WordPress MU

We've set our blogs to require registration and login to post comments by default. We're noticing lots of spam which appears automated, and it's not coming from registered users. I've verified that the blog owners have not removed the requirement to log in before commenting, and the comment form does not show up for guests. Yet somehow, comments are being posted and they appear in our control panel comments area anyway.

are you sure they're not trackbacks instead of comments? do note that trackbacks don't fall under that login requirement.

I've double-checked them and some are trackbacks, but most are just comments. Some have disabled trackbacks which helped some, but we don't understand why comments bypass the login requirement.

"Yet somehow, comments are being posted and they appear in our control panel comments area anyway."

Are the appearing on entries?
Are these automated spams posting to entries that don't exist? (which would happen in MT)

All of our blogs are set to require approval before appearing on the blogs, so the spam comments are not auto-approved. Our members complain about the large amount of comments appearing in their admin panels awaiting approval when they are from spammers that are somehow bypassing the login requirement.

I'm not sure what you mean by "automated spams posting to entries that don't exist", I'm sorry. The spam comments are to actual posts that exist.

So do you have any spam plugins running? That would be where I'd go first.

I'm going to try tan tan noodles spam filter and see if that helps. Akismet is out of the question because of the number of blogs we have, and we don't rake in the income to pay the fee required for large sites.

But I'm really concerned about HOW this is happening. What are the spammers doing that allows them this kind of control.

you might try farms anti-spam pack. Here's one of the threads about it with link to where can dl it in OP

http://mu.wordpress.org/forums/topic.php?id=5582&page&replies=26

You'll have to customize it in the php files (adding in words to list for captcha, spam keywords, etc) but works pretty well.

Also, I had a similar situation with one of my users. She was getting spam comments landing in her admin area awaiting moderation even though she had set her blog to no comments allowed. Turned out it was her blog entries I had imported from b2evolution. They were individually flagged to allow comments and it was overriding her 'no comments allowed' setting. Editing the settings for individual entries that had been imported fixed it.

So, might try having a look at the individual blog entries that the comments are being posted to and checking their individual settings.

Yep, I'd double-check those entry settings.

There's also Bad behavior and SpamKarma2. If they are consistently showing up on older entries, I run the plugin Auto-Close comments.

This is happening to me as well, just this morning I had a post that was getting comments awaiting for moderation. There are no users posting this (a new blog so I have no users) but I am still getting spam. I have double checked that users must be logged in to post. Wordpress 2.3.1.

The username field in the comment is populated by a URL for the spammer, that is all they are doing. In each of the comments, they are quoting part of my post. It appears to be a bug..

The librarian who just chewed my ass out for bringing up your site asked me to tell you that next time you post in a public forums, you may want to mention that your site is not safe for work. Thanks for almost getting me banned from here.

The username field in the comment is populated by a URL for the spammer, that is all they are doing. In each of the comments, they are quoting part of my post. It appears to be a bug..

No, you're just looking at a trackback and thinking it's a comment. :)

And if you're using WordPress 2.3.1, you're at the wrong site I'm afraid. http://wordpress.org/support These are the WordPress Multiuser support forums.

My blog is not a porn site, it was over 3 years ago. Update your web filters for gods sake!

I will try the other forum, thx.

Oddly enough, this has just happened on my setup. I did soem upgrading and db work, and "something' got turned off soemwhere, as users reported getting spam notices yestersday. when they went ot moderate them, they did not appear to be stuck on any particualr entry.

If I can figure it out I'll file a bug ticket over at regualr WP, as it seems liek an issue for that too.