Security issue posting comments?

  • topsoftbe

    (@topsoftbe)


    19 years, 4 months ago

    I have already posted a question about this on the support forum before, but had no satisfactory answer.

    So I will refrase my question.

    My 2 blogs are configured in such a way that:

    1 – you have to be a user to comment
    2 – you have to be logged in to comment
    3 – all comments have to be moderated
    4 – pingbacks and trackbacks are NOT allowed
    5 – comment author must fill out name and e-mail

    For the 3th time in a row I receive a mail, telling me that a comment has been posted.

    1 and 2 did not stop the posting, even if there are no users besides me,
    3 was ok, the comment was put aside for moderation,
    4 was not applicable,
    5 did not stop the posting either, even if there was no e-mail address.

    Here is the comment:

    Name: big tit asian porn…
    e-mail: empty
    URL: http://somepronsite.html
    Body: some pron words…
    My View on the News » Blog Archive » The Veil… and why these ……

    So my question was, and still is: is there a security hole in WP 2.1+ that allows this kind of comments to be posted?

    Someone suggested adding security plugins. I do not want plugins, a want a product that does what it says: with the configuration I have, nobody should be able to post a comment, unless he “is a user”, “has logegd in”, “has given his e-mail”. Not one of these criteria has been met.

    I have tried to logout and access my blog: I cannot add a comment. So that’s fine. But how could big tits than post a comment?
    Another thing: if you post a comment, being the administrator, then the moderation rule does not apply…is that by design? If so, that makes sense. But if you programmers are so meticulous about details, as to check wether a comment is posted by an administrator so no moderation is required, why then all the other options do not work?
    My site if you want to test:
    http://www.topsoft.be/weblog
    http://www.topsoft.be/photoblog

    Of course, it is possible that I have completely misunderstood the meaning of all these options. In that case I suggest to adapt the wording of the options.

    Thanks in advance for a good explanation.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)

The topic ‘Security issue posting comments?’ is closed to new replies.