sabalaskey
Forum Replies Created
-
@valer1e, Google captcha does not work for that. The Jetpack feature presumes that you have Akismet installed for security since it passes the input through that testing in the expectation that Akismet will deny the spam. If you really want share by email in Jetpack, then Akismet is mandatory. Even then some spam could get through.
As @stevenmayjr says, the only way to reliably stop the spam relay is to *disable* the share by email feature of Jetpack. My solution is that I am writing my own code for that feature.
@mschefers, the abuse does not infect your server per se, but what happens is that your server IP address and any email system(s) that it uses will be passing spam, and ultimately be marked as a spam site by systems which monitor email activity. Not good for you or your hosting company, who doesn’t want their IP addresses on spam list services (e.g. Spamhaus).
I just got hit with this in the past couple days, as I noticed indirectly from email logs. The Chinese at 163data.com are the offenders, and using the share by email feature of latest Jetpack and WP turns your website into an open SPAM relay site.
Here is an example HTTP POST against a valid post on the site:
REQUEST = Array
(
[share] => email
[nb] => 1
[target_email] => [email protected]
[source_name] => ç<99>»é<99><86>å<8d>³é<80><81>28å<85><83>ï¼<9a> http://www.2220743.com/? æ<82>¨å¼<80>å¿<83>就好ã<80><82> ^M
å<80><99>é¦<86>æ¢<85>æ®<8b>ï¼<8c>溪桥æ<9f>³ç»<86>ï¼<8c>è<8d><89>è<96>°é£<8e>æ<9a><96>æ<91><87>å¾<81>è¾<94>ã<80><82>
[source_email] => [email protected]
[source_f_name] =>
)Notice the source name has special characters and is very long.
To stop this temporarily and capture the SPAM, I added this to /wp-includes/pluggable.php in between the try{} block, which starts on line 480 on WP4.8:
if (isset($_REQUEST['target_email'])) { // sharedaddy email this = capture data and refuse $file = 'maillog.txt'; $handle = fopen($file, 'ab'); if ($handle) { fwrite($handle, 'REQUEST = ' .print_r($_REQUEST, true) . PHP_EOL); fwrite($handle, 'Mail details = ' . print_r($phpmailer, true) . PHP_EOL); //fwrite($handle, 'SERVER = ' . print_r($_SERVER, true) . PHP_EOL); fwrite($handle, '==============' . PHP_EOL); fclose($handle); } return false; } else { // not sharedaddy so process this return $phpmailer->send(); }I would recommend limiting the sharer’s name to 24 chars or less and do more filtering on the text itself. Something like a dynamic javascript hash could be implemented that can be verified on the server. Personally I dislike captcha’s and will disable this Jetpack feature and find something else to offer email sharing.
Forum: Plugins
In reply to: [Transients Manager] Doesn't delete expired transientsSorry, I don’t remember for sure. I think that failed too. I am not using this plugin any more so I cannot test it.
Forum: Plugins
In reply to: [Adminer] Cannot delete or edit a row of a tableOK, thanks. It’s fixed.
Forum: Plugins
In reply to: [Transients Manager] Doesn't delete expired transientsYes, I use a redis based object cache, Redis Object Cache, Version 1.2.2.
I tried a different plugin called Delete Expired Transients and that worked just fine. It doesn’t provide the detail that you do, but it cleans the expired transients.
So there is obviously a means to deal with the issue. Perhaps you need to clear out the WordPress options cache (‘alloptions’) or similar?
I am also running nginx 1.8.1 and PHP-FPM in case that makes a difference.
I am also running nginx fastcache cgi, so maybe there is an interaction causing my problem, since I read and update the WP option table within the plugin code (update in an early hook, and read it in a later hook). I had to do a delete cache with my option key based on a hook to ‘updated_options’. I borrowed a code snippet from WP delete_option to clear the alloptions cache for auto-loaded.
What I found strange is the basic plugin options update screen using the standard API did not get updated either.
My solution is this. In the construct of the plugin object:
add_action( 'updated_option', array( &$this, 'flush_options' ), 1, 1 );Then this function in the object:
public function flush_options( $option ) { if ( $option == 'my_autoload_option' ) { // for auto-load options $all_options = wp_load_alloptions(); if ( is_array( $all_options ) && isset( $all_options[ $option ] ) ) { unset( $all_options[ $option ] ); wp_cache_set( 'alloptions', $all_options, 'options' ); } } elseif ( $option == 'my_NON_autoload_option' ) { // for non-auto load options wp_cache_delete( $option, 'options' ); } }I just started trying this plugin and notice the problem that basic update_option() calls are not flushed to the database when saving a plugin’s options in the wp-admin backend, nor within code of the plugin operation, where get_option() is called, some change made, and then update_option() is called to store the updated value. The old cached value is returned when calling get_option the next time.
I will have to try flushing the cache on those specific changes.
