I do have some spam signups again, so it might already be going on. Not many, but they are the typical spam signups where the name and e-mail share no relation (Name field does not match e-mail field) and they are all US based addresses and the list is of a Dutch language magazine.
The settings are default Simple settings, with CDN domain filled in. I also tried the scheme relative setting, but it makes no difference.
Dries Arnolds → created an issue.
No that was it. Thank you for your quick answer.
Dries Arnolds → created an issue.
Is there a reason that we can't just change the icon ourselves through the Embed Buttons configuration at /admin/config/content/embed?
I mean, I can change it there, but nothing happens. Not even after rigorous cache clearing...
Dries Arnolds → created an issue.
@trebormc, I resolved it by running the update again. Thanks for your help.
I did clear cache a couple of times. But i guess the update didn't go well. I should've suspected as much since this was the only site with a problem.
A couple of users have reported getting a "Submission failed. Please reload the page, ensure JavaScript is enabled and try again" error. I have confirmed that javascript is on for them. Is there any error in the key scrambling or other logic that was introduced in the patch?
edit: I have now tested myself on one site and also get that message when filling out any form that is protected (login/webform). I have javascript on and tested incognito without any extensions.
I tried both the patch and the updated module.
I'll add my 2 cents: Installed on two sites on friday (the ones with the most spam). They received no more spam since then. The other sites that run antibot still received a lot of spam. Also legitimate submissions still arrived (test and real-world).
The solution from #57 still works fine on Drupal 10.2. Is there any reason not to (reroll and) commit this?
Some more details that might be useful:
- my forms are not visible on a dedicated link (only added to a page through a reference field)
- most sites are running the latest version of Drupal, Antibot and Webform (although the problem occurred on a D9 site as well)
- all sites have recent versions of PHP/MySQL
Same here. Registrations, Webforms etc are defeated regularly.
I also tried adding the Honeypot module ( https://www.drupal.org/project/honeypot → ) into the mix, but that didn't make much of a difference. I really hate captcha modules, so I hope we can find out how they do it and come up with a solution.
The patch in #20 works fine. Can we get this committed?
I ran into this and the patch solved the problem for me.
Dries Arnolds → created an issue. See original summary → .
I updated to RC5 and it doesn't happen to me anymore.
I ran into this as well and the patch in #57 fixed it. I'm on Drupal 9.5.8.
Dries Arnolds → created an issue.
I have the same issue with a generated subtheme (so not Pixture). I have no specific node access or term access modules installed.
It would be nice to get this committed. I tested the patch and the error disappears. All functionality seems to work like expected.
At first I liked the idea of Shy One-Time, and it worked for a while.
But then I had a project with almost exclusively business vistors and some people who still couldn't log in. I know some had custom domains for security checks. Those were not in the CrawlerDetect library that Shy ONe-Time uses.
I think Nicholas' solution is the way to go. I tested the patch and it works like a charm. Only issue I had is that the Login button was labeled as Reset.
This is also very important to my use cases, where people tend to mix use of desktop and mobile...