False “You’re posting comments too quickly” warning

Nope, no such problem for me. Even using old Firefox browser in old computer ??
Left the comment “The big brown fox jumps over the lazy doggedy dog.” comment there from “wordpressforum testuser”

Thank you very much. Interesting. I tried to reply to your post from a logged-out state, and I get the “posting too fast” warning. Maybe it’s my IP address.

Posted comment again, this time using IE6 test browser and no problem there for me. See additional comment and observation on your page.

Thank you very much. I wasn’t aware of the IE6 issue. I guess I’ll just wait until IE6 dies out.

Regarding the phony “posting too fast” warning, the following code is in comment.php (located in wp-includes):

function check_comment_flood_db( $ip, $email, $date ) {
	global $wpdb;
	if ( current_user_can( 'manage_options' ) )
		return; // don't throttle admins
	$hour_ago = gmdate( 'Y-m-d H:i:s', time() - 3600 );
	if ( $lasttime = $wpdb->get_var( $wpdb->prepare( "SELECT <code>comment_date_gmt</code> FROM <code>$wpdb->comments</code> WHERE <code>comment_date_gmt</code> >= %s AND ( <code>comment_author_IP</code> = %s OR <code>comment_author_email</code> = %s ) ORDER BY <code>comment_date_gmt</code> DESC LIMIT 1", $hour_ago, $ip, $email ) ) ) {
		$time_lastcomment = mysql2date('U', $lasttime, false);
		$time_newcomment  = mysql2date('U', $date, false);
		$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
		if ( $flood_die ) {
			do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);

			if ( defined('DOING_AJAX') )
				die( __('You are posting comments too quickly.  Slow down.') );

If I take out the $ip in the very first line of the above block of code, then I can post comments on my own blog even when I’m logged out:

function check_comment_flood_db( $email, $date )

The moment I put the $ip back in, I get the “posting too fast” warning no matter how fast or slowly I post:

function check_comment_flood_db( $ip, $email, $date )

I don’t understand this.

One thing, if you delete that $ip, you’re most likely to get massive spam in your blog posts as the $ip helps anti-spam plugins. Also, modifying core files is bad for he soul ??

Do you use an anti-spam plugin? Could it be that your own anti-spam plugin is going against your IP address? Does your anti-spam plugin allow you to exclude checking IP addresses esp. your own?

Edit- could you try just typing in your comment in notepad and then copying from that and pasting in comment box? Did that help?

Nope. Copying and pasting produces the same result. If I’m logged out and post a comment, I get the “you’re posting too fast” warning. If I remove the ‘$ip’ from comment.php, posting works like a charm.

I’m using the Akismet anti-spam plugin, and I’ve had ‘$ip’ removed for the last few days. The amount of spam has remained the same.

Modifying core files may be bad for the soul, but I’ve modified a bunch of them without any trouble. I’ve modified my error messages, too, because the original ones are BORING!!! You can check what I did if you try to leave a comment on my blog without properly completing all required fields. I don’t think, though, that my modifications are the source of this particular problem.

“Modifying core files may be bad for the soul, but I’ve modified a bunch of them without any trouble. “
Only true if you know what you’re doing which I see you do – LOL, I saw the tiger, grrr.

Roused my curiousity, this problem you have (channeling Yoda) so Google did I your problem. Be it a problem on scheduled posts like this, server time stamps or time settings? Old thread, I know, but …

Very interesting. Thank you. But if it were the time stamp, then why can I post with no problem when I’m logged in? I don’t think I’m changing time zones when logging out.

It seems to be related to my IP-address, or else removing ‘$ip’ wouldn’t fix it.

Hmm.

Rather strange. Just posted another comment using Safari, and it’s A-OK. Methinks it might be related to your anti-spam. Humor me, though this other article is old, maybe you could find a solution within or at the last resort contact Akismet?

I deactivated Akisment, but the problem remains. I can only post comments when I’m logged in, otherwise I get a “posting too fast” warning, unless I remove the ‘$ip’ from comment.php in wp-includes.

I don’t really care if I can or can’t post when I’m logged out. I’m always logged in anyway. My only concern is that it may affect some other people, too, and then my blog won’t accept their words of wisdom. Obviously, I do receive comments from other people without apparent difficulty, so I can’t tell if any comments by others have ever been or will ever be rejected on these grounds.

So for now, as a surefire precaution I’ll just leave the ‘$ip’ removed until I get flooded with spam such that I have to put it back in.

Hello,

if you are using a load-balancer (such as Amazon’s Elastic Load Balancer used with EC2), you need to patch the wp_new_comment function in wp-includes/comment.php.

Replace the following line:

$commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );

with these lines:

$headers = apache_request_headers();
if( isset($headers['X-FORWARDED-FOR']) ){
    $REMOTE_ADDR = $headers['X-FORWARDED-FOR'];
}
else{
    $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
}
$commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $REMOTE_ADDR );

This code checks to see if there is an ‘X-FORWARDED-FOR’ header present in the client’s request. If it is, it uses that as the client’s IP, otherwise it uses the standard value from $_SERVER[‘REMOTE_ADDR’].

Note: this may allow sophisticated users to spoof another person’s IP address by modifying their HTTP requests to send a fake X-FORWARDED-FOR header, but it’s unlikely to happen for most users.