JTC Anti-Spam required Form fields

Home Forums BulletProof Security Pro JTC Anti-Spam required Form fields

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #11816
    Rob Bernstein
    Participant

    Hi

    I have purchased the Pro version, which is great. I am being heavily spammed.

    However, I have the following problems with JTC Anti-spam:

    1. the box appears correctly on the wp-login and Buddypress forms, but they are not “required” fields and so do not need to be entered. Therefore, not effective.
    2. When I switched off JTC (to enable BWS Captcha which is a quick-fix) the JTC box won’t disappear!

    Suggestions?

    ROB

    #11818
    AITpro Admin
    Keymaster

    Yes, the JTC Anti-Spam CAPTCHA Form fields are required.  If you are able to login without entering a CAPTCHA then 1 of 2 things is true:

    1.  You have not entered a CAPTCHA value in JTC CAPTCHA Settings and have instead left the CAPTCHA blank in Settings.

    2.  You are using another CAPTCHA plugin at the same time as JTC Anti-Spam CAPTCHA.  You can only use 1 CAPTCHA plugin at a time just like you can only use 1 Login Security plugin at a time.  You would need to choose which plugin or plugin feature you want to use.  If 2 plugins are using the same WordPress hooks – actions/filters then they will compete with each and 1 will override the other or worse they will cancel each other out.

    #11833
    AITpro Admin
    Keymaster

    Also I do not recommend that you choose to use the BWS Captcha plugin.  It has a known Brute Force Login attack vulnerability.
    http://wordpress.org/support/topic/captcha-is-inefficient-form-tries-to-login-first-then-checks-captcha-value?replies=9

    The BWS Captcha plugin vulnerability is demonstrated here on YouTube
    https://www.youtube.com/watch?v=X5vd8tB-3To&feature=youtu.be

    BPS Pro JTC Anti-Spam / Anti-Hacker checks the Captcha first and if an incorrect Captcha is entered then Login processing is halted before checking the username or password Form fields.

    JTC Anti-Spam / Anti-Hacker Brute Force Login Attack Protection Example:

    ERROR: Incorrect CAPTCHA Entered.

    The Captcha error message above is displayed when all form fields are blank, when some of the form fields are blank and when either the username and password fields are not blank or both are not blank.  In other words, the correct CAPTCHA must be entered before Login processing will occur.

    #11837
    Rob Bernstein
    Participant

    Thank you for amazing response time!

    I have de-activated  BWS Captcha .

    1. Example of ordinary login screen at http: //communing.net/wp-login.php . The JTC box appears correctly, but when I enter an existing user, the box entry is not required (I can send you a demo privately)
    2. On the above login screen, if I click ‘register’ it takes me to the correct Buddypress register form, but the JTS box is MISSING.
      However, if you go to http://communing.net/ and click “sign up”, the Buddypress form INCLUDES the JTS box. There is a bug somewhere.

     

    #11839
    AITpro Admin
    Keymaster

    I checked your Login page and you have something installed that is overriding JTC Anti-Spam on your website.  JTC Anti-Spam is not working on your site due to whatever is overriding JTC Anti-Spam

    This code below is hooking into your Login Form.  It may or may not be what is overriding JTC Anti-Spam.  Or it could have to do with whatever plugin you have installed that is changing the visual look of your Login page.

    <body><script type="text/javascript">//<![CDATA[try{(function(a){var b="http://",c="communing.net",d="/cdn-cgi/cl/",e="img.gif",f=new a;f.src=[b,c,d,e].join("")})(Image)}catch(e){}//]]></script>
    #11840
    AITpro Admin
    Keymaster

    Your Top Navigation menus on your website are not working for me.  I am using Google Chrome and when I try and hover over any submenus they disappear before I can click on any submenu links.  If I quickly mouse over the gap in your menus I can click on the submenus.

    Then I see this error:  Error establishing a database connection

    And this error:  CloudFlare:  Error 524.  A timeout occurred.  The origin web server timed out responding to this request.

    #14685
    Rob Bernstein
    Participant

    I’m afraid that the issue seems to have popped up again: the JTS captcha box appears, but I am still able to log in without it.
    http://communing.net/login/ can you see what might be causing the captcha box to be in effective?

    Many thanks
    ROB

    #14686
    AITpro Admin
    Keymaster

    You have a very strange Login page setup. The page: /login/ redirects to another login page and JTC Anti-Spam / Anti-Hacker is not enabled or active on the redirected login page.  I assume whatever other custom login feature or plugin you are using is doing whatever it is doing and overriding JTC.  Also BPS Pro Login Security is also being overriden.  Typically you can only use 1 Login Security plugin at a time.  So you can just turn off BPS Pro Login Security and JTC Anti-Spam / Anti-Hacker if you prefer to use other Login Security measures.  That choice is up to you.

    Another option if you want to use BPS Pro Login Security and JTC Anti-Spam / Anti-Hacker would be to create a custom login page/customize the standard WordPress login page.   This is a very simple thing to do.  See the link below.  If your theme has a built-in login security feature or you are using other Login plugins then you will probably need to turn those Login features off since typically you can only use 1 Login / Login Security plugin/feature at a time.

    http://forum.ait-pro.com/forums/topic/customize-your-wordpress-login-page-customize-wp-login-php/

    #14693
    Rob Bernstein
    Participant

    Hmm this is a curly problem. I have “Stop Spammers” plugin active, but when I disable this it makes no difference.

    • The customer wants to retain the theme’s login page (because he likes the look and feel)
    • The theme (OneCommunity) is built around Buddypress, and includes a login file as below
    • Am I able to add the code for the BPS Captcha into this file?
    • Am I then able to block wp-login.php for security reasons?

    I have to say that I have had major registration spam problems on the site. The beauty of “Stop Spammers” is that it blocks a user before arriving on the site, so my server load was hugely reduced

    Many thanks
    ROB

    <?php
    /*
    Template Name: Login Page
    */
    ?>
    
    <?php get_header(); ?>
    
    	<div id="content">
    
    	<div class="page-title"><?php the_title(); ?></div>
    
    	<?php if ( is_user_logged_in() ) : ?>
    
    		<center><h3><?php _e('You are logged in! Redirecting to your profile.', 'OneCommunity'); ?></h3></center><br /><br /><br />
    
    		<script type="text/javascript">
    		<!--
    		window.location = "<?php echo bp_loggedin_user_domain() ?>"
    		//-->
    		</script>
    
    	<?php else : ?>
    
    		<br /><br />
    
    		<?php do_action( 'bp_before_sidebar_login_form' ) ?>
    
    		<form name="login-form" id="page-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post">
    			<label><?php _e( 'Username', 'OneCommunity' ) ?><br />
    			<input type="text" name="log" id="page-user-login" class="input" value="<?php if ( isset( $user_login) ) echo esc_attr(stripslashes($user_login)); ?>" tabindex="97" /></label>
    
    			<label><?php _e( 'Password', 'OneCommunity' ) ?><br />
    			<input type="password" name="pwd" id="page-user-pass" class="input" value="" tabindex="98" /></label>
    
    			<p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="sidebar-rememberme" value="forever" tabindex="99" /> <?php _e( 'Remember Me', 'OneCommunity' ) ?> / /<?php _e( 'recovery', 'OneCommunity' ); ?>"><?php _e( 'Password Recovery', 'OneCommunity' ); ?></label></p>
    
    			<?php do_action( 'bp_sidebar_login_form' ) ?>
    			<input type="submit" name="wp-submit" id="wp-submit" value="<?php _e( 'Log In', 'OneCommunity' ); ?>" tabindex="100" />
    		</form>
    		<br /><br /><br /><br /><br />
    
    		<?php do_action( 'bp_after_sidebar_login_form' ) ?>
    
    	<?php endif; ?>
    
    
    
    
    	</div><!-- #content -->
    
    <?php get_footer(); ?>
    
    
    
    #14694
    AITpro Admin
    Keymaster

    You answered all your own questions.  This customer wants something custom so you will need to use a custom solution instead of a standard solution – use the custom login page template, use the Stop Spammers plugin, do NOT use BPS Pro Login Security & JTC Anti-Spam / Anti-Hacker.  BPS Login Security and JTC Anti-Spam / Anti-Hacker are standard solutions that hook into standard WordPress hooks >>> actions and filters to do what they do.  We have not created any additional actions or filters in BPS Pro code to be used by something else to hook into BPS Pro.  This creates several very undesirable and unsafe conditions.  So no it would not be a quick and easy thing to include BPS Pro code.  You would have to create a complete custom coding solution/templates, etc.

    For what you are doing this plugin may work with this custom login template:  Theme My Login.  It has Login Security and is designed specifically for creating a custom login page and uses a shortcode method to add stuff to the Login template so it may work for what you are doing.

    #14699
    Rob Bernstein
    Participant

    Point made and taken. Thanks for your help
    ROB

Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.