Support » Requests and Feedback » Possible security vulnerability

  • I have disabled posting of comments by anonymous users. However I have noticed that 2-3 comments from people who are clearly not logged in have slipped into my moderation queue.

    No idea how this exploit works, so I don’t feel too concerned about publishing it here, but it is clear that there is a way to post comments anonymously. If anyone could look into this, that would be helpful.

    Dave

Viewing 3 replies - 1 through 3 (of 3 total)
  • I have disabled posting of comments by anonymous users.

    And exactly how did you do that?

    Thread Starter dwees

    (@dwees)

    Under the General options there is a box beside Membership that says “Users must be registered and logged in to comment” and I checked that.

    I handle all user registrations for my site myself, and have checked this box, and when I navigate to the page in question, it has the “You must be logged in to comment” link.

    However I have now 3 times found comments from people who were clearly not members of my blog in my moderate queue and have deleted them.

    I just want to sort this out before I end up with thousands of comments there (Akismet is not an option because of the bizareness of my server set-up, over which I have no control. Think PHP with no remote file functions.).

    Dave

    Thread Starter dwees

    (@dwees)

    As an aside, I have 3 plugins enabled:

    1 admin
    Admin Management Xtended by Oliver Schlöbe.

    2 filters
    Kimili Flash Embed by Michael Bester
    Mathfilter by David Wees

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Possible security vulnerability’ is closed to new replies.