I'm in a situation in which i need to be able to create a topics using self created bot. My forum has a special category and user, which can create a topics in that category.
Technology i'm using to create that bot is ruby + mechanize gem but it's not important right now. That bot works in a following way:
Sign in as previously mentioned user:
visit - /ucp.php?mode=login
fill the sign-in form using user credentials
if, after submiting a form, there is a sign-out link somewhere on the page, threat this whole process as "successfull"
Create a topic
visit - /posting.php?mode=post&f=21
fill subject field with desired subject
fill message field with desired message
submit a form using Submit button
And now, while first point works just great, the second one behaves in a strange way. After submiting a form, there is no error message or anything like that, i'm just getting redirected to /viewforum.php?f=21 (log's says that it's 302 Moved Temporarily status) page and the topic is not there.
Can anyone tell me what such behaviour means? Is there any security mechanism i don't know about? Please also note that the new topic form has form_token and creation_time fields filled correctly while form is beeing submited.
Thanks in advance for any clues.
According to this thread: https://stackoverflow.com/a/11713867/552936, user is treated as a bot if he sends a form without any delay (and it end's up with a 302 redirect). I can't find any info on google what's the exact delay, carck3r says that it's 8 seconds but for me, it was 2 seconds.
Related
Our domain email address started receiving blank spam emails from our contact form (this is known from the header). They are from seemingly random email addresses and have no content. They are received roughly every 5 minutes with occasional 45 minute breaks. The form works correctly and I've tried both Askimet and Honeypot plugins (both together and separately) to no avail. The contact form (Contact-Form-7) has required fields. I believe Honeypot is failing due to the blank content and the hidden field not being populated. Here is an example of what the email contains:
From: WordPress [mailto:info#domain.com]
Sent: Thursday, April 13, 2017 3:47 PM
To: info#domain.com
Subject: contact form from domain.com
Name: 58f0002d1ad5f 58f0002d1ada9
Email: randomname#random.com
Subject:
Message:
The random name & email services are from various providers (billy#hotmail.com, kelly#yahoo.com, jim#gmail.com, etc). The Name field contains a seemingly random string (58efeaa9252e7 58efeaa92532d, 58efeaaf3099c 58efeaaf309da,58f0002d1ad5f 58f0002d1ada9, etc)
What is responsible for this particular type of spam?
What is the actual goal of blank spam email?
Is there another plugin or workaround that could filter the spam besides captcha?
Honeypot will not catch blank email spam as noted above. Invisible reCaptcha will prevent this particular type of spam.
As far as possible motivation(s)/reason(s):
1.The spammers send the e-mail, along with a million others. Some bounce, some don't. They now know which e-mail addresses are still current.
2.Some people, amazingly, actually reply, even if it's just to say "Unsubscribe me!". Bingo, the e-mail address is current and there's a person behind it, and that person actually opens e-mails sent by the particular send address they've used.
3.Sometimes the content isn't as empty as it seems. For instance, many spam messages contain a one-pixel-by-one-pixel image with a trackback url; as soon as you view the message, they get pinged that this particular pixel was viewed - Bingo as above. That's the reason many modern mail clients warn you about images in messages and suggest you don't view the images unless you trust the source.
You could use invisible reCAPTCHA or use Contact Form's build in quiz/question.
I'm having the same issue with this bot/spammer. Honeypot doesn't work for me either. Would be interested to know the source and goal of this spammer.
I have come across a client request that requires me to design woocommerce user registration in different steps. Since i am new to woocommerce i need your help on this please. Here is how the client wants it.
STEP 1: This step will happen on the "My Account" page that contains Sign In and Sign Up form both. Here the Sign Up form should have only two fields that is Username and Email.
STEP 2: From step 1 after validation, the user should be send to Step 2 where all the other fields should be asked from User. Others fields can include First Name, Last Name, Address, Password etc.
STEP 3: After Step 2a confirmation email should be sent to User and upon putting right code he/she can become a sucessfull member.
Now if there is a plugin that can do this let me know otherwise i prefer coding it. Kindly help me out here guys as i have always got what i am looking for on stackoverflow.
Regards,
Maddy
You need to create custom code there is no plugin available for the same.
1) Create custom template for register.
2) After fillip both data you just need to call user resgietr function https://codex.wordpress.org/Function_Reference/wp_insert_user
I'm trying to scrap a webpage for data but came across the problem of needing to log in.
