Forum Replies Created
-
Posts
-
Hi, I have activated re-captcha v2 and it seems to helps.
I am using 3rd option. ( user must opt-in, only nec. cookies are selected)
Wenn moving to the form – no Google cookie.
If captcha clicked, Google sets a cookie like:
NID:”204=u60MzEG2q5mw1cy5g9TqGpD0Asq-cnlG6NAkF2BZVN2AJDCNtG_TZBKTJz3a_ubEJRQQsksBikka4anskFZCEtRrNeEanbQ3K1GW1-ua6vffWMw3U4I4AMuWA0a09RTHolkyP-dQigw9HWD7iE1kHG2ZkVXv5VjRpAEBQrJiB7M”
with a long time-out
“Läuft ab / Höchstalter:”Wed, 05 May 2021 07:27:57 GMT””
To be compliant, at least I would need to have a googel consent button. But as GDPR requires deactivation per default, this would mean that per default (What I suppose most people would choose) then the contact forms would not work….
Not a nice solution.I kindly ask to check why the Math-captcha allows seemingly injection ( as the checkbox for agreement in this case is not checked and nevertheless the form is sent), and implement a honeybot.
br
WolfgangHi Ismael,
I have the same issue since very long time now. And its reported in several threads.Some russian spammers have a method to send the form without checking the checkbox (proof see below)
nor solving the equation (most likely).Example of one e-mail received:
Name: Jessecug
E-Mail: (Email address hidden if logged out)
Betreff: кедр сибирский в подмосковьеNachricht: кедр сибирский крупномер
питомник кедров московская область
Ich stimme der Datenschutzerklärung zu: false
Another observation: I have changed the URL of the form – but that does not help – or at best only for some hours.
So guess they can search for the form. Can we avoid this?I think there must be a method – e.g. some injection to overrule the checks. I see the input tag refers to the URL of the page with the form itself. Where are these checks really implemented ?
Please have a look into that issue.
First we don’t want to use Google captcha as it tracks our visitors. Second, I think it will not help – as they have found a way to circumvent the checks!
br W.
Hi,
Same with me. Version 4.7 does not sovle the lost icons issue.
Clear cash does not help.
Only CSS hotfix helps for all icons except whatsapp, it does not work with a similar fix as published that I tried.
br
WolfgangPS:
/* enfold social media icons fix */
.social_bookmarks_twitter a::before, .av-social-link-twitter a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_facebook a::before, .av-social-link-facebook a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_linkedin a::before, .av-social-link-linkedin a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_pinterest a::before, .av-social-link-pinterest a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_tumblr a::before, .av-social-link-tumblr a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_reddit a::before, .av-social-link-reddit a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_vk a::before, .av-social-link-vk a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_gplus a::before, .av-social-link-gplus a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_mail a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_dribble a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_youtube a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_instagram a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.social_bookmarks_vimeo a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
/* THIS DOES NOT WORK: */
.social_bookmarks_whatsapp a::before, .av-social-link-whatsapp a::before {
font-family: ‘entypo-fontello’;
content: ‘’;
}
.fc-basic-view .fc-body .fc-row {
min-height: 6em;
}Do not know If I correctly understand:
You need cookies for spam prevention?
Should not be an issue, data prot. act does NOT forbid ALL cookies from the beginning, just tracking and those stuff. I guess anything that you need for this task is a pure functional cookie, so can be even inside the session, so would be fine!What is needed, is explicit consent for all tracking stuff. This means that all the re-Captcha from our friend Goo…, where tracking ones are there from the beginning, is in my view no longer a good option.
My point is that in this case(e.g when you still want to use it) on the contact-form we would need a better possibility to explicit opt in, otherwise the form is useless.
In the meantime, I changed the URL for the contact form – and it helps. At least till now it seems there is no spam anymore.
(Nevertheless the vulnerability(bug) remains that someone can send the form without checking the checkbox!! )br
Hi Ismael,
Thanks, yes this I know. Then it will work – but that’s not allowed acc. data protection act.
Think for europe ony your new option, explicit consent for tracking cookies, is needed.
And I would say re-Captcha sets tracking cookies.Think the only useful and (hopefully;-)) compliant way is that if re-captcha is built in but not yet accepted by the visitor, that the visitor gets a note ( this is implemented) and a possibility to accept re-captcha immediately to send the form,
See also https://complianz.io/google-recaptcha-and-the-gdpr-a-possible-conflict/
where also a honeypot solution is mentioned. Maybe this would this be a nice add- on to enfolds math-captcha – I would like it, as I dont want to force the users to get tracked…
-> is this possible to test? Have seen a code here: https://gist.github.com/andrewlimaza/958826feac907114a57462bfc8d535ff – but dont know how to put into Enfold…The technical issue I observed ism that if I put the switch [av_privacy_google_recaptcha] in, even if in the form the re-captcha is NOT used, the form is blocked. (while the enfold math-captcha is shown but the send button is not).
