Subscription spam: challenge question is inefficient | WordPress.org

Yann at WP&Co
(@ydubois)

3 years, 11 months ago

The challenge question is not enforced on expired “link to manage your subscriptions”, neither on the raw “/comment-subscription” slug, without any parameter. So it is completely inefficient in preventing subscription spam.

Subscription spam robots are actively exploiting this vulnerability: I get 4 or 5 subscriptions per hour even with “Challenge question” enabled.

Unfortunately, I had to disable the plugin because of this.

Is there any efficient way to filter out subscription spam?

(Akismet is enabled on the site, but to no avail either)

At least you need to fix the challenge question/answer system: the challenge needs to be present on all forms, and especially when there is no parameter in the “/comment-subscription” URL. Since this is the URL spam robots are using the most.

Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author WPKube
(@wpkube)

3 years, 11 months ago

Hi @ydubois

It’s on the to do list to add the challenge question to the other forms for the next update which should be released by the end of the week.

Thread Starter Yann at WP&Co
(@ydubois)

3 years, 11 months ago

@wpkube great news! Looking forward to it, thanks.

ulula
(@ulula)

3 years, 8 months ago

I have the same issue, had to disable the plugin.

Worthdesigning
(@auntypizza)

3 years, 3 months ago

Same issue here – I deleted the plugin but am still getting spam emails because we’re using Sendgrid.

Absolute pain.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Subscription spam: challenge question is inefficient’ is closed to new replies.

Tags

filter

In: Plugins
4 replies
4 participants
Last reply from: Worthdesigning
Last activity: 3 years, 3 months ago
Status: not resolved