However, it seems like a reasonable feature to add the idea that whenever an update_option() is called that the cache is flushed, ideally programmable to use a specific option key or the whole cache.
The point is that the normal plugin behavior breaks WordPress for the display of any taxonomy. The new/edit post page also has it’s categories out of order because of this plugin, and I certainly won’t hack the core to get around this plugin. Setting orderby in other plugin code does not work either. I have deleted this plugin as its side effects are fatal.
I have moved on to another cache plugin as I do not have the time to fiddle anymore with this plugin. Perhaps sometime in the future when sufficient time and updates have occurred and the feature set may interest me to try it again.
I have moved on to another cache plugin as I do not have the time to fiddle anymore with this plugin. Perhaps sometime in the future when sufficient time and updates have occurred and the feature set may interest me to try it again.
Even worse, it puts a bunch of css at the top of the page. I cannot post that since this combox doesn’t handle it.
Time for a new cache plugin as this is just too unstable and buggy.
It’s even worse. I get a bunch of css at the top of my page, like this:
`BB A0′ !important;} #widget-collapscat-2-top li.collapsing.categories .sym { cursor:pointer; font-size:1.1em; font-family:Arial, Helvetica; padding-right:5px;}#widget-collapscat-3-top span.collapsing.categories { border:0; padding:0; margin:0; cursor:pointer; } #widget-collapscat-3-top li.widget_collapscat h2 span.sym {float:right;padding:0 .5em} #widget-collapscat-3-top li.collapsing.categories.self a {font-weight:bold} #widget-collapscat-3-top:before {content:”;} #widget-collapscat-3-top li.collapsing.categories:before {content:”;} #widget-collapscat-3-top li.collapsing.categories {list-style-type:none} #widget-collapscat-3-top li.collapsing.categories{ padding:0 0 0 1em; text-indent:-1em; } #widget-collapscat-3-top li.collapsing.categories.item:before {content: ‘BB A0’ !important;} #widget-collapscat-3-top li.collapsing.categories .sym { cursor:pointer; font-size:1.1em; font-family:Arial, Helvetica; padding-right:5px;}#widget-collapscat-4-top span.collapsing.categories { border:0; padding:0; margin:0; cursor:pointer; } #widget-collapscat-4-top li.widget_collapscat h2 span.sym {float:right;padding:0 .5em} #widget-collapscat-4-top li.collapsing.categories.self a {font-weight:bold} #widget-collapscat-4-top:before {content:”;} #widget-collapscat-4-top li.collapsing.categories:before {content:”;} #widget-collapscat-4-top li.collapsing.categories {list-style-type:none} #widget-collapscat-4-top li.collapsing.categories{ padding:0 0 0 1em; text-indent:-1em; } #widget-collapscat-4-top li.collapsing.categories.item:before {content: ‘BB A0’ !important;} #widget-collapscat-4-top li.collapsing.categories .sym { cursor:pointer; font-size:1.1em; font-family:Arial, Helvetica; padding-right:5px;}#widget-collapscat-5-top span.collapsing.categories { border:0; padding:0; margin:0; cursor:pointer; } #widget-collapscat-5-top li.widget_collapscat h2 span.sym {float:right;padding:0 .5em} #widget-collapscat-5-top li.collapsing.categories.self a {font-weight:bold} #widget-collapscat-5-top:before {content:”;} #widget-collapscat-5-top li.collapsing.categories:before {content:”;} #widget-collapscat-5-top li.collapsing.categories {list-style-type:none} #widget-collapscat-5-top li.collapsing.categories{ padding:0 0 0 1em; text-indent:-1em; } #widget-collapscat-5-top li.collapsing.categories.item:before {content: ‘BB A0’ !important;} #widget-collapscat-5-top li.collapsing.categories .sym { cursor:pointer; font-size:1.1em; font-family:Arial, Helvetica; padding-right:5px;}I copied the zip file via the shell for the latest. I will report back in a week or two.
It is not best practice to update the plugin and not change the version.
Still not fixed.
I am running Version 0.8.5.4 for about 2 weeks and my wpfc-minified dir is 14GB now. I click the Delete cache and minified button and that directory is not cleared, still having 14GB. I have to manually SSH into the server and delete the files myself.
I have the cache clear set to once an hour.
I have the minify HTML, combine CSS, combine JS, and use gzip options on.
Is there perhaps a compatibility problem with PHP 5.6.11? (or 5.6.x)
Forum: Plugins
In reply to: [WP Fastest Cache - WordPress Cache Plugin] Minify cache no deletedI have had this problem too. I am running Version 0.8.5.4 for about 2 weeks and my wpfc-minified dir is 14GB now. I click the Delete cache and minified button and that directory is not cleared, still having 14GB. I have to manually SSH into the server and delete the files myself.
I have the cache clear set to once an hour.
I have the minify HTML, combine CSS, combine JS, and use gzip options on.
This problem is definitely not fixed. Is there perhaps a compatibility problem with PHP 5.6.11? (or 5.6.x)