errors when leaving comments

It sounds to me like there are several ways this problem can come about, and that the fixes are just as varied. To clarify for people who might be confused, I’ll attempt a quick breakdown. Please correct me if I’ve got something wrong.

• If you or someone you know is getting this error, it’s probably not a browser problem, but a problem with another program running on the person’s computer.
• Norton programs (antivirus, firewall, and other) seem to especially bring this problem on.
• Most Norton programs on PCs show up as little icons in the lower-right of your screen (this varies with personal settings). Floating your pointer over the little icons should tell you which ones are Norton programs.
• One solution is to disable the program while you’re at WordPress sites. Right-clicking on the icons will usually produce a menu with “disable” as one of the options.
• What’s going on is a conflict between some programs and WordPress’s built-in anti-spam features. Spam-bots are computer programs familiar with the WordPress file structure, so they can quickly generate what is likely a comment page URL and send comment-spam. WordPress is set to disallow these comments, requiring that a user actually click on a WordPress link that leads to the comment entry page. You don’t really have to know this, but I think it’s good to understand it at least a little.

I helped a friend who had this problem; it wasn’t the antivirus software that was giving the problem, and it wasn’t pop-up blockers, though others have said turning off these things has helped. I left those things on and merely disabled the Norton Firewall program, and everything was dandy. I say this because it sounds like there are many ways to run into this error and many ways to fix it; if none of the given suggestions is helping you, play around with those programs your computer is running while you’re on the Web.

Hope this helps someone. The posts above helped me, in that they sent me in the direction toward my fix, despite none of them offering the specific solution that was needed in my case.

hey guys – it just might be something as simple as a firewall on the posting computer –

as soon as i turned off my kpf i stopped getting the error message

hope this helps

Hi there

It IS a consequence of your firewall parameters.
And it IS related to your browser (depending on Firewalls capabilities.
I tried this with Zonealarm Pro and it works:
OPen ZA control,
Go to “Program Control” and “Programs” tab
*For each browser you are using (example below with IExplorer)
-Search & select Internet Explorer
-Right click, select “Options”
-UNcheck (de-select) “Enable privacy for this program” in the “Filter options” of the “Security” tab.
That’s it.

The difficulty with the firewall solutions – at least when I tested on my end – is that my Windows XP box has absolutely no software firewall installed, no privacy software, nothing of that sort at all (not even the Windows firewall). The only thing that comes close is NAV Corporate. But the problem occured only in IE, not in FireFox, on the same machine – and I certainly didn’t customize non-existent firewall software on the machine to allow one browser but not the other to send referer request headers.

Also, as usual, my Macs didn’t exhibit the problem, unless I turned off the referer request header in Opera. So there’s something in IE that’s blocking sending that bit o’ information, but I’ll be damned if I know what it is.

Okay. Here’s the issue that is causing this:

1. WordPress has a security feature to make sure that comments are posted from the current site. It does this by checking the HTTP Referer header. Typically, browsers set this header to indicate the page that a user is coming from (i.e. they click a link from www.a.com/foo to www.b.com/bar, so the www.b.com server sees a request for the bar page, and it sees a referer of www.a.com/foo)

2. Some privacy tools prevent the HTTP referer header from being sent (some firefox extensions, Opera, and some personal firewalls/antivirus products have this option, or leave it enabled all the time).

Thus there are two solutions.
1. The blog host can disable the referer check in WordPress by opening up the PHP code and commenting out the if statement that has been mentioned above in this thread.

2. The person trying to post can disable whatever is stopping the referer header from being sent (whether it is a firewall, antivirus, or a browser feature/extension).

In reply to tcpayne, perhaps IE is using NAV as an HTTP proxy?

I am having the same issue, but with another function. IE is not properly passing or using the $_SERVER[‘HTTP_REFERER’]. FF does it fine, so it is not something related to antivirus or firewall or anything like that, just specific to IE6. Anyone know a different variable that IE will recognise or the specific thing within IE that either enables or disables that?

May I clarify something? This problem arose with my blog today, for the first time after several years of using WordPress.

My host (Moose Internet Services) went belly up last week and I have had to move hosting to Dreamhost. My newly-installed WordPress is 2.0.4, I was running 2.0.3 previously, with no problems at The Moose.

Dreamhost say this, in their wiki:

“Finally, we have put a tiny little hack of our own in the wp-comments-post.php and wp-comments-popup.php files to try and prevent automated comment spam a bit. If you end up never getting any comment spam, it may be that that little hack was enough!”

Now… I looked at my WP code, and I found the section indicated in this thread. I had a wp-comments-post file with the code at the head (before the requires statement) and a popup file, which had only this piece of code in it.

Alarm bells rang.

We looked at the WordPress official download for 2.0.4 and this code does not appear

What I want to know is – was this code at some time in the official WP release? or was it NEVER there and are all the people who have reported the problem in fact hosted at Dreamhost?

I’ve commented the code out for now but I need to work out what to do if this is a Dreamhost hack (the code was uncommented!!) and they are likely to reintroduce it with any automatic upgrade processes.

I’d appreciate comments on my thoughts

Thanks you

I had the same issue and I use Choopa.com so it can’t just be dreamhost…

I am really hoping for a solution that works on this one. I will try to comment out the code above. But the answer just can’t stop at – Norton people will have to do A,B and C. WordPress should work around the Norton issue for their next build. At least, that is my hope.

??
v

On a side note, I don’t have that line of code in my comments or comments popup php pages?? How can that be?

Thanks, V – I shan’t have a go at my hosts about it then.

Well, I get the same error message at every time, when I try to leave a comment on my own blog: imiger.com/blog.

It displays an empty page with the text:

Error: This file cannot be used on its own.

People at DreamHost suggested to me to come to this forum.

I have tried it with IE, FireFox and Opera… all the same. However, other people were able to leave comments…

Any idea?

Greetings,

Tamas, Budapest

Hi imiger

It is pretty clear (to me at least) that this problem affects some users, based on their firewall and security software. It is definitely caused by the Dreamhost hack of the WordPress files. Commenting the hack out cures the problem.

I think the fact that WordPress installations on other hosts also exhibit the same problem might be down to them deploying a similar tactic. Of course, there can be no level of certainty about this.

Whatever – if you comment out the code in your comments and comments pop up files, the problem does go away. It comes back when using the Dreamhost 1-click upgrade though ??

To be clear – it is only these lines that need removing or commenting out:

if (!$_SERVER[‘HTTP_REFERER’] == dirname(__FILE__) . ‘/wp-comments.php’)
{
die (‘Error: This file cannot be used on its own.’);
}

(my comments pop up file consisted of only this code, and nothing else)

The files in question are in the root of the installation, not in any of the theme directories.

The usual caveats apply – but it worked for me and for those of my readers who were affected. Hope this helps.

This worked for me, thanks. I just ugraded to the latest wordpress and then this error started happening. Edited out those lines and bingo, problem solved. Even remembered to backup the file I was changing in case I broke it ??

@woolgatherer

Thankyou so much – those little devils at Dreamhost were messing around again *trying* to be helpful but causing endless problems for us bloggers!

Commenting out that piece of code thats in a file named ‘wp-comments-popup.php’ in the root directory for Dreamhost users worked a treat.

I don’t want to tell everyone to disbable their firewall JUST to leave a comment on my blog – why should they have to?

Thanks again, you saved me a lot of leg work trying to solve this one.