Project

General

Profile

Actions

Support #2855

closed

Spam problems

Added by Sarah Morgano about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
-
Target version:
Start date:
2013-10-29
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Please see the following support email and advise:

Our website (http://careerplan.commons.gc.cuny.edu/) has occasionally experienced some spam problems, which makes it difficult for us to schedule our events and manage our subscribers. The specifics of the two problems are listed below:

1. Our site is using Events Manager to implement our event booking feature. When a booking is submitted, we need to approve the booking manually before it can take effect. Occasionally, we receive some spams (maybe not), which makes it hard for us to tell if they are real users and hence we do not know whether we should approve them or not.
2. We also receive spams from our website subscription feature (on the right side of our front page).

For possible solutions, we are thinking about adding a plugin, like ReCAPTCHA, to our web, but it seems that we do not have sufficient permission to do this. Do you have some suggestions regarding this issue.

Actions #1

Updated by Matt Gold about 11 years ago

  • Status changed from New to Assigned
  • Assignee set to Boone Gorges
Actions #2

Updated by Boone Gorges about 11 years ago

  • Status changed from Assigned to Reporter Feedback
  • Target version set to 1.5.7

1. The Events Manager plugin does not have any native way to protect against spam, assuming that event booking form is left open to anonymous viewers. A little googling tells me that Events Manager Pro (the paid version) has some functionality for this (in the form of custom fields) but this doesn't seem very elegant to me. As a workaround, I added some custom reCAPTCHA functionality to the Events Manager plugin myself. After the 1.5.7 release, all public (as in, non-logged-in) event bookings will have to go through a reCAPTCHA test. As a side note, it looks like careerplan.commons.gc.cuny.edu does not currently have a public events booking form; I assume it was turned off in response to spam. If I'm wrong about this, then I may have added a reCAPTCHA for nothing. Changeset: https://github.com/castiron/cac/commit/1eea4b23c96ae621bc1e2fe106338f641a0687bb

2. It looks like the careerplan blog is using Jetpack to power its email subscription widget. Jetpack already enforces email confirmation of signups - in other words, when you enter an email address in the subscription box, it doesn't actually become subscribed until after a link has been clicked in a confirmation email sent by Jetpack/wordpress.com. This doesn't necessarily prevent spammers, but it does prevent most spam bots. Adding a reCAPTCHA here probably would not add any additional protection, given that it's probably humans entering addresses here anyway. That said, it's not clear to me why spammers would target a subscription list, and I can't see what tangible harm a few extra subscribers would do (aside from throwing off internal analytics).

Actions #3

Updated by Boone Gorges about 11 years ago

  • Status changed from Reporter Feedback to Resolved

Sarah - I'm going to mark this ticket as resolved just so i can clear out the milestone. If you still have feedback for me regarding my point 2 above, it'd be most welcome. Thanks.

Actions

Also available in: Atom PDF