WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] big tit asian porn - security issue? (6 posts)

  1. topsoftbe
    Member
    Posted 7 years ago #

    So now I have your attention...

    I have already posted a question about this on the support forum before, but had no satisfactory answer.

    So I will refrase my question.

    My 2 blogs are configured in such a way that:

    1 - you have to be a user to comment
    2 - you have to be logged in to comment
    3 - all comments have to be moderated
    4 - pingbacks and trackbacks are NOT allowed
    5 - comment author must fill out name and e-mail

    For the 3th time in a row I receive a mail, telling me that a comment has been posted.

    1 and 2 did not stop the posting, even if there are no users besides me,
    3 was ok, the comment was put aside for moderation,
    4 was not applicable,
    5 did not stop the posting either, even if there was no e-mail address.

    Here is the comment:

    Name: big tit asian porn…
    e-mail: empty
    URL: [url moderated]
    Body: big tit asian porn...
    My View on the News » Blog Archive » The Veil… and why these ......

    So my question was, and still is: is there a security hole in WP 2.1+ that allows this kind of comments to be posted?

    Someone suggested adding security plugins. I do not want plugins, a want a product that does what it says: with the configuration I have, nobody should be able to post a comment, unless he "is a user", "has logegd in", "has given his e-mail". Not one of these criteria has been met.

    I have tried to logout and access my blog: I cannot add a comment. So that's fine. But how could big tits than post a comment?
    Another thing: if you post a comment, being the administrator, then the moderation rule does not apply...is that by design? If so, that makes sense. But if you programmers are so meticulous about details, as to check wether a comment is posted by an administrator so no moderation is required, why then all the other options do not work?
    My site if you want to test:
    http://www.topsoft.be/weblog
    http://www.topsoft.be/photoblog

    Of course, it is possible that I have completely misunderstood the meaning of all these options. In that case I suggest to adapt the wording of the options.

    Thanks in advance for a good explanation.

  2. Chris_K
    Member
    Posted 7 years ago #

    That's not a comment. It is a trackback.

    You mention pingbacks and trackbacks are not allowed. When you set that, did you have pre-existing posts in your blog? If so, they probably don't have that setting... Was this trackback against an older post?

  3. topsoftbe
    Member
    Posted 7 years ago #

    OK, now I start to see the light. Do you mean that the general options you set for the whole WP are not applied to the existing posts? Would it then not be useful to add an extra option that says: apply my general settings to the whole existing blog? µ
    I suppose it happens all the time that one has to modify some small setting somewhere. What a waste of time and effort if on has to apply that setting to all existing posts manually...this is not logical nor userfriendly.
    Or does that option exist somewhere? Sorry if I have missed it...

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    Do you mean that the general options you set for the whole WP are not applied to the existing posts?

    For most things, no. For the specific case of trackback and pingbacks, yes.

    There are quick scripts and plugins and such available that can rapidly make this change to all your posts for you, but I really recommend using a better solution to the problem of spam. Namely, Bad Behavior, Akismet, and Spam Karma. These plugins are excellent at blocking spam, and you don't have to disable all your blogs really nice features.

  5. topsoftbe
    Member
    Posted 7 years ago #

    OK, thanks for the clear reply. Will look into these scripts and plugins.

  6. Windrider6
    Member
    Posted 6 years ago #

    I have enabled:
    Anyone can register
    Users must be registered and logged in to comment

    I have now disabled:
    Attempt to notify any blogs linked to from the article (slows down posting.)
    Allow link notifications from other blogs (pingbacks and trackbacks.)

    And I have disabled "Allow Pings" for each of my posts. But I never had anything defined in "Send trackbacks to:" for any of my posts in the first place.

    So how did comments get entered without the user registering or logging in?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.