- This topic has 11 replies, 3 voices, and was last updated 12 years, 1 month ago by
.
-
Posts
-
Hi, I have the affiliate plugin, estore and emember installed on this site. All was well until about 3 days ago when spammers signed up to the affiliate program. Over the past 3 days there have been over 300 spam signups and they continue now at about 20 per hour.
Reading through the forum, I found the suggestion to update the plugin. I have updated the plugin, reset reCaptcha but the spam continues. I have even deactivated the plugin.
Are you able to assist or give any suggestions. I fear there may be a hack script added to one of the pages/php files but I can’t find anything.
Site affected – [http://www.fengshui-thesecrets.com]
If you have reCAPTCHA enabled then there is no way to do spam signups via these plugins.
Now, when you say spam signup, what are you specifically referring to? Spam member signups or affiliate signups or WordPress user signups or signups to your newsletter?
The spam sign ups are to the affiliate program. They all appear in the affiliate member list. They have not signed up to newsletter or any other optins on the site or wordpress. Only to the affiliate program.
Now that I have deactivated the plugin again, the sign ups have stopped. However, if , as before, I reactivate the plugin, the sign ups resume.
Not sure if this helps at all.
Okay good.. that means the reCAPTCHA on the affiliate signup on your site is not working for some reason. Can you please reactivate the plugin and post a link to your affiliate sign up page so I can poke around and see what is wrong with the reCAPTCHA?
Thanks for looking into this for me. I have reactivated the plugin and the sign up page is [http://fengshui-thesecrets.com/wp-content/plugins/wp-affiliate-platform/affiliates/login.php]
Muchly appreciated!
Thank you. I tried to signup a few times without entering the proper Captcha code and I couldn’t which indicates that the captch is working fine. Can you also try yourself to singup without entering the correct captcha code to verify this?
I also am unable to sign up without entering the Captcha. I fear there must be some way hackers have added a script or something to a page within the site as over 300 signups since reactivating the plugin over past 24 hours.
I am not sure what to do next.
Thanks
Lets do the following:
1. Deactivate and delete the currently installed version of the affiliate plugin.
2. Download a fresh build of the plugin from here:
https://support.tipsandtricks-hq.com/update-request
3. Upload and activate this version and then let me know what you see.
This should delete any unwanted scripts that a hacker might have put in the plugin. The next thing you need to do is make sure the file permissions on your server is correct. Having loose file permission is one way to let hackers get into your site. All folders should have 755 permission and all files should have 644 permissions. You can read up more on file permission here:
Hi, I had already done that – deleted the plugin, requested the update and installed this new updated version. However, the sign ups continued. But – have now done it again.
I have also checked all file permissions and they appear to be correct – 755 for folders and 644 for files.
Is there a way to do a bulk delete of all the spam signups. Deleting individually is too time consuming, especially now that there are 400+ spam entries to delete.
Thanks again,
Just disabled the ability for visitors to sign-up due to this. The same email address exists in 3 accounts and its only the 2nd week I’ve had the affiliates plugin installed.
I’m wondering if its best to monitor who promotes my software anyway and allow dedicated affiliates to get a better share of Google ranking.
I would like to mention by no way is this spam the fault of the plugin, which is a good plugin.
The following option might work out better for you. We have recently added this option to the plugin so you can manually approve each and every affiliate signup:
Manually Approve Affiliate RegistrationBeing very selective as to who can promote your products is a good idea. The main issue is that it involves a bit of manual work if you get a lot of signup requests everyday.
- You must be logged in to reply to this topic.