Ben Meredith
Forum Replies Created
-
Hi @obertscloud
I’m happy to help in any way I can, but I am not clear yet as to whether you took my advice to completely remove the form from the site.
If you did, and the attack is still ongoing, Here are two ways you can potentially fend this off from the WordPress side of things:1) The Zero Spam Plugin
This is not a plugin that we developed, but the developers there have been excellent at providing support: https://ww.wp.xz.cn/plugins/zero-spam/It claims to support GiveWP right out of the box. There’s a chance that it will help, but given that you say the attack is happening via admin-ajax at this point, I am not sure that will help.
5) Implementing a reCAPTCHA
We don’t generally recommend the reCAPTCHA option because it slows down the donation experience and looks unsightly. It can harm your donations sometimes more than benefit them. But sometimes it’s really your last line of defense. So if you really want to implement it, here’s how:Here is the link to that code.
If you need assistance implementing custom code on your website we have this guide.
We want to help, but the distributed nature of WordPress itself means that we can only really provide pointers and we rely on you to give us as clear a picture as possible of exactly how GiveWP is being exploited. If there is sensitive data that you’d rather not post on this public forum, you can reach out to us at https://givewp.com/contact-us and mention this forum post.
Hi @zayedibn
We set about fixing this problem only to find that it’s no longer replicable, so apparently some other update to GiveWP has resolved things. If you’re still seeing an error, we’ll need specific steps to replicate the problem, and we’re happy to hop on fixing it.
Have a great day!
Hi @obertscloud
That’s certainly not what we want! I want to be as helpful as I can, to get this resolved for you.
Don’t just remove the shortcode from the site: completely remove the donation form by making it a draft:
That should stop it as far as is possible from our side. Beyond that, either your host or Cloudflare will need to be the ones to turn off the flood.
You mention DDOS, so is the site completely down? Cloudflare should definitely be able to stop a DDOS attack: that’s what they do.
Once you get the site back operational, we can definitely work with you to get your donations back up and running, but the step before the first step is to stop the DDOS attack. That’s not something that we can help with, and it’s directly in Cloudflare’s wheelhouse.
Definitely keep us posted.
Hey @tonnyg1
Glad you found our documentation useful to create custom fields!
When you create those custom fields, you have the option to store the data on the donation record or on the donor record. If you save it on the donation record, then the custom meta should be availalbe for export using the CSV export tools at Donations > Tools > Export > Export Donation history.
One “catch” is that you have to select the individual form during the export process in order to see the additional data.
I’m 90% sure it will show up there. If it doesn’t, I don’t know how to make that data available in an export (and that falls outside the scope of things we can support), but it would also be available over the GiveWP API, which you can see documentation for here: https://givewp.com/documentation/developers/give-api-reference/Thanks!
Forum: Plugins
In reply to: [GiveWP - Donation Plugin and Fundraising Platform] Use a CouponHi @toniup
No, there’s no concept for “donate slightly less” similar to a coupon in ecommerce.
We focus on getting their organization *more* money!
You could create a special form on the site for Christmas day only that has smaller donation amounts, perhaps?
Let me know if I am misunderstanding the request.
Thanks for that @bailey123
There’s nothing standing out to me from that system info as a yellow or red flag.
I’m still unclear where you are seeing that error from your original message. Is it on the front end of the site? During a donation? Some other time or place?I’ll need to be able to replicate a problem in order to be of much help, and at this point I don’t even fully understand what you’re seeing, and I’m not able to pinpoint it.
The more context you can give me, the better.
Hi @bailey123!
Glad you reached out, here. There are two separate things (potentially related, but hard to tell without context) going on here. One is that relatively generic warning “{table} is marked as crashed and should be repaired” and the other is a more specific error.
Are you able to see the full output of the error at Donations > Tools > Logs? (search for that “Uncaught Give\Framework\Database\Exceptions\DatabaseQueryException: Database Query” text there in the list of errors.
Next question: where are you seeing that error? Is it showing on the site when you attempt to donate, or when you view the back end of the site, or some other time?
It sounds like there’s some corruption in the database in general, and the fix for that may be to repair the database table using a tool like PHPMyAdmin. There are various tutorials on that around the web. Search for “mysql is marked as crashed and should be repaired” and poke around for those fixes.Also, please send along your System Info.
Navigate to Donations –> Tools –> System Info (tab) and click the button to “Get System Report” and copy/paste that in your reply here.
That will give us some more context to be able to help.
Hey Johnny!
As you know, I’ve been working with you all weekend to resolve any issues via priority support. I’ll continue working with you over there.
Forum: Plugins
In reply to: [GiveWP - Donation Plugin and Fundraising Platform] Donations not workingFantastic! Very glad to hear it.
If you need anything else, definitely reach back out here.
If you don’t need anything else, definitely tell the whole internet how great GiveWP is: https://ww.wp.xz.cn/support/plugin/give/reviews/
Have a great week!
Forum: Plugins
In reply to: [GiveWP - Donation Plugin and Fundraising Platform] Donations not workingHi there!
The problem on that form is that you’re using the Terms and Conditions option, but then hiding the checkbox, so that folks can’t accept the terms and conditions. I made a quick screencast showing you what’s up:
If you want to hide the terms and conditions option, don’t do it with CSS, since that doesn’t remove the requirement for checking it.
Let us know if we can clarify further!
Forum: Plugins
In reply to: [GiveWP - Donation Plugin and Fundraising Platform] Stripe Pending PaymentsI also forgot to mention:
There’s no mechanism for “re-charging” a pending donation on GiveWP, because you don’t store any payment data on the GiveWP side (for very good reasons) and we’d need that payment info to re-charge the donation. The best bet there is to reach out to the donor and have them try again.
Forum: Plugins
In reply to: [GiveWP - Donation Plugin and Fundraising Platform] Stripe Pending PaymentsHi @srjwebsites!
More than happy to get to the bottom of this with you. Here’s the short version:
If the transaction is not showing up in Stripe, it didn’t happen, and the donor should quadruple-check their card account to make sure.
You are on the right track to check the Stripe webhooks for pending donations on the GiveWP side, as it usually means that Stripe was unable to let the site know that a transaction happened, but in the case of it not happening at Stripe, there’s nothing to *send* over the webhook.
Webhooks are a one-way communication from Stripe to the site, so setting them up after the fact won’t change anything that has happened to that point.
At this point we have to switch to diagnosing what is happening to prevent the transaction going through in the first place. The great news about our Stripe integration (and Stripe in general) is that things are clearly logged on both sides, so when a donation fails for any reason, we log it on the GiveWP side at Donations > Tools > Logs and Stripe logs it on their side as well.
So, here’s the plan:
1. Have the donor triple check that the money really did leave their card/bank account. Just because they got an email from the site saying they donated does not mean that they did. Those emails are triggered by the donation being marked as complete in any way. So if in an attempt to process the donation after the fact, you mark it as complete, a donor will get a very convincing donation receipt email, even though money never left their bank.
2. If you confirm that money did indeed leave their bank account, it had to go somewhere, so check in Stripe, and note that you can connect multiple Stripe accounts to a single site, so there’s a chance that the money is in some other Stripe account connected to the site. The donor’s bank account statement should have an ID number or some other way of tracking that donation/payment that Stripe customer service team (who is filled with fantastic people) can help with.
3. If the money did not leave the bank account (in my experience, this is almost always the case) we still have to diagnose why, and the logs should tell us what is happening there. Reply with the results from the logs, and we’ll keep digging.Your success with online donations is our number one priority.
Hey @srtajpg
Sorry for the abysmally slow turnaround on this. If you still need help, I am more than willing to be of assistance.
The page you’ve linked to there is no longer active, so I’ll need to see the problem again.
Forum: Plugins
In reply to: [Give - Pixel Tracking] I not see “Purchase” and “Donate”Hey @thommen
Is your site still active? I am not seeing anything at that link at all.
Forum: Plugins
In reply to: [Donation Form Block for Stripe] Plugin opens you up to fraud on StripeHey @cadfile
Sorry this support request slipped through the cracks! (I’ve made sure that forum posts for this plugin are now going to actually make it into our internal system so that you don’t have to wait weeks to hear something!)
I agree this is something we’d need to address as much as possible from our side, and I’ve created some feedback on our feedback site to have a team member look into it: https://feedback.givewp.com/bug-reports/p/donation-block-for-stripe-should-prevent-donor-spam
I can’t make any guarantees that we will do that on any type of accelerated timeframe, so the best short-term course of action is the Stripe Radar fix.
I’m going to close this forum post, but only so that the feedback site becomes the single source of updates going forward. Follow up there if you need anything!