Community Support Forums

[smbotans]

hi all,

i have a new members registering problem ... i currently have new members 'signing up' regularly BUT when i check their profile, the LAST NAME required field is blank and the COUNTRY required field is -

how can this be when both fields are required fields and when i checked the registration form, a popup appears when i leave the LAST NAME field blank and when i enter - into the COUNTRY field

am i being spammed? are they by-passing my registration form in some way?

i had a look at the ip of some of those new members, and they are all different

any help or thoughts would be appreciated

serge

[Cristián Lávaque]

I don't know, it may not be impossible to bypass those checks since they're JavaScript. I need to ask Jason how that could be and if there are any server checks done too. Are you using WP's registration page or s2Member Pro's pro-form?

[smbotans]

thanks for your reply ... i am using the free version of s2member which takes over the wp registration page ... i am getting around 100 new members 'signing' up each day and looks like i will have to delete them all by hand as they are dud members

this is very annoying and i dont like having my membership site taken over like this with fake members signing up en masse

any help would be greatly appreciated ... my site is www.mental-workout.com if it helps

serge

[Cristián Lávaque]

Ok, you're using the standard WordPress registration form. http://www.mental-workout.com/wp-login.php?action=register

You may want to use some plugins to prevent spam registrations. https://wordpress.org/extend/plugins/se ... gistration

[smbotans]

thanks for your reply

actually i am not as the link you mention in your reply takes me to the s2member registration form where there are required fields which are being bypassed ... ggrr!!!!

[smbotans]

it turns out i was being spammed although how they added new members to my site by-passing the registration form and required fields is a mystery

i used one of the plugins you suggested and no more rogue members signing up ... just a lot of spam registrations being blocked ... since i installed the plugin, i have not had a spam registration

thank you so much for your help and suggesting the plugins ... my sanity has returned

thanks again

serge

ps if it helps others, i used the plugin from http://wordpress.org/extend/plugins/sto ... ns-plugin/

[Cristián Lávaque]

Thanks a lot for the update! I'm very glad you solved it.

[Jason Caldwell]

Thanks for the heads up on this thread.

Yes, this is a case where the site is being spammed, and since there is no server-side validation for Custom Fields, they were allowed to be empty. The only server-side validation is for the Username/Email Address at this time ( i.e. s2Member v110710 ). So although you may configure *required* fields, if someone attempts to spam your site with a bot to POST data directly to the registration system ( i.e. spamming you ), the JavaScript validation can be bypassed in cases such as this.

Can s2Member implement a Captcha Code on my Login/Registration Forms?

Yes and no. We've left this feature out of the plugin intentionally, because many site owners prefer to use Captcha plugins that encompass all aspects of their site ( including comment forms ). We recommend this one: SI CAPTCHA Anti-Spam. That being said, s2Member's Pro Forms for PayPal® Pro and Authorize.Net® ( including Free Registration Forms ) CAN be configured to use Google's reCAPTCHA service ( which is free ). Just add this Attribute to your Pro Form Shortcode ( captcha="clean" ).

[Cristián Lávaque]

Is it be possible to check server-side where the form was submitted from and reject any that isn't from the same server?

[Jason Caldwell]

Is it be possible to check server-side where the form was submitted from and reject any that isn't from the same server?

Yes, that could certainly be a solution in many cases. However, I would like to implement true server-side validation in a future release, so that it's NOT impossible for a site owner to build a custom form that submits data from an off-site location, when/if needed.

[Cristián Lávaque]

Yeah, that'd be cool.

[21inspired]

@Jason - any news on the server-side validation future release?

One of our clients using s2memberpro has started receiving numerous spam registrations (began yesterday).

[Jason Caldwell]

Thanks for your patience.

@Jason - any news on the server-side validation future release?

One of our clients using s2memberpro has started receiving numerous spam registrations (began yesterday).

Sorry, I don't have an exact date yet, but yes, we are still working toward this. In the mean time, I would implement a CAPTCHA of some kind, to help prevent automated form submissions.

[antseo]

Hi Jason. Yes, I just experienced a spammer tonight. I would be interested in that feature being in future release. In the meantime, I'll use the captcha you've recommended.

[dapike]

The site that I oversee has evidently been the target of a similar spam attack that started on Thursday (Thanksgiving no less), whereby bogus registrants are clearly bypassing the intended registration form since they have blank data for all of the mandatory registration fields. Please please please, can something be done to block them? And yes, I do have the SI CAPTCHA plugin installed already.

Thanks,

- David.