Hi,
We have recently taken comments off albums (removed the form etc) but someone is managing to post comments into the database with lots of links.
The comments do not appear in admin under "comments" but if we use the direct link to the comment from the confirmation email we get the output below.
Warning: extract() [function.extract]: First argument should be an array in /home/users/username/html/domainname/gallery/zp-core/admin-comments.php on line 119
Notice: Undefined variable: custom_data in /home/users/username/html/domainname/gallery/zp-core/admin-comments.php on line 151
Notice: Undefined variable: inmoderation in /home/users/username/html/domainname/gallery/zp-core/admin-comments.php on line 167
Etc...
We are able to delete them so it's not a great problem but we are concerned that they may be able to corrupt the database.
Thanks
That might be an attempt or just spam. Seems you don't have any spam filter active and do you use Captcha (I know can be annoying for uses and of course bypassed by spammer, too)?
Actually we clear (sanitize) everything that is posted by our forms so that should not do any harm. Except they hack the db directly of course.
Hi, ok we do want comments on images, so maybe we should consider enabling the spam filter, I've never really been a fan of anti-spam filters in case they block real comments.
We have had bulk spamming even wuith the capture enabled, it's been no problem deleting them tho so far, but what if they posted thousands of comments.
Ok, how does the simple filter work, on what criteria does it mark comments as spam ?
Many thanks.
If you use one of the "none" filter you can force all comments to be placed in moderation for your review. The "simple" filter will also place questionable messages in moderation. That way no comments will be thrown away. "Simple" is a pattern matching filter. You supply the words you want it to detect.
The other thing is to use the Captcha.
Hi, ok this is very confusing.
If I set excessive URL count 0 it blocks any comment regardless of the content.
Comments containing text such as www.testing.com is not marked as spam.
So I guess we need to use regular expressions in the blacklist section.
This is too complex for me, we want to mark any comment containing any form of web address as spam. (http) (a href) (www.)
Can you please provide the expressions, I'm sure it would be usefull for many other people as well.
Many thanks.
All except the simple filter are not officially supported as we don't use them ourselves (I don't use comments actually) and do not sign up to services we don't use (privacy concerns and the like)
These also were actually contributions by users who are no longer active and who did not updated them for a long time, so we took them out of the official release as we can't test them. The Akismet is reported to work again after the update.
Hi, ok thanks for the info, I've enabled the simple filter for now and will be adding the spammers ip's, I think that's our best option for now.
It's been no problem deleting the spam them so far.
I take it the \ expression blocks a href tags, is that correct ?
Spammer's must be very sad and lonely people : - )
Many Thanks.
I am using:
Here is the problem: I have comments enabled, but set to moderation so I can catch and block ip's related to spammers. A spambot is getting past the moderation routine and comments are appearing on photos now. Has anyone had this happen to them yet? Is there a patch somewhere that could help stop this?
Have you made modifications to the simple spam filter? Out of the box there is nothing that will "set to moderation" for all messages--only those that it suspects as spam. In this case all the spambot has to do is out guess whatever you have setup as the spam triggers.
This filter is called "simple" for a reason--if you need more complex spam fitering you will need either to enhance the filter or use one of the third party spam filters from the WEB site. Alternatively you can use the "none" filter and set every post to moderation.