PS: I have now again removed again the re-captcha switch completely from the consent tabs and expect again some spam…
And if I re-activate Enfolds Captcha – it is displayed, but still the message below that the contact form is deactivated!
And no send-button – so really dead!See private link!
Finally I have now tried also reCaptcha v2: ( I did not like as I wanted to avoid have Google in…)
And there was no Spam – but the reason why was with a big grain of salt – but could have foreseen:
As I have not activated re-Chaptcha in the Cookie settings, and probably nobody will do if its not pre-selected (what I understand is forbidden as Mr Google probably uses tracking cookies…) the Theme does what it promised to do:
– it blocks re-Captcha and with it the complete the Contact form ! (which is fine, otherwise Spam door is open!)
-> so nobody can post a message without activating the cookies for recaptcha.
And I think nobody will do as there is just a message “you deactivated…” so guess nobody will know to klick on the small lock on the rhs and click through the tabs to find the right settin…=> I think the only possible way is here to have a possibility to activate re-captcha inside the contact form, in order that the user can proceed. But think even that is prohibitive for many users….
What is planned here for the future, Do you think its compliant to activated re-Chaptcha per default? If so – how to do this in the cookie form?
Hi,
Thanks, that helped!
However something does not work yet for me:
– If I have the default setting, e.g. av_privacy_video_embeds not avtivated, I can show a (black screen or) preview image with an arrow to start the video.
No cookies from youtube set :-) If pressed a new window opens. Ok, great, thats probably what 99% of the time will happen in such cases.
– But if I now select to have the videos avtivated; there is suddenly no play button any more, nothing happens – also if one tries to click. Instead of the button the video URL is seen on the top of the preview picture. ( Checked in Chrome and Firefox)Can you have a look?
Hi,
Please can you explain further the logic of the [av_privacy_video_embeds] or your answer?
Many thanks!Wolfgang
Hi,
Sorry, dont understand.
What means “Video embeds refer to the builder’s Video element within the theme” ?If I upload a Video as media and then use in a post, there are no cookies so no need for a switch!?
br
WolfgangBtW: upload works for me only to somewhere between 5 and 10 MB large files, after that an Error occures:
“Fehler: Gesicherte Verbindung fehlgeschlagen
Beim Verbinden mit http://www.pfarre-st-hubertus.at trat ein Fehler auf. PR_CONNECT_RESET_ERROR
Die Website kann nicht angezeigt werden, da die Authentizität der erhaltenen Daten nicht verifiziert werden konnte.
Kontaktieren Sie bitte den Inhaber der Website, um ihn über dieses Problem zu informieren.
….”For smaller files (e.g. 5MB ) it works, so useful Videos uloads are currently not possible for us…
Hi,
Thanks, but dont understand.
I use latest Enfold version I think – and cookies of links within iframe lare always set.Please can you explain in more detail?
br
WolfgangHi,
Thanks for the hints.
I have already installed ” All In One WP Security” and activated to protect against spam and now also enabled some more options against bots.What I dont understand how ever a mail with “Ich stimme der Datenschutzerklärung zu.: false”
can ever be sent? Seems for me that this cannot be sent by filling out the regular contact form – so there seems to exist a hack to workaround this….so guess they are also not filling captchas…br
Wolfgang
Update ad “After accepting, user cannot see the maps, has to do manual reloads.”
have installed new version 4.6.3.1, -> this is solved here, now there is a setting to force a relaoad (even with a window indicating this) when user accepts cookies.
Rest of comments remain as far as I can see.
Hi,
I am getting spam mails although use a simple chaptcha AND seemingly the spammer does not even check the box for dataprotection.
So this mails should never got sent – isnt it ?
And they are not from .ru….Von: (Email address hidden if logged out) < (Email address hidden if logged out) >
Gesendet: Montag, 12. August 2019 08:07
An:
…..
……
Ich stimme der Datenschutzerklärung zu.: falseSo as they are putting “false” – why is it sent at all ? Do they use another (hidden) form?
Hi,
I ve done this setting. (Version 4.6.2 ).
However:
I think I need a solution where visitors can also immediately opt in also for videos and other 3rd party cookies.
E.g. best would be several checkboxes that user can see in parallel. ( See. e.g. Cookiebot)Otherwise I see issues in offering e.g. OpenStreetMap maps and other 3rd party services.
Because if they would simply click “OK” with this – as per law – now all other cookies that are not “necessary” or for tracking (And this will be the case for 3rd parties) have to be disabled.So I need to dissable all 3rd party cookies if no consent, and consent must be really done – so must be on first page and I need to explain that they should check the box….
