I did not realize that zero spam was completely blocking my forms. It is a new update I think as I have had zero spam loaded for while now. But as of the beginning of Sept something changed and my form were being blocked with a lovely message – Your IP has been flagged as spam/malicious

lovely message and no emails were able to be sent. not impressed. When I turned off the plugin then the email sent just fine – the above message appears after filling out the form and clicking the recaptcha and then clicking the send button

Dear Zero Spam,

I found an error in the error log of the plugin about Project Honeypot:

2024-11-11 14:59:10::Project Honeypot Error: could not get DNS information for xxxxxxxxxxxx.XXX.XXX.XXX.XXX.dnsbl.httpbl.org: []
(The license key and IP address are masked to protect privacy.)

Could it be fixed? Would you please help? Thank you.

Forminator is a new form that is quickly becaming famous in worpdress world, I think that would be great if zerospam would defend from the the spam the forminator forms too.

• This topic was modified 4 months ago by matteo raggi.

I added Zero Spam months ago after an attack on a Give WP donation form. This long weekend the site was attacked again and 2000 donations were tried over 4 days. Noone noticed due to the long weekend. Zero spam did not stop it, not sure if there was a wrong setting or something else that let it happen but there should be something that can see that too many transactions in a short period of time is likely to be an attack especially if all the credit card numbers fail. Zero spam did not stop it, the payment gateway did not stop it although they did fail all the attempts and GIVE WP did not stop it.

Hi,

Currently Zero Spam offers support for IPBase, IPInfo, IPStack for geolocation data, however I’d like to request two other providers:

1. KeyCDN IP Location Finder API which is free for all users, it allows a total of 7.8 million requests per month; throttled to 3 requests per second.
2. ip-api.com which is free for all users, it allows a total of 1.9 million requests per month; thottled to 45 requests per minute

These providers should be able to provide adequate information, are just as up to date as the current providers and are better for the majority of wordpress users/websites given the no-API key requirement.

Thanks

Hello,

I got the notification from my host that I have an infected file, and it is in the folder of your plugin:

/wp-content/plugins/zero-spam/assets/blacklist.txt: EIG.LinkSpam.N

What do you recommend me to do, please?

Thank you very much

I have been locked out of logging in to my dashboard. How to override?

Error: Your IP has been flagged as spam/malicious.

Hello,
Wordfence shows a security problem and recommend to delete your plugin.
Have you planned to solve the problem?

Regards
Rainer

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/zero-spam/zero-spam-555-spam-protection-bypass

Hi! I’m having a similar issue as this support post.

https://wordpress.org/support/topic/my-ip-is-bloked-no-reason-why/

Ive tried to do what I can to modify settings to be more lenient, but everytime I try to access my own site from my phone or from public wifi I’m IP locked out by ZeroSpam. I’m disabled all the IP APIs, and I’m looking at the main settings page not sure how to proceed.

• This topic was modified 9 months, 1 week ago by mh4press.

This plugin has been identified as having a security vulnerability (Bypass Vulnerability).

Do you have an expected date for the update/patch.

Thanks so much!
Paul.

Restrict content pro?

Hi, we installed the plugin and started configuring following best recommendations provided and a few minutes later our site went down (504 and 502 errors). Working with our hosting company support it was discovered that the issue was zero-spam-settings being loaded on every request which exceeded the size of recommended object cache. We had to deactivate the plugin. Is there a reason the setting needs to be autoloaded or was this an oversight?

It looks like the plugin has not made the tables correctly – I’m seeing a lot of errors in my error log file that look like this (somewhat redacted) error:

[Thu Mar 14 23:59:52 2024] [error] [client|IP|] AH01071: Got error ‘PHP message: WordPress database error Table ‘|SNIP|.wp_3_wpzerospam_blocked’ doesn’t exist for query SELECT * FROM wp_3_wpzerospam_blocked WHERE user_ip = “|IP|” made by require(‘wp-blog-header.php’), require_once(‘wp-includes/template-loader.php’), do_action(‘template_redirect’), WP_Hook->do_action, WP_Hook->apply_filters, ZeroSpam\Core\Access->access_check, ZeroSpam\Core\Access->get_access, apply_filters(‘zerospam_access_checks’), WP_Hook->apply_filters, ZeroSpam\Core\Access->check_blocked, ZeroSpam\Includes\DB::blocked’

I had a user report being unable to send WebMentions. I added their IP to teh whitelist but I really want to find the log so I can see what the cause was. The FAQ says it is in the menu under Zero Spam but I’ve looked and looked and cannot find it. I have blocked IP logging turned on.

Updated several sites to 5.5.3 yesterday and woke up to fatal error notices from some of them today.

From the notification email:

An error of type E_ERROR was caused in line 259 of the file /public_html/wp-content/plugins/zero-spam/modules/class-zerospam.php. Error message: Uncaught Error: Class “ZeroSpam\Modules\WP_Error” not found in /public_html/wp-content/plugins/zero-spam/modules/class-zerospam.php:259 Stack trace: #0 /public_html/wp-includes/class-wp-hook.php(324): ZeroSpam\Modules\Zero_Spam->share_detection(Array) #1 /public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(”, Array) #2 /public_html/wp-includes/plugin.php(517): WP_Hook->do_action(Array) #3 /public_html/wp-content/plugins/zero-spam/modules/login/class-login.php(149): do_action(‘zerospam_share_…’, Array) #4 /public_html/wp-includes/class-wp-hook.php(324): ZeroSpam\Modules\Login\Login->process_form(Object(WP_User), ‘admin’) #5 /public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters(Object(WP_User), Array) #6 /public_html/wp-includes/user.php(180): apply_filters(‘wp_authenticate…’, Object(WP_User), ‘admin’) #7 /public_html/wp-includes/class-wp-hook.php(324): wp_authenticate_username_password(Object(WP_User), ‘scott’, ‘admin’) #8 /public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters(NULL, Array) #9 /public_html/wp-includes/pluggable.php(618): apply_filters(‘authenticate’, NULL, ‘scott’, ‘admin’) #10 /public_html/wp-includes/user.php(106): wp_authenticate(‘scott’, ‘admin’) #11 /public_html/wp-login.php(1311): wp_signon(Array, true) #12 {main} thrown

• This topic was modified 10 months, 3 weeks ago by slewisma.
• This topic was modified 10 months, 3 weeks ago by slewisma.

Error Details
=============
An error of type E_ERROR was caused in line 259 of the file /home/evolution/public_html/wp-content/plugins/zero-spam/modules/class-zerospam.php. Error message: Uncaught Error: Class “ZeroSpam\Modules\WP_Error” not found in /home/evolution/public_html/wp-content/plugins/zero-spam/modules/class-zerospam.php:259
Stack trace:
#0 /home/evolution/public_html/wp-includes/class-wp-hook.php(324): ZeroSpam\Modules\Zero_Spam->share_detection()
#1 /home/evolution/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters()
#2 /home/evolution/public_html/wp-includes/plugin.php(517): WP_Hook->do_action()
#3 /home/evolution/public_html/wp-content/plugins/zero-spam/modules/registration/class-registration.php(142): do_action()
#4 /home/evolution/public_html/wp-includes/class-wp-hook.php(324): ZeroSpam\Modules\Registration\Registration->process_form()
#5 /home/evolution/public_html/wp-includes/plugin.php(205): WP_Hook->apply_filters()
#6 /home/evolution/public_html/wp-includes/user.php(3407): apply_filters()
#7 /home/evolution/public_html/wp-login.php(1120): register_new_user()
#8 {main}
  thrown

How I can know, if spam protection is applied or not on my forms after activating the plugin.

Hi, I see latest topics never get a reply anymore on this forum and your website seems is no more available.

Is this plugin been abandoned?

We do a specific type of website for tax professionals. Thus, they are regularly under attack. As of yesterday, the attackers have found a way to bypass Zerospam on Formidable Forms. We had to go to standard captchas (a major pain to setup).

Just wanted to give a heads up…as right now, the plugin is 3 months stagnant, and it seems the hackers have finally broken it.

The plugin Forminator is used from more of 300.000 websites and it is growing quikcly, because it is totally free and very easy and powerfull, it accept payments (stripe and paypal ) and conditional fields, all for free.
I suggest to add the comaptibility to it too, because very useful and comfortable. Many peopel are movign from CF7 to Forminator for example and it include the button to import the CF7 forms too.

Many, many honeypot errors per minute, similar to:

2023-08-09 10:21:47::Project Honeypot Error: could not get DNS information for xxxxxxxxxxxx.200.232.90.52.dnsbl.httpbl.org

I looked at that mention on Git about this and it does not seem to be resolved.

Do I need to add any honeypot script on my site… confused about setting up Honeypot.

Hi

Can you help me resolve why users keep getting blocked with the message ‘IP address marked as spam/Malicious. This is for users trying to open a Woocommerce/Wordpress account as well as users trying to make payments via a Stripe/Woocommerce plugin.

I have tried researching a fix and changing setting but nothing seems to fix this. Hope you can help.

We are looking for a replacement of WPBruiser which stopped working after the security update of Ultimate Members 2.6.7.

Is this plugin working with UM 2.6.7 at all?

Thanks much for your help.

Since I updated the Zero Spam plugin (from v5.3.9) to v 5.5.1 a few days ago, the plugin has started blocking valid user logins, giving the message that the IP address has been flagged as spam/malicious. Checking the Zero Spam log, it seems that it is the David Welsh checking that is implementing these blocks. I don’t particularly want to switch David Welsh off as it is quite effective in blocking spam comments, so I’ve had to switch off the option for Zero Spam to check logins.

Is there a better solution to this problem?

Hello,

running paid wordfence on a client’s website i get noticed of a malicious/unsafe file:

/wp-content/plugins/zero-spam/assets/disposable-email-domains.txt

which in fact is just your text file containing known spam hosts

When i click on details i see it’s because there is the text viagraonline in the file.

I think as you’re the plugin designer you should contact Wordfence to find a way to sanitize this as it may cause harm to your plugin?

Info:

=====

WordPress

Version              6.2

Language              en-US

Charset              UTF-8

Memory Limit              128M (Max 512M)

PHP

Version              8.1.18

SAPI              litespeed

Zero Spam for WordPress

Version 5.4.5

No <u>Zero Spam API License</u>

Active Theme

GridBit Version: 1.0.1

By ThemesDNA

Please consider to support IP2Location.io API IP Geolocation API.

I’ve enabled the spammer geo-location using IPinfo.

As you can see in [1, 2], that works well, except for the “Last 14 Days by Location” box, where ‘unknown’ is the only ‘location’ that it’s shown.

Initially, I tried IPbase and that worked for a while. Is it a bug? Is there something I can try to reset?

Hello ,

here is great plugin at https://wordpress.org/plugins/snitch/

would you like take over?

thanks

This is crazy. Even the login page will not let you in when the IP is blocked. I have a VPN and it seems that all IP (countries) are blocked. The only way in is to disable the plugin from the cpanel.

Recommended settings is applied – flagged

Protect Login Attempts should be disabled in the recommended settings.

• This topic was modified 2 years ago by potatocarabao.