wp-postratings script

  • Resolved tukis7

    (@tukis7)


    10 years, 7 months ago

    Hello,

    I have a problem. many of my post are being rated of 1 star by the same ip adress 127.0.0.1 / localhost.localdomain, and it must be a script of some sort. What could be the problem it this plugin that allows this thing to happen ? And what can i do to restore previous ratings before those 1 star rating that were spamed. I tried deleting these ratings, but overall rating remains the same as these bad ratings havent been deleted in the first place.

    Thank you for your help.

    https://ww.wp.xz.cn/plugins/wp-postratings/

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Lester Chan

    (@gamerz)

    10 years, 7 months ago

    I am not too sure of the localdomain part.

    The plugin only stores accumulated ratings in the post meta under ratings_users, ratings_average and ratings_score. Deleting the logs doesn’t change anything. You have to manually edit the above stated meta_keys for the post. You can find those fields under the Custom Fields of the Edit Post screen.

    Thread Starter tukis7

    (@tukis7)

    10 years, 7 months ago

    But my gues is that there is a hole in the plug in itself, because that ip found it and now is using script of some sort to rate all posts with 1 star 😕

    Plugin Author Lester Chan

    (@gamerz)

    10 years, 7 months ago

    Hmm if you can reproduce it let me know, because I haven’t get any reports of it yet.

    Even if you can rate for 127.0.0.1, it will only allow one rating per post. There is WP security token as well to verify the request. So even if the IP is allowed to rate, he will not be allowed to rate after the token expires (defaults to 1 hour) via a script.

    Thread Starter tukis7

    (@tukis7)

    10 years, 7 months ago

    Hmm, well i will take a look,

    thank you so much for your help.

    Thread Starter tukis7

    (@tukis7)

    10 years, 7 months ago

    and by the way, that manual custom field editing doesnt work and that someone does 4 or 5 clicls in one minute… Here is the screenshot of what is happening http://imgur.com/XPTQXKs

    Plugin Author Lester Chan

    (@gamerz)

    10 years, 7 months ago

    Looks like a script. He is ratting only 5 post every minute to prevent the security token from expiring. Your best bet is to banned the guy if you can the real IP or restricted ratings to registered users.

    Thread Starter tukis7

    (@tukis7)

    10 years, 7 months ago

    but my main raters ar unregistered users, so i cant do the only registered. maybe there is a hole in a plugin it self, you should update it maybe… or something

    Thread Starter tukis7

    (@tukis7)

    10 years, 7 months ago

    or add option to remove selected ratings from selected users directly from plygin admin panel, make it more flexible and controllable.

    Plugin Author Lester Chan

    (@gamerz)

    10 years, 7 months ago

    Right now I have no plans to do that because I have a full time job. So unlikely I will change it soon. If I have time, my next immediate thing is to rewrite it to use CSS rather than images as rating.

    Allow deleting of ratings is in my thoughts but not in the immediate future.

    Thread Starter tukis7

    (@tukis7)

    10 years, 5 months ago

    Hello, i would like to renew this topic, because my ratings ar still being hacked… someone keeps rating all my posts to 1 star using scripts and i dont know what to do exactly, is there any way to not allow this plugin to be hacked using scripts ?
    Thank You.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘wp-postratings script’ is closed to new replies.