Spam

[madeurban]

I'm receiving lots of bounce back messages with the subject: Manage your Subscriptions.

It appears spam accounts are somehow signing up and activating these messages to send, but I don't know how.

Is there a spam filter I can turn? How do I stop these messages from being sent to email accounts that did not sign up to receive comment notifications?

[BobaWebDev]

Hi @madeurban

Try the challenge question/answer functionality. Should stop the bots.

In WP admin > StCR > Options. Near the end of the options you'll see "Enable challenge question", set that to "Yes". You can also change the question and answer in there.

[madeurban]

Will do @BobaWebDev Thank you so much!

[BobaWebDev]

You're welcome @madeurban

Let me know if it helps with the spam.

[jharries]

I see this and I will do that, but would it not be better to check the entered email against the list of emails that have actually subscribed. This would be a great lock out in conjunction with only allowing registered WP users to subscribe to comments.

[evangelismcoach]

I have the same problem. .. they are not subscribing to any posts even with the fake email addresses. So somehow, it seems they are using the mail feature without posting comments. I am using askimet.

I just turned on the challenge question to see if that will stop.... all these bounce messages are filling up my email daily.

[marlon-sousa]

Hello,

Is there a way of preventing subscriptions without comments?

I am asking because I moderate comments, so spam comments have no chance of getting to posts.

What seems, though, is that spammers are subscribing *** or trying to subscribing to notifications without commenting first, so this I have no way of avoiding. These spammers are generating high traffic of e-mails on my e-mail account.

Thanks, Marlon

[BobaWebDev]

Hi @marlon-sousa

Go to WP admin > StCR > Comments form.

You'll see the option called "Default label". Just remove the the part "You can also subscribe without commenting" and the link to subscribe without a comment will no longer show up.

[BobaWebDev]

By the way, just release a new update which allows you to add Google reCAPTCHA for that form. Option to enable it in WP admin > StCR > Options (at the bottom).

[orangutangle]

I have ReCaptcha enabled for the subscribe without commenting option but I am still getting lots of bounce back messages from spam subscriptions to fake or non-existant emails. Has ReCaptcha been pwned? Or is there a route to subscribe that hasn't been protected?

Also, I don't understand why spammers do this since they have no control over the content of the notification.

[BobaWebDev]

Hi @orangutangle

Can you send over the URL to your site?

Also can you forward a few of those spam emails to skustrimovic@gmail.com

[orangutangle]

Hi

Example post here: https://www.mootpoint.org/blog/create-acf-field-programmatically-permanently-in-database/

I've forwarded you some spam notifications and the bounceback messages.

[orangutangle]

I took a good look at my logs and found that it wasn't the ReCaptcha on the subscribe without commenting form that was being bypassed, but rather the Captcha on my comment form, which was provided by a different plugin.

Apologies.

[BobaWebDev]

Hi @orangutangle

No worries, happy to hear you found the cause of the issue.