use custom CSS to do so using the divs each field is wrapped in, but it's not a simple matter...

  10. kozza42
    Member
    Posted 1 year ago #

    Hey Nick,

    Just curious, Salesforce sent me a link that should be able to fix the issue (according to them).

    Do you think that would work? and could you let me know how to set it up if it might?

    Thanks for all your help.

  11. Nick Ciske
    Member
    Plugin Author

    Posted 1 year ago #

    The plugin itself already has that feature (and the captcha is even stronger protection), but it can't protect you if the submissions are going to Salesforce directly (as they seem to believe?) as that bypasses the plugin completely.

    In this case, you could simply add a custom field in SF and a hidden field in your form, called, say, LeadFromWebsite__c or something, set it to Yes, then 'filter out' any lead submissions that don't have that field set to the expected value.

    Or use the existing Lead Source field -- which is always set and passed by the plugin. Set it to something unlikely to be submitted by a spam bot, then validate against that field.

  12. Nick Ciske
    Member
    Plugin Author

    Posted 1 year ago #

    Did you ever get this figured out?

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress-to-lead for Salesforce CRM
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags