danmuc

Hi @usamaazad99,

we increased the Time Check Value to 15 seconds but it had no affect on our pages. In European Union we have issues with GDPR and cannot enable hCaptcha or recaptcha so we really need this plugin working again. It worked so great month ago.

I have analyzed our log files and i see that the Spam-Bots opening this url first:
/wp-json/contact-form-7/v1/contact-forms/2209/feedback/schema

That includes information from contact-form-7 about all the fields:

{“version”:”Contact Form 7 SWV Schema 2024-10″,”locale”:”de_DE”,”rules”:[{“rule”:”required”,”field”:”your-name”,”error”:”Das Feld ist erforderlich.”},{“rule”:”maxlength”,”field”:”your-name”,”threshold”:400,”error”:”Das Feld ist zu lang.”},{“rule”:”required”,”field”:”your-email”,”error”:”Das Feld ist erforderlich.”},{“rule”:”email”,”field”:”your-email”,”error”:”Die eingegebene E-Mail-Adresse ist ung\u00fcltig.”},{“rule”:”maxlength”,”field”:”your-email”,”threshold”:400,”error”:”Das Feld ist zu lang.”},{“rule”:”required”,”field”:”your-phone”,”error”:”Das Feld ist erforderlich.”},{“rule”:”maxlength”,”field”:”your-phone”,”threshold”:400,”error”:”Das Feld ist zu lang.”}]}

I noted that the honeypot field is missing here. So i am assuming that the spam bots are now first checking which fields are required and just skipping the other ones (note that required fields are also marked as required here). The logs does not show that they access the kontakt page first so i assume they are also somehow bypassing the timecheck value (maybe with wrong cookies or something)

I would suggest:

• Maybe Disable Feedback Schema json via your plugin (i dont know the reason of that api endpoint. In my opinion it makes it a lot easier for spam bots to determine required fields
  • If you dont disable: Maybe just add your field to the json (maybe also as required, depending on the reason of that file)
• Re-Check the timestamp validation value. I really think that spam bots are currently bypassing that check somehow

Hi Marko,
thanks for your reply. I tested with Yoast Sitemap and also with Google XMP Sitemaps Plugins both are not working. “Set Expires Header” is checked in HTML&XML Area.

Only pages in XML Format are not getting cached (but the cache files for sitemaps exist in the page_enhanced folder…) but for some reason nginx does not load them correctly?

Here is the part of page_enhanced in nginx.conf for me it looks good…

# BEGIN W3TC Page Cache core
set $w3tc_query_string $query_string;
if ($w3tc_query_string ~* "^(.*?&|)utm_source(=[^&]*)?(&.*|)$") {
    set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* "^(.*?&|)utm_medium(=[^&]*)?(&.*|)$") {
    set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* "^(.*?&|)utm_campaign(=[^&]*)?(&.*|)$") {
    set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* "^(.*?&|)gclid(=[^&]*)?(&.*|)$") {
    set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* "^(.*?&|)instance_id(=[^&]*)?(&.*|)$") {
    set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~* "^(.*?&|)instance_secret(=[^&]*)?(&.*|)$") {
    set $w3tc_query_string $1$3;
}
if ($w3tc_query_string ~ ^[?&]+$) {
    set $w3tc_query_string "";
}
set $w3tc_request_uri $request_uri;
if ($w3tc_request_uri ~* "^([^?]+)\?") {
    set $w3tc_request_uri $1;
}
set $w3tc_rewrite 1;
if ($request_method = POST) {
    set $w3tc_rewrite 0;
}
if ($w3tc_query_string != "") {
    set $w3tc_rewrite 0;
}
if ($w3tc_request_uri !~ \/$) {
    set $w3tc_rewrite 0;
}
if ($http_cookie ~* "(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle)") {
    set $w3tc_rewrite 0;
}
set $w3tc_preview "";
if ($http_cookie ~* "(w3tc_preview)") {
    set $w3tc_preview _preview;
}
set $w3tc_ssl "";
if ($scheme = https) {
    set $w3tc_ssl _ssl;
}
if ($http_x_forwarded_proto = 'https') {
    set $w3tc_ssl _ssl;
}
set $w3tc_ext "";
if (-f "$document_root/wp-content/cache/page_enhanced/$http_host/$w3tc_request_uri/_index$w3tc_ssl$w3tc_preview.html") {
  set $w3tc_ext .html;
}
if (-f "$document_root/wp-content/cache/page_enhanced/$http_host/$w3tc_request_uri/_index$w3tc_ssl$w3tc_preview.xml") {
    set $w3tc_ext .xml;
}
if ($w3tc_ext = "") {
  set $w3tc_rewrite 0;
}
if ($w3tc_rewrite = 1) {
    rewrite .* "/wp-content/cache/page_enhanced/$http_host/$w3tc_request_uri/_index$w3tc_ssl$w3tc_preview$w3tc_ext" last;
}
# END W3TC Page Cache core

I investigated that problem a little bit more and it’s reproducable. I also turned on memcached verbose logging and found out that dbcache is working on cli but there is not any GET or SET command incoming which is related to objectcache…

How to reproduce..

Create test.php in your wordpress main directory

<?php
require_once ('wp-load.php');

$cached_object = wp_cache_get('test','test');

if ($cached_object === FALSE){
	echo 'cached object not found setting it';
	wp_cache_set('test', 'test '.date("D.m.Y - H:i:s"), 'test', 86400);
}else{
	echo 'cached object found: '.$cached_object;
}

Call test.php via Browser… at first call it will show you not found and will set key.. on second call it will found old cache entry and show you old time.

Now open terminal and cd to wordpress directory enter “php test.php” you will always see message “cached object not found”

• This reply was modified 7 years ago by danmuc.