hi how can i turn off anonymous comments if u want to post a comment u have to login. ?

Just set $_CONF['commentsloginrequired'] = 1; in your config.php bye, Dirk

Speaking of anonymous comments, can someone tell me how to chnge the "anonymous" part? I want it to say Contributed by "Unregistered User" or something like that. Is that just a change in the language file or somewhere else?

In the language file (several occurences) and the first user in the database is also called "Anonymous", so you have to change that, too.

bye, Dirk

Thanks!

I have $_CONF['commentsloginrequired'] = 1; set in my config.php and I have for a long time. I still get a lot of these spam comments.

In fact, I manually went through all stories and TURNED OFF COMMENTS for the stories and I still get the spam.

What can I do to stop this? My next step is to edit comment.php to totally disable the comment code so nobody can ever enter comments, but I'm wondering now if they are going directly at my database without even using the forms interface.
-Tom A.

I have changed comment.php so that the commentform() function now does nothing.

I am still getting anonymous spam comments added to my geeklog articles. This is very disturbing. The main reason I chose geeklog was because it seemed to be the most secure blog software, but now I'm getting hacked daily.

I am running 1.3.8. I know there are newer versions but from what I can tell, there is nothing in those versions that can stop this problem. Besides, if I've basically disabled comments entirely (fine with me, since none of my legitimate readers post comments -- they email me instead) then how the heck are they doing this and what other havoc might these spammers create?
-Tom A.

Interesting theory. Care to elaborate how you came to that conclusion?

You are running on 1.3.8-1sr5, I assume?

bye, Dirk

hey THANKS! Just brain damage, I guess. I had searched for "spam" and just didn't find the mention of that fix.

But since I've been looking at this closer, I found that there is $_CONF['comment_code'] which, if set to -1 should disable comments completely. Will that stop this (I hope)?

As I said, the comment feature just hasn't been used by my visitors so I really won't miss it.

Thanks for your reply and of course, for fixing the bug. I never should have doubted...

We have our geeklog-announce mailing list to keep you updated about things like that. Or click on the "GL Version Test" link in your Admin block occasionally ...


That's only the default setting for the drop-down menu in the Admin's story editor and can be overriden there.

So you'll have to edit all your stories or use an SQL request to update them. Something likeshould do the trick.

Btw, you do know about Tom Willet's SpamX plugin, don't you?

bye, Dirk

Yes, I saw SpamX.
I find installing new plugins to be a little tedious and error prone. I try to keep my installation simple. Upgrades too are prone to error (when I do them). I really like software that comes with installers!

So... turning off comments will be my first choice.

Thanks again.

I too had gone thru and disabled all the comments on all the articles (manually) but discovered much to my horror that the spam comments were back within a few days - only now, they aren't visible. The only way I knew about them was that the block that shows how many articles, links and comments have been added in the last 48 hours showed they were there.

SO ... is there a sure fire trick to patch this security hole?

Please help.

SMiles

I see the same on my site. However, I'm not sure if the comments are really there or if "what's new" block is reporting erroneously.

If they exist, they must be in a table in the geeklog database. Would it be safe to delete them using phpadmin for instance? If so, what table or records should I look for and delete?

There is one bug left that lets you post comments on stories even when the comments have been disabled entirely.

Since this is kind of pointless (the comments aren't displayed, hence the advertising won't work), it wasn't considered necessary to release a fix for this (it's in CVS, though, buried between other things).

Obviously, though, spammers are as stupid as they say ...

For now, I'd really recommend installing the SpamX plugin. That should also take care of this problem.

bye, Dirk

All the comments are stored in the gl_comments table.

Deleting them via phpMyAdmin won't reset the story's comment counter, though, which is used for displaying the "42 comments" below a story. So you would have to fix those manually, too.

bye, Dirk