Saltar navegación
Comprar Ahora

Inicio Toolset Professional Support [Resuelto] Reopening: Lots of spam registrations (CAPTCHA enabled)

[Resuelto] Reopening: Lots of spam registrations (CAPTCHA enabled)

This support ticket is created hace 2 años, 4 meses. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Este tema contiene 2 respuestas, tiene 2 mensajes.

Última actualización por nicholasG-2 hace 2 años, 4 meses.

Autor
Mensajes
#2519087

nicholasG-2

Hi there,

I opened a ticket a few weeks ago and was talking with @Luo about it. The original thread is here: https://toolset.com/forums/topic/lots-of-spam-registrations-captcha-enabled/

We're getting a lot of spammy user registrations on our custom user registration form. Luo suggested I set up an email alert to notify me when someone uses the form, but I must have set it up incorrectly, since it wasn't triggered, and I thought the regs must be coming from another place. After checking, though, I fixed the form, and it turns out that all of the spammy registrations ARE coming from our registration form, even though we have a CAPTCHA set up on it -- I've started receiving emails when these registrations take place, and they're all coming from the form.

Our registration page is here: enlace oculto

I'm not sure how they're getting around the CAPTCHA, though I do know Toolset doesn't use the newer versions of Google's reCAPTCHA which I wish I could try. It's not feasible for our use case to manually approve each registration at this stage, and I'm hoping to figure out how these bulk registrations are happening, and how our CAPTCHA is being bypassed.

Any help would be greatly appreciated.

Thanks,
Nick

#2519701

Nigel
Colaborador

Idiomas: Inglés (English ) Español (Español )

Zona horaria: Europe/London (GMT+01:00)

If the Captcha is proving ineffective, you might consider adding a honeypot field to your form yourself.

You can add markup to a form, and so can include a disposable field whose content you do not save, and which is visually hidden.

If the form is submitted with a value provided for that field, you know that it wasn't added by a human.

A quick Google should help you understand what's involved.

From the Toolset perspective you need to use the Forms API to intercept the form submission (e.g. the cred_form_validate hook) and reject it if the honeypot is filled with a value: https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate

#2520005

nicholasG-2

Hi Nigel,

Thanks for this idea. I've implemented a honeypot field, and will keep my fingers crossed that this helps!

Cheers,
Nick

Problemas conocidos y soluciones

Preguntas frecuentes de soporte

Archivo de tickets de soporte

Reciba ayuda de contratistas con experiencia

Conozca al equipo de soporte de Toolset

Política de atención al cliente de Toolset

Necesita decirnos algo sobre la calidad del soporte

Cómo eliminar información personal de su base de datos para el soporte