Further: now the Video (youtube etc) is disabled per default, if user clicks ok.
Nevertheless, if there is on some youtube video in a post included via iframe, this is not blocked, cookies are set.So all the solution in Enfold seem not to work for iframes.
My current draft solution for one case:
I disabled a map view on the start page, by writing javascript, but this has disadvantage that re-load of site is needed, that is not done currently => After accepting, user cannot see the maps, has to do manual reloads.So basically, I see currently only one option to put manually into each iframe something like this.
<script>
function findCookie(name) {
// Split cookie string and get all individual name=value pairs in an array
var cookieArr = document.cookie.split(“;”);// Loop through the array elements
for(var i = 0; i < cookieArr.length; i++) {
var cookiePair = cookieArr[i].split(“=”);
/* Removing whitespace at the beginning of the cookie name
and compare it with the given string */
if(name == cookiePair[0].trim()) {
// Decode the cookie value and return
return decodeURIComponent(cookiePair[1]);
}
}// Return null if not found
return null;
}if(findCookie(‘aviaCookieConsent’))
{
// aviaCookieConset found, so basically cookies accepted
document.write(“<iframe id=\”OSmap\” width=\”425\” height=\”350\” frameborder=\”0\” scrolling=\”no\” marginheight=\”0\” marginwidth=\”0\” src=\”https://www.openstreetmap.org/export/embed.html?bbox=16.256686449050907%2C48.16136234017727%2C16.26558065414429%2C48.16589936655981&layer=mapnik\” style=\”border: 1px solid black\”></iframe><br/><small>Größere Karte anzeigen</small>”);
}else
{
// either first time on page or cookies not accepted
document.write(” <br><br><br>Accept Cookies to show our location in OpenStreetMap <br> and reload the page !”)
}
</script>Hi,
Picture is difficult for reasons you see below, but maybe try as follows:Take an iPhone with Safari, Ffirefox and Chrome.
Open the site and try to magnify the view with the tip of 2 fingers. (you know – “pull apart” the picture with thumb and forefinger)With Safar and Firefox it works, With Chrome it does not work.
br
WolfgangHi Victoria
Entschuldige meine späte Antwortleider kann ich keinen vernünftigen sceenshot schicken, da es sich hier um eine Fingergeste handelt
um den Fehler genau zu beschreiben:
ich kann weder auf meinem Samsung Handy noch auf meinem Samsung Tablet Texte und Bilder auf unserer Website vergrössern.scheinbar liegt das Problem an der speziellen Ansicht für Smartphones von eurem Desing
wenn ich in google chrome auf die Desktopansicht wechsle, kann ich problemlos zoomen.
bei anderen Seiten, die eine mobile Ansicht verwenden, kann ich zoomen
mit dem anderen browser (Internet) kann ich auf meinen Samsunggeräten unsere Seite belibig vergrössern
auch am i phone lässt sich unsere Seite unter Google chrome nicht vergrössern
Ersuche um LösungsvorschlagDanke
ChristianThanks for quick help!
Seems in order to have a post with proper picture shown nicely a plugin for Open Graph Meta Tags is needed. But with that it seems to work fine.
Thanks!Hi Vinay & cg,
Thanks for your hints ! Was very helpful:
For someone having the same issue – I have done the following:
– backup of all data and database ;-)
– installed “Velvet Blues Update URLs”
– You will get asked which URLs to update, I chose to update all URL except the last checkbox ‘
that is anyway strongly NOT recommended.
– logged in again – AND: Wow- worked :-)
– Then changed the WordPress URL in <newdomain> also (site URL was already set to <newdomain> as written above)
– Stil downloads did not work – so I changed all links in the downloads manually (This is probably as this is the
“Download Monitor” plugin, but as I have only 3 visible on my site, was no issue
– Voila – everything worked: Missing icons suddenly are back, I can login now correctly on <newdomain>/wp-admin and
do admin and viewing site at the same timeThanks!
WolfgangHi,
Have the same issue – have some possibilites added in Social Media Profile, but different ones appear selectable in Theme Option -> Blog Layout . Actually more appear here than given in the Social Media Profile. But adding facebook in Socia Media Profile does not help!Thanks for the clarification!
Did the settings (Think blog page was the defauld for Wordpres settings…).I disabled the Avator but still some grey signs are left but they now do not link to the user but to the post.
If the post has a thumbnail then this is shown above the grey ones, but if it is not a square, some grey remains.
How to stop this? ( Remark: in the meantime I was able to adapt the css in a way that the grey ones are not visible and the fact that some thumbnails did not fully occupy the space might come from the fact that we importet data and maybe settings for thums where different there… right?)Why do our setting for maual thumbnail size have no effect, we did now via css.. ?
I will have a close look into the docu!
Thanks!
