WordPress.org

Ready to get started?Download WordPress

Forums

Thoughts on Simple Flood Protection - Edge Effect (2 posts)

  1. Peavy
    Member
    Posted 6 years ago #

    Dear Users / developers,

    A little thought about the "Simple Flood Protection" set on wp-includes/comment.php (in the function wp_allow_comment)

    The query checks the time of previous comments, regarding the e-mail address or IP address of the poster, to define if the user is actually flooding or not.

    Checking the e-mail address sounds good to me, but checking the IP address sounds illogical and can potentially lead to the following edge effect; when:
    * the blog is mapped behind a reverse proxy, the IP used for the poster is not the real IP address of the poster but the IP address of the reverse proxy
    * users of a company reach the internet and consequently the blog from a proxy, the IP used for the posters is the IP address of the proxy
    In any case, when different guys post from different computers in the same amount of time (+- 15s) they will have the "You are posting comments too quickly. Slow down." message while they don't flood.

    It might be useful to change this logic, or at least, let the administrator to choose the criteria used for the flood policy (time between 2 comments, check on the e-mail address and / or the ip address and / or the user ID, etc.)

    What do you think ?

    Best regards,

    Peavy 8)

  2. hajdarovic
    Member
    Posted 5 years ago #

    It very annoying that I as a owner and administrator cant turn off the control. If i want to publish 2 comments on my own blog i recive the slow down ticket! Aaaaaaa, im going mad!

Topic Closed

This topic has been closed to new replies.

About this Topic