WordPress.org

Ready to get started?Download WordPress

Forums

Comments turned off, but comments coming through! (17 posts)

  1. jc21
    Member
    Posted 7 years ago #

    Hi, recently I've been receiving a LOT of spam comments on my blog. I'm using Filosofo Comments Preview plugin. I've taken action to blacklist words, and then decided to close comments on all my posts.

    I thought that my version of wordpress may have had a security flaw, so I upgraded to the latest last night. This morning, I have 14 comments awaiting my approval - all of which are spam. They are related to posts that have commenting turned off!

    For example, this post: http://blog.jc21.com/2006-11-13/php-ajax-file-browser-201/
    still gets comment spam.

    What's the deal?

    PS. Filosofo comments is on the 2.1 compatibility list, but I've disabled it to see if it is the flaw.

  2. SpiderBiteMan
    Member
    Posted 7 years ago #

    I am getting the same thing on my Spider Bite blog.

    I have comments turned off right now and still, I'm getting spam waiting for my approval.

    I read somewhere you can rename the comment module, is this the solution?

    I have received 50 in the last 3 hours! This is out of control.

    Thanks for any help!

  3. vkaryl
    Member
    Posted 7 years ago #

    It's trackback spam, guys. What spam plugins are you running?

  4. jc21
    Member
    Posted 7 years ago #

    No spam plugins. I thought pingbacks and trackbacks would identify themselves differently from user comments. Perhaps they should.

    Nevertheless, shall turn off trackbacks and see what happens.

  5. vkaryl
    Member
    Posted 7 years ago #

    Best thing to do: install at the very least, Bad Behavior from http://www.homelandstupidity.us/software/bad-behavior/. That usually stops a lot of it. Akismet and Spam Karma2 can help too.

  6. Starbuck
    Member
    Posted 7 years ago #

    I'm getting some of these too and it makes sense that they could be pingbacks or trackbacks. I was going nuts trying to figure out how someone could have posted a comment without registering.

    Seems to me we need code to validate where these are coming from so that we can audit them just like comments from registered guests. Related, we need to be able to filter and auto-delete known spam sources.

    Spam Karma2 seems to be a bit too volatile and intrusive for this purpose. Akismet looks ideal. I'll do research and might load this up.

  7. Chris_K
    Member
    Posted 7 years ago #

    Seems to me we need code to validate where these are coming from so that we can audit them just like comments from registered guests. Related, we need to be able to filter and auto-delete known spam sources.

    Well yeah, Bad Behavior does part of that. Akismet or Spam Karma 2 do the other half.

  8. vkaryl
    Member
    Posted 7 years ago #

    If you're going to use any of the spam stopper plugins, you're going to lose (in the 2.0 branch, don't know about 2.1) the ability to moderate (other than by accessing the plugin screens). In order to return some of the functionality of normal moderation of comments, you'll need to download and install the sk2-moderate plugin from http://blog.ftwr.co.uk/wordpress/sk2-moderate-plugin/

    Also, please read the instructions in the lower part of his page - some of it's fairly important.

  9. commando
    Member
    Posted 7 years ago #

    I'm having the same problem. I don't want comments or feedback of any kind, I want a read only blog. Is there any way to turn off all methods of feedback without installing a spam stopper plugin like "bad behavior"?

  10. JohnA
    Member
    Posted 7 years ago #

    Commando,

    As far as I can tell, if you go to Options > Discussion in the Admin panel and deselect:

    "Allow link notifications from other Weblogs (pingbacks and trackbacks.)"
    and
    "Allow people to post comments on the article "

    then all future posts will not allow comments, pingbacks or trackbacks.

  11. geoffe
    Member
    Posted 7 years ago #

    I've gone through the same trouble:
    http://wordpress.org/support/topic/103650

    Although deselecting "Allow link notifications from other Weblogs (pingbacks and trackbacks.)" will prevent future posts from allowing pingbacks and such, it does not solve the problem for current posts.

    To fix that, you need to change the ping_status field of your posts table in the database from 'open' to 'closed'. Or, go to each post and deselect the option to allow pings.

    There ought to be a global option to disable pingbacks, but as far as I'm aware there isn't. There is a global option for comments to be restricted to registered users, as well as an option local to each post that can be overridden.

  12. commando
    Member
    Posted 7 years ago #

    Thanks guys. I've turned off all the options on that screen and i'm still getting notifications. I'll try installing "bad behaviour" and see if that helps. A global option to stop anyone posting anything in any way would be a good thing.

  13. commando
    Member
    Posted 7 years ago #

    Unfortunately the "bad behaviour" plugin did nothing - i'm still getting a few notification emails per hour.

  14. DougCastell
    Member
    Posted 7 years ago #

    I fed the MYSQL tool this query to turn off trackbacks on all my old posts:
    update wp_posts set ping_status='closed' where ping_status='open'

  15. vkaryl
    Member
    Posted 7 years ago #

    There's a truly great plugin to help with this too:

    Comment Timeout

    This one can help with older comment closure etc.

  16. Steveorevo
    Member
    Posted 6 years ago #

    This may help. I just setup a site that I wanted to have just two textboxes username/password that a user must login first before ever getting to the blog. I used the registered only plugin and I noticed that it also suggests the following:

    "This plugin does not protect your feeds. So delete or disable the feed files to avoid people from reading your feeds. The feed files are wp-atom.php, wp-commentsrss2.php, wp-rdf.php, wp-rss2.php, wp-rss.php and wp-feed.php. Delete wp.php too, since this file is not controlled like index.php is. "

    But honeslty, if I didn't want to disable feeds, how can I just keep from having any comments at all? Hmmm... may have to write a plug-in for this...

  17. Cornwell
    Member
    Posted 6 years ago #

    As well as running the MySQL update as recommended by DougCastell (above), I renamed wp-backtrack.php then scanned the whole of the WP code looking for references to it. Only two other files were affected, both in the wp-includes directory: comment-template.php (2 instances) and template-loader.php (3 instances). I edited these to match my new name. Since then I have not had any backtrack spam.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags