Anonymous (empty author) comments getting through

  • I’m getting a lot of spam comments getting through with:
    – Name (comment author) is anonymous (shows up empty in the database).
    – The comment is a comment (doesn’t appear to be a pink or trackback, as I peeked in the database)

    However:
    “Comment author must fill out name and e-mail” is enabled.
    – When I (logged out) try to enter a comment with the same details (same e-mail, url, content, and leaving the name field empty), I get the error that I must fill out all required fields (as expected). So, I can’t reproduce it myself.
    – There are no plugins active that are relevant to this problem.
    – Running WordPress 2.0.4 (latest).

    Does anyone have any ideas or have the same problem?

Viewing 4 replies - 1 through 4 (of 4 total)

  • Those would be spam trackbacks most likely.

    We tend to suggest you get either the Akismet or Spam Karma 2 plugins. Couple either of those with Bad Behavior plugin and that sort of stuff largely goes away.

    As you’re at 2.0.4, you already have Akismet installed.
    https://unknowngenius.com/blog/wordpress/spam-karma/
    https://www.homelandstupidity.us/software/bad-behavior/

    Thread Starter FireMotion

    (@firemotion)

    I expected this answer, but this is a workaround, not a fix.
    Plus, I already explained that these comments aren’t trackbacks (and I double-checked the database: the comment-type isn’t trackback). Unless it’s a bug, ofcourse.

    – When I (logged out) try to enter a comment with the same details (same e-mail, url, content, and leaving the name field empty), I get the error that I must fill out all required fields (as expected). So, I can’t reproduce it myself.

    Sure you can. But you’ll have to do it the way the spammers do it and make the http POST from your own crafted page, not the WP page. The odds are really quite good that they are not starting from your blog.

    Which is where Bad Behavior helps.

    There are no plugins active that are relevant to this problem.

    I’ll have to take your word for it, but plugins can hook in to a lot of functionality. Regardless, have you ensured all are current and/or known to work with WP 2x? Just in case?

    Thread Starter FireMotion

    (@firemotion)

    By way of testing, I created the following plugin:

    function custom_allow_comment($approved) {
    global $comment_author;

    if ($comment_author == ”)
    die( __(‘Please fill the required fields (name, e-mail).’) );

    return $approved;
    }
    add_filter(‘pre_comment_approved’, ‘custom_allow_comment’);

    Notes:
    1) $comment_author is initiated in wp-comments-post.php from the $_POST variable, and is trimmed there.
    2) If the plugin finds that $comment_author has no content, it dies, so WP doesn’t save anything (not even as spam or for moderation).
    3) Even if the POST method is used, I’m assuming wp-comments-post.php is executed (for comments ofcourse, assuming this whole thing is about comments as the database data indicates the bad entries are comments [and not trackbacks or pings]). Unless there is a backdoor.
    4) I have no other copies of wp-comments-post.php (under this or other names) that are tied to this particular database.

    Regardless of this plugin, I’m still getting anonymous comments. (The setting described in previous posts hasn’t been changed), and they are added in the moderation queue. To my knowledge, none of these comments are added live (moderated). I’m unsure if some of these comments are automatically nuked (aside from this plugin).

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Anonymous (empty author) comments getting through’ is closed to new replies.