sffandom

Have the Stop Spammers plugin installed already. It catches a lot of this stuff but some is still getting through.

Blocking major domains like Yahoo!, Gmail, and Hotmail doesn’t work because legitimate users are blocked. We occasionally block those sites on our Web forums and inevitably receive complaints.

It’s a tough balancing act. And I’m not sure if throttling is the answer but I don’t know what else to suggest at this point.

I should have mentioned that I think these registration attacks may be corrupting my WP database as well, because they happen so quickly.

Will do. Did just get an email confirmation from the second blog, which is on a server being attacked (DDoS). It could be that congestion is causing the problem.

I’ll install the logger on the first site and get back to you here later today or tomorrow (have to add a bunch of IP address ranges to the other server’s firewall).

I guess the solution is either to install a plugin that disables XMLRPC or else to block access to it in .htaccess.

This functionality should NOT be turned on by default.

Okay, I did the following twice:

1) Deactivate the plugin
2) Edit the subscribe2.php file to change the version number
3) Activate the plugin
4) Deactivate the plugin
5) Edit the the subscribe2.php file to revert the version number
6) Activate the plugin again
7) Add a subscription

It now seems to work. But I have to test on this on several Websites.

But there is still something funky (for which you are NOT responsible).

When I added a test email just now, I was not taken to the “default Subscribe2 page” that I had set up.

In other words, on the plugin SETTINGS page where you have:
Set default Subscribe2 page as: [LIST OF PAGES]

I have set up a landing page and that page is selected in the element. I expect to see that page when I click on the confirmation link, but instead I see the root URL for the domain (but a unique page that just says “You have successfully subscribed!”

Now, the email address is in the list so I know the subscription worked. But when is the “default” page supposed to appear for the user? If I UNsubscribe, I am taken to that page. Why not when confirming the subscription?

Finally — what I didn’t tell you before (because it’s not to be found on every site) is that on SOME of these sites I copied the widget code into an HTML table that is served on every page of the site. The widget records the user IP address. I stripped that IP address from the copied code.

The copied code in the HTML table does not appear to work. That’s not your responsibility as you didn’t design the widget to work this way. But why is the IP address being recorded? I don’t see any place where I as the site administrator can review it.

I hard-coded “10.0.0.0” as the IP address in the table (the sidebar widget behaves exactly as you programmed it). Do you see a problem from using a hard-coded IP address?

I did not tell you about this copied code because I had not yet added these forms to all the sites where I’m using the subscribe2 plugin. I don’t believe the copied code (replicating the widget on the page) could have caused the problem I report. I suspect the update issue you saw in the Trac ticket may be connected.

As a request for future features, I’d like to see:
1) The IP addresses in the admin dashboard (or removed from the widget)
2) A way to add the widget to some other part of the page.

I am using the AD INJECTION plugin (cited above as one found on every site) to manage that HTML code. We don’t normally embed footer ads on these Websites so I thought I would experiment with a table that encourages people to sign up for the daily digest and to follow us on social media.