search

hCaptcha / hcaptcha-wordpress-plugin

hCaptcha.com support for Wordpress (Plugin)
GNU General Public License v2.0
79 stars 32 forks source link

Spam issues on version 1.5.4, i only need this to work with contact form 7 and has a lot of code entries to it. #316

Closed ouvaa closed 6 months ago

ouvaa commented 7 months ago

with reference to this issue, https://wordpress.org/support/topic/spam-bots-bypass-hcaptcha-with-contact-form-7/

can anyone with knowledge on where the cf7 fix is for this 1.5.4 in 2.2.0 fix?

please help out. getting lots of spam that goes through. not sure which line i need to fix to have this fix. I can donate a few coffees or pay for this fix.

@kagg-design can you refresh your memory where this issue is? the contact form and comments are getting the spam through. or do you have a quick fix that will definitely block the spams?

kagg-design commented 7 months ago

I am a bit confused. Are you still using hCaptcha v1.5.4? And what to apply fixes relevant to v2.2.0? It is not easily possible because the structure of the plugin was significantly reworked and improved in v2.0.0.

From that time, many security improvements were added for CF7 and comments. Also, there were some changes in the plugin to reflect changes in the api.js script, which is loaded from the captcha.com site in the latest version, regardless of the plugin version.

The best solution - is to update the hCaptcha plugin to the latest v2.9.0.

ouvaa commented 7 months ago

@kagg-design yes i am still using 1.5.4 and modified it a lot to fit current usage. the structure etc are all different. everything's fine except still getting a few spam through, was nothing until lately, getting more and more terrible.

  1. with regards to this issue, is it possible for u to provide suggestions on how i can modify the line so that the spam is stopped? https://wordpress.org/support/topic/spam-bots-bypass-hcaptcha-with-contact-form-7/

  2. basically i've modified it a lot to fit my current needs and i'm worried an upgrade will conflict with other plugins. appreciate if u can gimme an idea of a quick fix to this aforementioned issue instead of asking me to upgrade. i can buy u a few coffees for sponsor something on this. please help. the spam is unmanageable at this stage

kagg-design commented 7 months ago

But you have mentioned that you also have spam in comments - and it cannot be solved via fixes in the hcaptcha-cf7.php file.

The main problem here is that we are going to discuss the security issue and its direct fix. The statistics show that 28% of installations still have versions lower than 1.19. It means that our open conversation can provide information for hackers on how to spam sites with an outdated version of the hCaptcha plugin.

We can do it in another way. Please send me to my email info@kagg.eu a zip with your modified plugin, and I will try to update it to the latest version of the code.

ouvaa commented 7 months ago

@kagg-design thank you very much!

it's unbelievable 28% still using something that can tolerate the spamming. (it's getting terrible)

thank you for your plugin, do also provide a link whereby we can sponsor or buy you coffees!

ouvaa commented 7 months ago

@kagg-design just sent. thx in advance.