Matthias Zobrist

Hi @pinkimagination

We’ve just released v1.4.12 of mosparo. This new version adds two buttons in the submission view to navigate to the newer and older submissions.

Thank you very much for your suggestion!

Kind regards,
zepich / mosparo Team

Hi @nsity

Thank you very much for providing all the information.

I did some more testing and found the issue in a special combination. Yes, the space at the end is a problem, but only because of another character: the quotation mark (“).

If a field contains no quotation mark, the space at the end is no problem. If the field contains a quotation mark but no space at the end, that’s also not a problem. But both characters in the same field is a problem.

I’ve already found a solution for Contact Form 7, but I’ve noticed that many other integrations have the same issue. So I will search for fixes for the other integrations as well and release a new version of the integration plugin in the next few days (probably Saturday/Sunday).

Thank you very much for your help!

Kind regards,
zepich / mosparo Team

Hi @nsity

Thank you very much for your report.

I’ve tested it with a Contact Form 7, and the mosparo Integration and everything worked as expected.

Do you have the latest versions of the mosparo Integration plugin (1.15.2) and the Contact Form 7 plugin (6.1.5)?

There was an issue in the mosparo Integration plugin before version 1.13.4 with spaces at the end.

If you have the latest version of the plugins, what space/character is visible in mosparo? In mosparo, the spaces at the beginning and at the end of a value are highlighted. With your mouse, you can hover these spaces, and you should see a tooltip with the name of the character. Please let me know which character it is so I can try to reproduce it.

Kind regards,
zepich / mosparo Team

Hi @pinkimagination

Thank you very much for your questions.

Issue 1: What can you do to remove the delay?
To remove the delay, the easiest option is to use a small trick. Go to the delay security settings of your project and set the “Multiplicator” to 0.1. After saving the settings, go to your form and refresh the page multiple times. The seconds should drop pretty quickly, and after ~10 requests, your delay should be around 30 seconds or less. Now go back to the delay security settings and set the “Multiplicator” to a normal value (1.0 or higher, see below).

Issue 2: Is it possible to configure that the delay is automatically lifted?
No, that’s not possible right now. The delay is lifted as soon as it expires. I will keep that in mind for future developments. It is probably also a good idea (and much easier to implement) to add a function that lets an admin delete all delays/lockouts, so in your case, you could (if you’re an admin of the mosparo installation) delete all the delays.

Issue 3: Blocking a single site/form and not globally
The idea is that if a bad actor (like a bot) is blocked in one project, there is no reason that the same bad actor should be able to fill out any forms protected by the same mosparo installation. In your case, yes, this isn’t good. But if a bot tries to submit the form multiple times, this feature will block it across all your projects.

Now, what should you do?

1. Delete the delay with the method described above.
2. Add your IP address to the allow list of all the projects. To prevent getting blocked by the delay or lockout feature (or the other security features), add your IP address to the allow list in every project. This way, these features will not affect your requests.
3. Adjust the delay and lockout factors. In the delay or lockout settings, set the “Multiplicator” to 1.0 so the delay and lockout are not increased with every request. You could then define a fixed delay or lockout period. For example: 60 seconds for a delay and 86400 seconds (one day) for the lockout. Every additional request will not increase the number (since the “Multiplicator” is set to 1.0).

Please let me know if that worked and if you have any other questions.

Kind regards,
zepich / mosparo Team

Hi @demon_ru

I added the fix for the deadlock issue and conducted more extensive testing. By splitting the bad query into two parts, the deadlock is gone.

The new version v1.4.8 was released some minutes ago.

I’m looking forward to reading your feedback.

Thank you very much for all your help in finding and solving the issue!

Kind regards,
zepich / mosparo Team

Hi @demon_ru

Thank you very much for the details.

Did you anonymize the IP address before posting the log lines here, or do you store only two bits of the address in your log file? If you see the entire IP address, please run a whois (https://www.ipaddress.com/) to see who it belongs to. If it belongs to a hoster, it’s very likely a bot. If the IP address is in the range of 80.85.244.0 – 80.85.247.255, then it’s 100% a bot – since I had the same spam bot on multiple of my websites and the ranges belong to a data center… 🙂 They are also listed on the stopforumspam.com list.

These two requests were executed at the same second, which is interesting since in a typical user scenario, same-second form validations are usually not the case:

80.85.xxx.xxx - - [16/Dec/2025:05:03:12 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 200 93 "https://www.domain.com/" "\x22Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36\x22"
80.85.xxx.xxx - - [16/Dec/2025:05:03:12 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 500 1017 "https://www.domain.com/" "\x22Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36\x22"

My explanation yesterday was that it was probably due to the Lockout or Delay security features in mosparo, because they write to the same row when one IP submits multiple requests at the same moment. But I tried that, and I’m not able to reproduce it with six parallel requests at the same time. So, I have some questions for you:

• Did you enable the security features “Delay” and/or “Lockout” in mosparo?
• Did you enable the GeoIP2 feature in mosparo by setting a GeoIP2 key in the administration?
• Is the MySQL/MariaDB server doing a lot of work? Does it have other large databases, and/or is the mosparo database pretty large? (I’m talking about a 10+ MB-sized database)
• Did you configure any special performance values for PHP FPM?

I have a possible solution for the problem, but first I need to identify the root cause and reproduce it. I don’t like adding any “fixes” that I cannot test to see if they’re working.

Kind regards,
zepich / mosparo Team