Title: roaima's Replies | WordPress.org

---

# roaima

  [  ](https://wordpress.org/support/users/roaima/)

 *   [Profile](https://wordpress.org/support/users/roaima/)
 *   [Topics Started](https://wordpress.org/support/users/roaima/topics/)
 *   [Replies Created](https://wordpress.org/support/users/roaima/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/roaima/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/roaima/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/roaima/engagements/)
 *   [Favorites](https://wordpress.org/support/users/roaima/favorites/)

 Search replies:

## Forum Replies Created

Viewing 12 replies - 1 through 12 (of 12 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Burst Statistics - Privacy-Friendly WordPress Analytics (Google Analytics Alternative)] Does “Exclude IP address from tracking” allow netmasks](https://wordpress.org/support/topic/does-exclude-ip-address-from-tracking-allow-netmasks/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/does-exclude-ip-address-from-tracking-allow-netmasks/#post-17427395)
 * That’s amazingly fast work, thank you!
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Burst Statistics - Privacy-Friendly WordPress Analytics (Google Analytics Alternative)] Burst posts to endpoint.php on the wrong host](https://wordpress.org/support/topic/burst-posts-to-endpoint-php-on-the-wrong-host/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/burst-posts-to-endpoint-php-on-the-wrong-host/#post-17418358)
 * Yes, treating each site separately would be perfect. (Is that an option I missed
   during installation?)
 * Thanks!
    -  This reply was modified 2 years, 2 months ago by [roaima](https://wordpress.org/support/users/roaima/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Burst Statistics - Privacy-Friendly WordPress Analytics (Google Analytics Alternative)] Please check if your REST API is loading correctly](https://wordpress.org/support/topic/please-check-if-your-rest-api-is-loading-correctly/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/please-check-if-your-rest-api-is-loading-correctly/#post-17418355)
 * Going to [https://www.harrogateitconsulting.uk/wp-json/wp/v2/posts](https://www.harrogateitconsulting.uk/wp-json/wp/v2/posts)
   gets me an empty `[]` with HTTP/1.1 status 200 OK (I don’t have posts, just pages).
 * Is that correct?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Burst Statistics - Privacy-Friendly WordPress Analytics (Google Analytics Alternative)] Burst posts to endpoint.php on the wrong host](https://wordpress.org/support/topic/burst-posts-to-endpoint-php-on-the-wrong-host/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/burst-posts-to-endpoint-php-on-the-wrong-host/#post-17415228)
 * More discovery. It’s two specific clauses in `burst-statistics/functions.php`
   that return the network hostname if it’s a network installation.
 * Commenting these out makes the code work here.
 * Why have it at all?
 *   Forum: [Reviews](https://wordpress.org/support/forum/reviews/)
    In reply to:
   [[Custom Contact Forms] Spam gateway – do not use "as-is"](https://wordpress.org/support/topic/spam-gateway-do-not-use-as-is/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [12 years, 11 months ago](https://wordpress.org/support/topic/spam-gateway-do-not-use-as-is/#post-7734799)
 * The captcha, recaptcha, whatever is completely irrelevant. The HTML code that
   is generated by the form makes it trivial for a third party to send email through
   your mailer. This completely bypasses the validation.
 * Want an example? Let me know your WordPress contact page and an (obfuscated) 
   target email address I should hit, and I’ll demonstrate.
 * Sigh.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Custom Contact Forms] [Plugin: Custom Contact Forms] Spam can be sent through CCF](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [12 years, 11 months ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/#post-3007582)
 * Sadly even with version 5.1.0.3 I can still route spam through anyone else’s 
   Custom Contact Form. No login required.
 *   Forum: [Reviews](https://wordpress.org/support/forum/reviews/)
    In reply to:
   [[Custom Contact Forms] Spam gateway – do not use "as-is"](https://wordpress.org/support/topic/spam-gateway-do-not-use-as-is/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [12 years, 11 months ago](https://wordpress.org/support/topic/spam-gateway-do-not-use-as-is/#post-7734796)
 * Sadly even with version 5.1.0.3 I can still route spam through anyone else’s 
   Custom Contact Forms. No login required.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Custom Contact Forms] [Plugin: Custom Contact Forms] Spam can be sent through CCF](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/#post-3007568)
 * The “are you human” checkbox is also irrelevant to the problem. CCF can be used
   to make your website send spam to third parties. As a side-effect you get a copy
   of every single email, too.
 * If the author cared enough to contact me we could get this resolved within hours.
   I have tried to contact the author using their advertised email address, via 
   their advertised website, via a support ticket, and most recently via a review.
 *   Forum: [Reviews](https://wordpress.org/support/forum/reviews/)
    In reply to:
   [[Custom Contact Forms] Spam gateway – do not use "as-is"](https://wordpress.org/support/topic/spam-gateway-do-not-use-as-is/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/spam-gateway-do-not-use-as-is/#post-7734786)
 * The recaptcha does nothing whatsoever to mitigate the problem. CCF is still a
   Spam gateway.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Custom Contact Forms] [Plugin: Custom Contact Forms] Spam can be sent through CCF](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/#post-3007562)
 * Furthermore, the new captcha feature does nothing whatsoever to mitigate the 
   problem. If anything, it makes it worse because people believe that CCF must 
   be safe,
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Custom Contact Forms] [Plugin: Custom Contact Forms] Spam can be sent through CCF](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/#post-3007558)
 * I have not conducted a serious review of the code. (What I have done is to prove
   to myself that the flaw exists, and that was sufficient for me.) However, the
   exploit that I have discovered does not rely on any access to the underlying 
   system.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Custom Contact Forms] [Plugin: Custom Contact Forms] Spam can be sent through CCF](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/)
 *  Thread Starter [roaima](https://wordpress.org/support/users/roaima/)
 * (@roaima)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-spam-can-be-sent-through-ccf/#post-3007556)
 * Well, I know exactly where the problem lies, and it’s only reliably fixable by
   removing some functionality (and the corresponding code). Unfortunately the author
   neither responds in this forum nor to the advertised email address, nor via the
   contact form on his website.
 * What to do? I suggest mark the plugin as “does not work” until this problem is
   resolved.

Viewing 12 replies - 1 through 12 (of 12 total)