smb488292
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Spam? Read this.So, guys & gals, how are they getting in there? Is this a feature or a bug?smb488292, do you post before reading the thread from the beginning?look at the first line of the comment. if it has strong tags, it's a trackback. trackbacks bypass the requirements to comment.Well, I confess that my original understanding of trackbacks was a little vague. I thought pings/trackbacks were no different than one blog tapping another on the shoulder. Now I understand them to be more like shouting obsenities than a tap.
Anyway, they are a backdoor to bybass the login security of a blog. I will tell that to my client. Now for another pot of coffee.
Thanks for answering my question people!
Forum: Fixing WordPress
In reply to: Spam? Read this.Okay, I installed WordPress last year for a client. Suddenly he calls me in a panic… he is getting swamped with email notifications for comment spam.
So I take a look at his site…. no spam. Good, I think. Then I login to the “dashboard” and check the moderation queue and, sure engough, he is getting hit with an average of one per hour. Not unwieldy, but still a pain in the butt. I turn off notifications and then try to trace them back to which registered user is posting them. Only trouble is there isn’t one. Hmmmmm… let me check my notes….
Blog Concepts 101, chapter 2, paragraph 3:
Anonymous spam can be prevented by forcing all
visitors to login before posting articles or comments“Good concept”, I say. So let’s check his settings in this regard. First of all, I can’t find the setting that allows you to prevent anonymous (i.e. not logged in) comments. Just for reference I logout and navigate the blog to a nice plump message and scroll down to the bottom so I can post a comment. Well, well! I guess that feature does exist because what I get is:
Leave a Reply
You must be logged in to post a comment.So I logged back in and found that I could post a comment but only under my user name. Also good concept!
So how is the spam getting passed the login requirement? The first thing to go through my head is to not even ask such a question in the forums till you’ve upgraded the software, so that is what I did: I upgraded him from 1.5.something to 2.0.2. Latest version, right?
I go to bed and get 5 hours sleep (there is no time for any more when you’re a system administrator) and when I wake up I check his moderation queue: Empty! So I turned comment notifications back on and sat back to drink a well-deserved pot of fresh-roasted coffee.
Later today (3 pots of coffee later) I had another look: Awaiting Moderation: 32
All spam!So, guys & gals, how are they getting in there? Is this a feature or a bug?