WordPress.org

Ready to get started?Download WordPress

Forums

"Users must be registered and logged in to comment" (20 posts)

  1. David R. Woolley
    Member
    Posted 8 years ago #

    I've read the spam FAQ and I don't see a solution to my problem.

    I have my options set as follows:
    * Anyone can register: unchecked
    * Users must be registered and logged in to comment: checked

    There are no registered users other than myself.

    And yet, every day I get several notices about posted comments that I need to moderate. It's always spam. How are the spammers getting around the "registered and logged in" requirement?

    At least the spam is just going into moderation and not actually being posted. But it seems to me that given how I've got the controls set, they shouldn't even be able to get a comment into moderation.

  2. mjwood
    Member
    Posted 8 years ago #

    Hmm... that's odd.

    A couple of questions --

    1) It would help to see a link to your blog. Otherwise, it's really hard to see how you have everything setup.

    2) If you are not logged in, and you navigate to where you would normally post a comment, what does it say? Mine is setup similar to yours (except I allow anyone to register), and mine says "You must be logged in to post a comment" and the "logged in" is a link to the login page. Is yours similar?

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 8 years ago #

    How are the spammers getting around the "registered and logged in" requirement?

    They're not. Those aren't comments. They're track/pingbacks. You've disabled comments, but have you disabled pingbacks? On every post (since it's a per post setting)?

    Install Bad Behavior and Akismet. Bad Behavior just straight up blocks like 80-90% of these, and Akismet catches the rest.

    If you'd rather just disable trackbacks and pingbacks, then there is an option to do so on the discussions page. But these settings are just the default settings for new posts. All your old posts that had this turned on will have to be changed as well. Edit a post and look in the upper right hand corner of the screen, under discussion. There's where you can turn it off. Installing BB and Akismet is easier, most likely.

  4. David R. Woolley
    Member
    Posted 8 years ago #

    What does a trackback or pingback look like? These things I'm getting look exactly like comments. The email I get asking me to moderate them refers to them as comments. If I approve one, it appears along with other comments and is indistinguishable from a comment. Can it walk like a comment and talk like a comment and still not be a comment?

    My WordPress blog is at http://thinkofit.com/wordpress

    Here's an example of the moderation alerts I'm getting:

    A new comment on the post #11 "Mouse Traps" is waiting for your approval
    http://thinkofit.com/wordpress/?p=11

    Author : box cigar purse wholesale (IP: 212.56.202.147 , static-212.56.202.147.mldnet.com)
    E-mail :
    URI : http://www.allgooddirect.info/box-cigar-purse-wholesale.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=212.56.202.147
    Comment:
    box cigar purse wholesale

    Thanks for clearing this up .

    To approve this comment, visit: http://thinkofit.com/wordpress/wp-admin/post.php?action=mailapprovecomment&p=11&comment=79
    To delete this comment, visit: http://thinkofit.com/wordpress/wp-admin/post.php?action=confirmdeletecomment&p=11&comment=79
    Currently 4 comments are waiting for approval. Please visit the moderation panel:
    http://thinkofit.com/wordpress/wp-admin/moderation.php

  5. moshu
    Member
    Posted 8 years ago #

    They look like comments and they do show up among the comments.

    Just do what Otto said above.

  6. alQpr
    Member
    Posted 8 years ago #

    If you don't trust automated spamcatchers or if you just want to turn off trackbacks for some other reason, and if you have a lot of old postings that you want to switch over, then rather than doing it one-by-one, you can do it in your wp database. Just run the query:
    UPDATE wp_posts SET ping_status='closed' WHERE 1

    It would be nice if this was possible within WordPress, and also if ping notifications looked different from comment notifications so that people wouldn't have to waste time trying to figure out why requiring registration for comments seems to have no effect.

    Further to this, what is the point of making it possible to require registration for comments if this can easily be evaded just by sending trackbacks? Shouldn't there be a way of enabling trackbacks only from registered users, and shouldn't the setting of registration required for comments also automatically do the same for trackbacks?

  7. moshu
    Member
    Posted 8 years ago #

    Shouldn't there be a way of enabling trackbacks only from registered users,

    That's a total nonsense. Or you just don't understand the TBs.
    http://codex.wordpress.org/Introduction_to_Blogging#Trackbacks

  8. newflesh
    Member
    Posted 8 years ago #

    Can it walk like a comment and talk like a comment and still not be a comment?

