I was wondering if and what measures are built in the script to filter the comments. I have taken a quick look at the code, but couldn't find anymore then the validation check for valid email adresses etc. Everybody having had a comment enabled blog or other script knows what I'm talking about. All those spam messages.
So what experience have people had so far? And what are the planned developments in this area?
As a sidenote: I know it's still a beta, but still, can anyone say something about how secure the script is at the moment? In my opinion, these aspects are more important then adding new features. I hope I don't sound to offensive. Really from what I can see ZP is very well programmed. However, I have seen so many scripts for gallery's, guestbooks, blogs etc that have gaping security holes in them. Like relying on magic_quotes being on for example.
I just would like to hear some more about these aspects.
Thanks, and keep up the great work!

So, nobody has had any problems with spam in the comments? That would be quite unique, and also very good.

I'm sure it will come eventually , unfortunately.

It would be realy great if the comment function somehow could be integrated with Wordpress' anti spam plugins. Would that be possible at all ?

That would be a good idea indeed. Since comment spam is such a huge and widespread problem, it wouldn't be very wise to try to reinvent the wheel. There's already so much effort being put in the anti-spam plugins for WP (or other popular scripts), at least some code could be reused. My knowledge in php is not advanced enough to do it myself, but I'm willing to help a bit by thinking/discussing about it My guess is that a combination of measures will be a good start.

[list]
[]Not allow repeated comments within a certain time
[]Blacklist the most common spam words (all medicines, gambling stuff etc)
[]Don't allow links to be posted
[]Validate input. (Valid emailaddress, etc)
[*]...
[/list]

The comment spammers have arrived!

http://lunaport.com/photos/mardi_gras/03.jpg

I've left it on this page only - there was lots more. So, what can I do? I didn't see anywhere to disable comments.

Alright, that's it then. I'll start putting moderation and spam controls in, and the ability to disable comments. Definitely know now that we need to work on it. Thanks, and sorry for any inconvenience.

For now you could disable the form in the theme, but that's tedious and hacky. We'll have a real solution soon.

I can't believe I was the first. I won't bother trying to disable the form - it seems to have stopped for now, and it's easy enough to delete the offending comments.

Looks to me like the script mistook the comments form for an email form - the content of the posts looks like attempted email injection (http://securephp.damonkohler.com/index.php/Email_Injection). Guess they just try every form they find.

Yep i had a couple of ten not related comments on my site as well, looked more like hacked than spam 'cause i didnt find any viagra ;-)
but it is annoying and somehow scary as well

yeah, installed it, and 2 days later i've got 73 comments from spammers. i really didn't expect it, but what can one do...

On my Wordpress blog I am using Akismet to prevent comment spam and it is working perfectly.

Maybe Akismet anti spam can be provided in the form of a plugin for zenphoto?

if I modify the structure of the comments table to have the 'commentson' field default to zero would the comment form still show up?

went ahead and tried it. Nope comments and form still show.

just add #comments {display:none} to the end of your template's css and they will not show

Hi!
Any news on comments aproval moderation mail and comment spamming?

Keep up the good work!
/Petter

No news yet. Lots of dev time available now though, so might get some work on it done soon...

Yeah, instead of writing your own, how about developing an Akismet plugin? Most of us are already running WordPress and have an activation key.

Yep, good idea. The plugin API is sounding like something I should work on ;-)

Hi, has there been any progress on this?

I also thought of a related feature. It would be great if users who were already logged into wordpress could post comments without having to enter their details a second time.

Many thanks!

Integration with some captcha feature should solve this problem. I would be interested as well, if someone figure it. Thx.

One idea I thought of is the humanauth system of captcha. A little too much work, but it would be kind of cool to use your own images as sort of a gallery "captcha" method.

Just search for humanauth online. They provide a distribution in php to get started, it might be cool to try and implement.

Here's the link to Humanauth:

http://www.gigoit.org/humanauth/

More thoughts on it:

Probably taking photos from zenphoto in a random fashion would not be the best idea, as you'd have to "key" pictures to specific categories (or tags) which humanauth would then use for its algorithm. In other words, say you have 9 random pictures, three of them tagged as "cars". The system would then use the tags to identify the "cars" and then the user would have to click on the cars to pass the comment submit process.

Seems needlessly complicated the more I think about it. But it sounds cool....