Dear Users / developers,
A little thought about the “Simple Flood Protection” set on wp-includes/comment.php (in the function wp_allow_comment)
The query checks the time of previous comments, regarding the e-mail address or IP address of the poster, to define if the user is actually flooding or not.
Checking the e-mail address sounds good to me, but checking the IP address sounds illogical and can potentially lead to the following edge effect; when:
* the blog is mapped behind a reverse proxy, the IP used for the poster is not the real IP address of the poster but the IP address of the reverse proxy
* users of a company reach the internet and consequently the blog from a proxy, the IP used for the posters is the IP address of the proxy
In any case, when different guys post from different computers in the same amount of time (+- 15s) they will have the “You are posting comments too quickly. Slow down.” message while they don’t flood.
It might be useful to change this logic, or at least, let the administrator to choose the criteria used for the flood policy (time between 2 comments, check on the e-mail address and / or the ip address and / or the user ID, etc.)
What do you think ?
- The topic ‘Thoughts on Simple Flood Protection – Edge Effect’ is closed to new replies.