Connection.Response loginForm = Jsoup.connect("http://www.rapidnyc.net/users/google_login")
.method(Connection.Method.GET)
.execute();
Document document = Jsoup.connect("http://www.rapidnyc.net/users/google_login")
.data("Email", "testEmail")
.data("Passwd", "testPass")
.... //other form data
.cookies(loginForm.cookies())
.post();
This gives me the org.jsoup.HttpStatusException: HTTP error fetching URL. Status=400
I used chrome developer tool to look at the Form data being posted but nothing I post works.
1. Have you submitted ALL input fields? Including HIDDEN ones.
2. I see the website requires "captcha-box" authentication, which is to prevent web crawlers from logging in. I highly doubt you will be able to log in with your program.
I say the 400 status is coming from your program not being able to provide the value for "captcha" authentication.
I'm looking to have the information submitted on a google form to be on the email notification that I receive. I have tried several things but I can't seem to get it to work. Any ideas?
Create a new form in Google Docs, if you haven’t done that yet, add the necessary fields to the form and save your changes. Now go back to Google Docs and open the spreadsheet corresponding to that particular form.
Choose Tools > Notification rules... and select the option that says Notify me when... A user submits a form. You can also set how frequently you would like to be notified – right away or with daily digest.
Reference: https://support.google.com/docs/answer/91588
To get the notification in your email, you can refer to the this Google add-on.
Also to enable the data or responses to appear in notification you have to enter a script in the form. which basically tries to extract the columns from the spreadsheet. Sample:
var p = SpreadsheetApp.getActiveSheet();
var column = p.getRange(1,1,1,s.getLastColumn()).getValues()[0];
I hope you build the script by yourself!
I am trying to use PHP to fire hits at Google to track newsletter opens and clickthroughs. I want to use the same technique for both clickthroughs and opens since the clickthroughs will go to sites outside of my own control - I want to be able to report on the clickthrough rates of the newsletters regardless of where the clicks go to. I was thinking of trying code.google.com/p/php-ga/ but there is little in the way of example code/support docs to start with so I am hesitant.
Here is my url to __utm.gif broken up over the lines for clarity:
utm.gif?utmac=MO-xxx31982-1">http://www.google-analytics.com/_utm.gif?utmac=MO-xxx31982-1
&utmhn=myfake.com
&utmcc=_utma%3D7042858245.1436153422.1214501708.1340117181.1340117181.1%3B%2B_utmz%3D1.1340117181.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B
&utmwv=1
&utmr=click
&utm_source=Emails
&utm_medium=Newsletter
&utm_campaign=tet+2012-06-19+10%3A41%3A30
&utmp=%2FMYZZ%2FNEWSLETTERS
&uservar=16430
Does the utmhn need to be a legit URL or one associated with the account? What about utmr? I was using that to contain 'click' or 'open' so I could differentiate.
When I click a link in the newsletter I get the expected pixel image returned so Google is getting something anyway even if ignoring my querystring. In my Google Analytics account where should I see the data relating the the __utm.gif hits? So far I see none when using this technique.
P.S. I got this technique from here
Follow up:
I changed a few things and my url now looks like so:
utm.gif?utmwv=1">http://www.google-analytics.com/_utm.gif?utmwv=1
&utmn=8391432847
&utmsr=click
&utmsc=-
&utmul=-
&utmje=0
&utmfl=-
&utmdt=-
&utmhn=myfake.com
&utm_source=my_newsletter
&utm_medium=Emails
&utm_campaign=tet 2012-06-19 10:41:30
&utmr=my_newsletter
&utmp=images/google/click
&utmac=MO-xxx31982-1
&utmcc=_utma%3D24820632.1925394567.1340121629.1340121629.1340121629.2%3B%2B_utmb%3D24820632%3B%2B_utmc%3D24820632%3B%2B_utmz%3D24820632.1340121629.2.2.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)%3B%2B__utmv%3D24820632.6430%3B
and nothing happens except when I paste that link into my browser then Google gets it, so why does it not work when called from the PHP line $handle = fopen ($urchinUrl1, "r");?
ok, nevermind. I changed my app around so the utm.gif is just included in the email and in a redirect page rather than called from the script. Should have done it that way but got caught up in the fancier idea of calling the url from php.
Even though this question is over a year old...the GA measurement protocol can be used to send hits back to GA for newsletter opens and clickthroughs.
To answer your initial question, it looks like you're missing the utmhid and utmn parameters.