Since a few weeks, spambots misused the buttons I made to download Free PDF files.
I'm getting a lot of complaints, bounces, etc., for sending download emails that people do not want.
Is there a way to block this misuse??
I can't find the good option in the settings. 😣
Free Download miss-used by spam bots
Posted by: H.M.
19th November 2024, 7:15 pm
Last modified: 21st November 2024, 10:24 am by H.M.
-
Forum Moderator
Hi!
We don't have a captcha on the form right now (bit of an oversight on our part!) so I will create a task for us to add this.
Do you have any preference on captcha methods?
thanks
Ben
-
I will check with our system manager and let you know asap.
-
Hi Ben,
This is the advice I got:
Use passkeys: You can generate a unique passkey for each user session and embed it in a hidden field in the form. You can then validate the passkey on the server side before processing the form data.
Hidden field detection: You can add a hidden field in theform that is not visible to human users but can be filled by bots. You can then check if the hidden field is empty or not on the server side before processing the form data.
Send email (best solution): You can send a verification code to the user’s email address and ask them to enter it in the web form. You can then verify the code on the server side before processing the form data.
Until one of these option has been established, maybe indeed implement Captcha first, preferably hCaptcha.
-
Hi Ben,
It's been 4 month now since I reported this spam problem with the Free Downloads form.
Is there any progress on the issue?
Yesterday I had a new spam attack one another free download PDF we installed on our site and it's causing us to be blacklisted.
We need to uninstall the complete Plug-in if this problem cannot be solved. :-(.
Best wishes,
Marius
-
Hi Ben,
Any news??
We are still struggling with the spam that is generated by Free Download products.It would be great if there was a solution.
-
Forum Moderator
Hi Marius
So sorry about this - for some reason I didnt get the emails notifying me of the replies, I will investgate and fix this so it doesn't happen again.
One thing I would recommend is to submit a support ticket instead of forum.
Good news is I have implmented 2 forms of spam protection
1) Honeypot - insert a hidden field that tricks the spam bot. If they fill this in (human wont see it), we dont process the form
2) time-based - if the form is submitted within 2 seconds of the page loading, we dont process. Spam bots submit very quickly.I will let you know when released, it is in its final testing
Thanks
Pete -
Forum Moderator
Update released, can you check and confirm if it works now?
Thanks
Pete -
Pete,
The update is not installing!
Unauthorized message, even while the license key is entered ok.
I tried to deactivate it (so I could see if it works after activating it again), but deactivating doesn't work.
So I can't even check if the update is working.(As mentioned here (Prevent SPAM generation | WordPress.org):
we have the Pro License and use Free Downloads on a multisite platform.)Last modified: 1st May 2025, 9:24 am by H.M.
Latest Topics
-
23 Mar 2026, 7:03 pm -
19 Mar 2026, 7:45 pm -
23 Feb 2026, 12:06 pm -
17 Sep 2025, 4:53 pm -
19 Nov 2024, 7:15 pm
Most Fresh Topics
-
19 Mar 2026, 7:45 pm -
23 Mar 2026, 7:03 pm -
23 Feb 2026, 12:06 pm -
17 Sep 2025, 4:53 pm -
5 Nov 2024, 11:25 am
Most Popular Topics
-
7 Oct 2021, 11:11 am -
2 Jan 2018, 10:19 pm -
23 Nov 2020, 7:32 pm -
23 Oct 2024, 12:08 pm -
23 Jan 2021, 11:17 am
@ProjectBeauty
7:15 pm