Open what-ri opened 2 years ago
Thanks @what-ri for reporting this bug! Soon I will publish an Improved version of the plugin with the fix for this issue! Thanks again!
(the spam log was very useful because I have actually had other similar cases.)
It seems that under certain conditions the fingerprinting challenge on mobile does not take place, as reported by what-ri sometimes after a failed attempt
I found a similar issue: as most bad actors use a VPN to hide their identity, most of the VPNs out there will be listed on the blacklists soooner or later. So if any user uses a VPN while filling the form (and "Check IP on DNS blocklist" is activated), the form will not be able to be submitted. I'm not sure on how to fix this isse though, except by disabling "Check IP on DNS blocklist".
@adambichler this does not happen to me (most of the bots that send me e-mails use botnet-infected computers) but good to know because in this case I lower the 'score_dnsbl' (or put a warning or similar).
the issue @what-ri reported (as far as I can see from the logs) was due to the fact that the form were reloaded but the data that the plugin add to hidden inputs to verify you are not a bot were not executed. Happens when cf7 is not in ajax mode and I think I have solved it
Hi Erik, I really like the plugin and the option to ban the IPs on multiple failed submissions.
I noticed quite a few legit submissions were trapped by the plugin and their IP was blacklisted. Even when we switched off all options and we only left "Enable anti-bot checks" , "Check IP on DNS blocklist" and auto-ban IPs on 10 failed attempts only. But some IPs got blacklisted after only 2-3 attempts instead of 10. So basically minimum checks were in place.
An example on submissions marked as spam that were legit entries: