Participants Database – hundreds of false signup emails

Home Forums BulletProof Security Free Participants Database – hundreds of false signup emails

Tagged: 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 18, 2013 at 2:24 pm #4628
    GriffinGraffix
    Participant

    This site has a plugin called Participants Database.
    My client is receiving tons of false signup emails stemming from this url: http: //www.vacationinpuertovallarta.com/wp-admin/admin.php?page=participants-database-edit_participant&action=edit&id=
    which in fact isn’t really a valid page. If I’m signed into wp, this link will get me to an empty admin page, if I’m not signed in, I get the wp-admin sign-in page.

    I’ve been trying to block access to this url through htaccess but can’t seem to find the right code to add or where to add it specifically. I’ve tried a multitude of things but all failed.

    Could you help me by telling me what I should add and where pls?

    NOTE: This site is inside a larger ROOT but is a full domain. There are total 4 domains inside that root but only this one has any files (site) in it at the moment. The other 3 domains have only basic hosting files created when domains were added, they have no sites in them. Hosting is BlueHost.

    Thank you!

    April 18, 2013 at 2:33 pm #4631
    AITpro Admin
    Keymaster

    You can take the Query String below and create either a redirect rule or just Forbid it.  Sounds like you just want to forbid it.  Note:  If this Query String is used in some sort of other wp-admin backend functionality for this plugin then this forbid rule could cause a problem for the plugin and another approach would have to be used to distinguish between frontend and backend requests for this Query String.

    page=participants-database-edit_participant&action=edit&id=

    Add this Query String Forbid rule to BPS Custom Code in the CUSTOM CODE WPADMIN PLUGIN FIXES: text box and activate BulletProof Mode for your wp-admin folder.

    # Participants Database Query String Forbid
RewriteCond %{QUERY_STRING} page=participants-database-edit_participant&action=edit&id=(.*) [NC]
RewriteRule - [F,L]

     

    May 8, 2013 at 4:57 pm #5501
    GriffinGraffix
    Participant

    K I’ve applied this fix & will see if it will block access & stop emails from coming in.

    From what I can see, it has not caused any problems with plugin or accessing edit pages either from admin or from an external visitor’s actual account. All that remains to be seen is if I stop receiving those fake signup emails…

    Thanks a bunch! Hope this works.

    May 9, 2013 at 12:45 pm #5514
    GriffinGraffix
    Participant

    I’m afraid this fix isn’t working.. I pasted it exactly as you gave it in both  CUSTOM CODE WPADMIN PLUGIN FIXES

    Admin bullet proof htaccess was already activated but i activated it yet again to be sure… and after seeing I was still receiving fake subscription emails, I even tried to use the full url in the code as: http: //www.vacationinpuertovallarta.com/wp-admin/admin.php?page=participants-database-edit_participant&action=edit&id=

    Still getting the fake subscription emails 🙁

    I use this plugin on other sites as well and have never had this problem nor do I have it on other sites even now. I am also receiving new emails about a new subscription that isn’t actually new and has been there for a while so now I’m starting to think that it’s a plugin problem stemming from a conflict somewhere. Like it’s auto sending stuff but god knows why.

     

    May 9, 2013 at 12:50 pm #5517
    AITpro Admin
    Keymaster

    Yep, I should have discouraged you from even trying this since this does not address the true issue/problem. You should contact the plugin author and ask them about this issue/problem. It may be a bug with that plugin. Thanks.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.