S2Member form issue?

Cassel · 8 March 2017 02:50

I am unsure of the cause of this so i wanted to double check with you guys. I have disabled the standard WP registration form, and only use the s2M registration. You can check it here:
http://scrapbookcampus.com/register-to-the-campus/

I have Akismet, i have BestWebSoft anti-spam, and i have WP Zero spam. Yet, in the last couple of days, i have had dozens of bot registrations. How could they register? Are they able to register using that form and bypass the anti-spam/anti-bots? Could there be a security issue?

I am not blaming it, but just double-checking.

KTS915 · 8 March 2017 04:05

Carole, are you sure that those two plugins (i.e. BestWebSoft Anti-Spam and WP Zero Spam; Akismet doesn’t block registrations) are designed to work with s2Member? (I don’t think they do.)

This is, I think, a big weakness of s2Member’s free Pro form. I opened a Github feature request here to see if it could be made compatible with WP Bruiser (which is great because it doesn’t use Captchas) but that hasn’t come to anything. The WP Bruiser developer was initially interested, but then I think he concluded it wasn’t worth his while because this is really the only form that s2Member has that needs such protection.

Have you tried WP Spamshield? That is supposed to work with s2Member, though I’m not sure if they just mean the free version of s2Member or whether they also include Pro forms.

Cassel · 8 March 2017 11:08

I don’t know, but i have that check box on the registration form now so it must work. Also, i had no spam registration for many months, and only in the last few days, i am getting a ton of them so i though that maybe a fault had appeared in s2M.

I’ll have a look at WP Spamshield.

JediShark · 9 March 2017 15:30

Carole (@Cassel),

There are really 2 possibilities here:

You’ve just been lucky in the past and your form has never been protected from spam registrations
Something changed and you need to figure out what it was

Have you recently upgraded any of the plugins (s2Member, BestWebSoft anti-spam or WP Zero spam)? Or have you just upgraded WordPress core?

Do either (or both) of the anti-spam plugins you use provide notifications or logging when they block a spam registration? If not, you really don’t know if those plugins have ever been protecting your registration form from spam registrations. If they do, was the last blocked registration shortly before you updated something?

Cassel · 9 March 2017 16:49

To answer the “questions”:

1- i do have that recaptcha where you have to check the box. Isn’t that a way to protect from spam registrations?

As for updates, spam registrations started only 3 days ago (on the 6th):

s2Member was updated 2 weeks ago,
BestWebSoft was updated 2 days ago
WP Zero Spam was updated 2 months ago

So, MAYBE it was the BestWebSoft? But, nothing on their support forum indicates that anyone else has issues. However, the site was updated to WP 4.7.3. at the same time that those spam started (within one hour of the notification i got) so that might even be more likely.

If it has something to do with WP, any suggestion at to what to do?

KTS915 · 10 March 2017 18:21

Google has just launched a new Invisible CAPTCHA. I have opened an issue here to see if s2Member Pro Forms can be modified so as to make use of it.

Cassel · 11 March 2017 16:56

I am a little confused with the CAPTCHA here, so if someone can help me clarify this, it would be appreciated.

I have currently, BestWebSoft Captcha plugin. Until today, i didn’t have a shortcode for it. It is ONLY activated for the Registration form. Although i set it to show arithmetic catpcha, i still have only the “I am not a robot” check box to check (which obviously comes from the s2M Captcha… Thinking that maybe that plugin was not really displaying on my pro-form, i disabled it. The “I am not a robot” Captcha disappeared. And it came back when i reactivated it. Strange, but maybe it is a BWS issue?

However, i noticed that my shortcode for the Registration form includes captcha=“light” so i am using a captcha that seems to come with s2M. When i changed the “light” to “dark” that “I am not a robot” captcha turned to white on black (instead of black on white in the “light” version).

So, strangely, both the BWS and the s2M captcha seem to be affecting that “I am not a robot” reCaptcha that is on my s2M registration form.

If i disabled the Captcha from s2M and add the BWS shortcode, it will only display below the SUBMIT button, and it does not prevent anything.

Can someone explain why they BOTH affect that captcha? And is there a way to insert the shortcode from BWS inside the “s2Member-Pro-PayPal-Form register” code?

JediShark · 12 March 2017 08:39

Which version of BestWebSoft Captcha are you using? Is it the Google Captcha version or the one called just “Captcha”? If you are using the Google Captcha version the reason both it and s2Member affect the “robot” Captcha is that both are using the same Captcha: Google’s “No Captcha ReCaptcha”. In any case, there is clearly a conflict between the 2 and also no reason to be using 2 Captcha plugins.

Yes, Google reCaptcha can be used to preven spam registrations. I believe the only thing mentioned that is NOT used for registrations is Akismet: Akismet checks comments for spam.

Cassel · 12 March 2017 13:13

I am using the Captcha by BestWebSoft.

I have to say that those spam registrations have almost stopped now. No idea why. Maybe the activating, deactivating of the various plugins and such have scared them away or reset the correct settings? I don’t know.

And right now, i am only using the s2M captcha (the Google one), which i had previously too.

JediShark · 13 March 2017 11:36

Glad to hear the problem has resolved itself.