The MU forums have moved to WordPress.org

comment spam bypassing login requirment - how to stop? (13 posts)

  1. redbox
    Member
    Posted 16 years ago #

    We've set our blogs to require registration and login to post comments by default. We're noticing lots of spam which appears automated, and it's not coming from registered users. I've verified that the blog owners have not removed the requirement to log in before commenting, and the comment form does not show up for guests. Yet somehow, comments are being posted and they appear in our control panel comments area anyway.

  2. theapparatus
    Member
    Posted 16 years ago #

    are you sure they're not trackbacks instead of comments? do note that trackbacks don't fall under that login requirement.

  3. redbox
    Member
    Posted 16 years ago #

    I've double-checked them and some are trackbacks, but most are just comments. Some have disabled trackbacks which helped some, but we don't understand why comments bypass the login requirement.

  4. andrea_r
    Moderator
    Posted 16 years ago #

    "Yet somehow, comments are being posted and they appear in our control panel comments area anyway."

    Are the appearing on entries?
    Are these automated spams posting to entries that don't exist? (which would happen in MT)

  5. redbox
    Member
    Posted 16 years ago #

    All of our blogs are set to require approval before appearing on the blogs, so the spam comments are not auto-approved. Our members complain about the large amount of comments appearing in their admin panels awaiting approval when they are from spammers that are somehow bypassing the login requirement.

    I'm not sure what you mean by "automated spams posting to entries that don't exist", I'm sorry. The spam comments are to actual posts that exist.

  6. andrea_r
    Moderator
    Posted 16 years ago #

    So do you have any spam plugins running? That would be where I'd go first.

  7. redbox
    Member
    Posted 16 years ago #

    I'm going to try tan tan noodles spam filter and see if that helps. Akismet is out of the question because of the number of blogs we have, and we don't rake in the income to pay the fee required for large sites.

    But I'm really concerned about HOW this is happening. What are the spammers doing that allows them this kind of control.

  8. asm01
    Member
    Posted 16 years ago #

    you might try farms anti-spam pack. Here's one of the threads about it with link to where can dl it in OP

    http://mu.wordpress.org/forums/topic.php?id=5582&page&replies=26

    You'll have to customize it in the php files (adding in words to list for captcha, spam keywords, etc) but works pretty well.

    Also, I had a similar situation with one of my users. She was getting spam comments landing in her admin area awaiting moderation even though she had set her blog to no comments allowed. Turned out it was her blog entries I had imported from b2evolution. They were individually flagged to allow comments and it was overriding her 'no comments allowed' setting. Editing the settings for individual entries that had been imported fixed it.

    So, might try having a look at the individual blog entries that the comments are being posted to and checking their individual settings.

  9. andrea_r
    Moderator
    Posted 16 years ago #

    Yep, I'd double-check those entry settings.

    There's also Bad behavior and SpamKarma2. If they are consistently showing up on older entries, I run the plugin Auto-Close comments.

  10. vtocco
    Member
    Posted 16 years ago #

    This is happening to me as well, just this morning I had a post that was getting comments awaiting for moderation. There are no users posting this (a new blog so I have no users) but I am still getting spam. I have double checked that users must be logged in to post. Wordpress 2.3.1.

    The username field in the comment is populated by a URL for the spammer, that is all they are doing. In each of the comments, they are quoting part of my post. It appears to be a bug..

  11. theapparatus
    Member
    Posted 16 years ago #

    The librarian who just chewed my ass out for bringing up your site asked me to tell you that next time you post in a public forums, you may want to mention that your site is not safe for work. Thanks for almost getting me banned from here.

    The username field in the comment is populated by a URL for the spammer, that is all they are doing. In each of the comments, they are quoting part of my post. It appears to be a bug..

    No, you're just looking at a trackback and thinking it's a comment. :)

    And if you're using WordPress 2.3.1, you're at the wrong site I'm afraid. http://wordpress.org/support These are the WordPress Multiuser support forums.

  12. vtocco
    Member
    Posted 16 years ago #

    My blog is not a porn site, it was over 3 years ago. Update your web filters for gods sake!

    I will try the other forum, thx.

  13. andrea_r
    Moderator
    Posted 16 years ago #

    Oddly enough, this has just happened on my setup. I did soem upgrading and db work, and "something' got turned off soemwhere, as users reported getting spam notices yestersday. when they went ot moderate them, they did not appear to be stuck on any particualr entry.

    If I can figure it out I'll file a bug ticket over at regualr WP, as it seems liek an issue for that too.

About this Topic