WordPress.org

1. davebgimp
   Member
   Posted 6 years ago #

   I use WP on my website and recently set my options to moderate all first time commenters, however, when testing it, I find that after the comment is submitted the user is redirected away from my site to a webpage hosted on the coding.mu website containing a HUGE flash movie demo of someone coding what looks to be PHP. Do you have any idea what's up with that and if so why and how to get rid of it? It's pretty alarming. I have disabled moderation for now and things are back to normal, but I would really like to know what the hell's up with this.

2. Joshua Sigar
   Member
   Posted 6 years ago #

   Do you have any comment-related plugin? It could be it.
   I haven't checked WP code, but I don't think WP will do that.

3. davebgimp
   Member
   Posted 6 years ago #

   Yes I use SK2.

4. Joshua Sigar
   Member
   Posted 6 years ago #

   Just search the code of SK2 for that site and replace it with whatever you want (e.g. your homepage). (I guess, since I don't use SK2.)

   Does the comment still make it to moderation when the visitor gets redirected?

5. Cypher
   Member
   Posted 6 years ago #

   I use SK2 on my site and I don't believe I've ever had any commenter redirected to any site other than my own. Check out the comments related files (comment.php, comments-popup.php) and see if you find anything interesting in there.

   Regards

6. Peter Westwood
   WordPress Lead Developer
   Posted 6 years ago #

   SK2 does not contain a reference to that site anywhere in it's source code.

   This is not normal SK2 behaviour!

   Edit:
   Looking at the code in spam_karma_2_plugin.php the redirect to the Second Chance page happens around lines 950-965 - could you paste those lines of that file here for us to check??

   westi

7. davebgimp
   Member
   Posted 6 years ago #

   $location = str_replace($_SERVER['DOCUMENT_ROOT'], "/", dirname(__FILE__)) . "/" . sk2_second_chance_file<br />
Let me know if this isn't all of it.

   ."?c_id=$comment_ID&c_author=" . urlencode($sk2_core->cur_comment->author_email);

   $can_use_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? false : true;<br />
if (!$can_use_location &&amp; ($phpver >= '4.0.1') &&amp; @preg_match('/Microsoft/', getenv('SERVER_SOFTWARE')) &&amp; (php_sapi_name() == 'isapi'))<br />
$can_use_location = true;

8. Peter Westwood
   WordPress Lead Developer
   Posted 6 years ago #

   Ok that code looks like it is correct.

   Would it be possible for you to reenable the plugin for a short period for me to see the problem in action by trying to post a comment on your site?

   westi

9. davebgimp
   Member
   Posted 6 years ago #

   No problem, thanks for the assistance. The plugin has now been enabled.

10. davebgimp
    Member
    Posted 6 years ago #

    I should also say that I searched the code of SK2 and it's prepackaged plugins for "coding.mu", but did not find anything.

11. angsuman
    Member
    Posted 6 years ago #

    This is not related to SK2.
    I wonder if this is an example of exploit of the security vulnerabilities in WP 1.5.1.2 and lower.
    What version of WordPress are you running?

12. Peter Westwood
    WordPress Lead Developer
    Posted 6 years ago #

    Ok,

    Just done a test post and now I understand why this is happening.

    The redirection code in Spam Karma 2 is not sending back a fully qualified url for the second-chance page.

    When your browser tries to follow the link it can't because it's not fully qualified and so it may helpfully try a "I'm feeling lucky" lookup in google and take you there - like if you miss type something in the url bar.

    The url that gets returned in the redirect is:
    
HTTP/1.x 302 Found
Date: Fri, 08 Jul 2005 18:42:01 GMT
Server: Apache/2.0.53
X-Powered-By: PHP/4.3.11
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 08 Jul 2005 18:42:02 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location: //wp-content/plugins/SK2/sk2_second_chance.php?c_id=148&c_author=example%40example.com
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html


    The browser then does this:
    
http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=wp-content

    GET /search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=wp-content HTTP/1.1
    Host: www.google.com
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Cookie: PREF=ID=27664863d4f98241:CR=1:TM=1114451930:LM=1117277536:L=0AA:S=n5Wt5n6iGz-2mY63

    HTTP/1.x 302 Found
Location: http://coding.mu/wp-content/mvcdemo.htm
Cache-Control: private
Content-Type: text/html
Server: GWS/2.1
Transfer-Encoding: chunked
Content-Encoding: gzip
Date: Fri, 08 Jul 2005 18:42:04 GMT


    Which sends you to the site in question coding.mu - This is the first result for the following Google Search: wp-content

    The following workaround will allow you to use Spam Karma 2:

    1. Disable the Capatcha Check plugin in the Spam Karma 2 Options pages by setting it's strength to disabled.

    I have contacted the author of Spam Karma 2 zedrdave and hopefully a fix for this issue will be available soon!

    westi

13. davebgimp
    Member
    Posted 6 years ago #

    Awesome, disabling captcha worked. Thanks for your help!

14. Peter Westwood
    WordPress Lead Developer
    Posted 6 years ago #

    Thats ok.

    Hope the Spam Karma 2 Moderate plugin works OK for you now!

    westi

15. davebgimp
    Member
    Posted 6 years ago #

    It works beautifully. Oh wait, you wrote it! Ha! I just commented about this issue on your site. Thanks again.

Topic Closed

This topic has been closed to new replies.