    Trackbacks and pings are intended to be a way of notifying someone that you have mentioned their post on your blog, without having to manually post a comment to tell them that they might want to check out what you wrote. Blogs talking to each other rather than visitors talking to your blog, so to speak. Good for discussion, but with the drawback that it can be abused the same way as comments. And they are handled differently because some people want to receive only trackbacks or be able to set them manually for each posts and so on.

    I can only agree with the people who have suggested automated spam filtering. I use Akismet, and it does a good job.

  9. bronto
    Member
    Posted 8 years ago #

    I'm another one getting twenty porn-spams an hour despite all attempts to restrict comments. I've tried disabling comments on those posts that attract the most; sometimes this works but usually I get

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, [myaddress] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

  10. moshu
    Member
    Posted 8 years ago #

    Don't invent the wheel... and they are NOT comments (if you've read the whole topic). Just install an anti-spam plugin (or two) and you will be OK.

  11. bronto
    Member
    Posted 8 years ago #

    Um, forgive a silly question, if they are not comments why do they appear in my Comments Moderation Queue with email notification that "you have 1 zillion new comments"?

  12. moshu
    Member
    Posted 8 years ago #

  13. newflesh
    Member
    Posted 8 years ago #

    You've disabled comments, but have you disabled pingbacks? On every post (since it's a per post setting)?

    I guess it has to be mentioned that there is a setting in Options/Discussion to disable link notifications. Didn't think of that until I saw it now and thought of this thread. It only determines if the option on the post panel is checked or unchecked by default, so old posts still have to be changed.

  14. bronto
    Member
    Posted 7 years ago #

    moshu, thank you for your non-response to the question

  15. whooami
    Member
    Posted 7 years ago #

    bronto,

    as Moshu has already elaborated, trackbacks are not comments, in the sense that they cannot be _restricted_ like a standard "comment" Trackbacks and pingbacks are sent remotely from another site, thusly you CANNOT restrict them to registered users.

    http://en.wikipedia.org/wiki/Trackback

    If you want to deter trackback spam, there are tons of plugin solutions available. You can also disable the ability to accept trackbacks by ticking off ONE simple checkbox in the admin area, or by removing files completely from your install .. OR .. OR ... OR... (in other words, this is an issue thats been discussed a million times here and has been covered extensively)

  16. bronto
    Member
    Posted 7 years ago #

    Thanks for answering, again, the question that I didn't ask. I'll try a different question:

    May we hope that in some future version trackbacks and pingbacks will not be announced as comments? That they will not appear in a comments moderation queue, or, if they do appear in the same queue, the queue will be renamed the comments, trackbacks and pingbacks moderation queue?

    Or is this confusion a feature rather than a flaw?

  17. whooami
    Member
    Posted 7 years ago #

    no, you prolly cannot hope that since as far as I understand trackbacks and pingbacks are treated as comments for the obvious reason:

    1. ppl LIKE to moderate them.

    Most "seasoned" users have no trouble distinguishing between a comment and a trackback.

  18. Hendison Scott
    Member
    Posted 7 years ago #

    I disagree with Moshu. They are comments, not just trackbacks. They're created with crappy automated blog commenting software, but they're still "comments" as defined by your wordpress software. "Comment spamming" is well known, and to say otherwise is "total nonsense".

    I've had great success stopping comment spam by implementing the secureimage plugin -http://uberdork.supertwist.net/download/secureimage.tar.gz

  19. RavanH
    Member
    Posted 7 years ago #

    AH! So that's it...

    I posted another post on this forum somewhere:

    I have comments closed to unregistered users (and always have had it that way) but I just got a spam comment for moderation :-(

    How can this be? What security loophole is there on my website? I cannot for the life of me, find anything about this on the internet or this forum. Has anyone experienced this before?

    But I understand it was not a comment but a trackback... I find it confusing, to say the least, to put these on one heap as comments... I must agree with bronto on this point. Whooami, I am not a 'seasoned' user but I find I'm not the only one wasting a whole day trying to figure this out!

    Anyway, glad that I am not crazy and found the answer...

  20. e7
    Member
    Posted 7 years ago #

    Well, this is a very good thread here. I also don't think this spam of comments recently observed on my blog is trackbacks at all, it rather seems like some new bot network has hacked apart wordpress to the point they can initiate these comments via some type of software. Maybe it is using a trackback of sorts to trick our sites into thinking these are trackbags but I have a trackback from my own blog to a page on my site and it looks like a trackback - not a comment.

    I'm going to check out this image recognition thingie over the weekend.

    Moshu, maybe you should read what is being asked before letting your nerves get the better of you. I thought the question was very legit and poorly handled.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.