Welcome to Geeklog Thursday, December 05 2019 @ 10:21 pm EST

Geeklog Forums

comments - no anonymous


anomal

Anonymous
hi how can i turn off anonymous comments if u want to post a comment u have to login. ?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Just set $_CONF['commentsloginrequired'] = 1; in your config.php bye, Dirk
 Quote

risebluelion

Anonymous
Speaking of anonymous comments, can someone tell me how to chnge the "anonymous" part? I want it to say Contributed by "Unregistered User" or something like that. Is that just a change in the language file or somewhere else?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by risebluelion: Is that just a change in the language file or somewhere else?

In the language file (several occurences) and the first user in the database is also called "Anonymous", so you have to change that, too.

bye, Dirk
 Quote

risebluelion

Anonymous
Thanks!
 Quote

Tom

Anonymous
I have $_CONF['commentsloginrequired'] = 1; set in my config.php and I have for a long time. I still get a lot of these spam comments.

In fact, I manually went through all stories and TURNED OFF COMMENTS for the stories and I still get the spam.

What can I do to stop this? My next step is to edit comment.php to totally disable the comment code so nobody can ever enter comments, but I'm wondering now if they are going directly at my database without even using the forms interface.
-Tom A.
 Quote

Status: offline

muskrat

Forum User
Chatty
Registered: 31/10/02
Posts: 41
I have changed comment.php so that the commentform() function now does nothing.

I am still getting anonymous spam comments added to my geeklog articles. This is very disturbing. The main reason I chose geeklog was because it seemed to be the most secure blog software, but now I'm getting hacked daily.

I am running 1.3.8. I know there are newer versions but from what I can tell, there is nothing in those versions that can stop this problem. Besides, if I've basically disabled comments entirely (fine with me, since none of my legitimate readers post comments -- they email me instead) then how the heck are they doing this and what other havoc might these spammers create?
-Tom A.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by muskrat: I am running 1.3.8. I know there are newer versions but from what I can tell, there is nothing in those versions that can stop this problem.

Interesting theory. Care to elaborate how you came to that conclusion?

You are running on 1.3.8-1sr5, I assume?

bye, Dirk
 Quote

Status: offline

muskrat

Forum User
Chatty
Registered: 31/10/02
Posts: 41
happy
Quote by Dirk:
Quote by muskrat: I am running 1.3.8. I know there are newer versions but from what I can tell, there is nothing in those versions that can stop this problem.

Interesting theory. Care to elaborate how you came to that conclusion?

You are running on 1.3.8-1sr5, I assume?



hey THANKS! Just brain damage, I guess. I had searched for "spam" and just didn't find the mention of that fix.

But since I've been looking at this closer, I found that there is $_CONF['comment_code'] which, if set to -1 should disable comments completely. Will that stop this (I hope)?

As I said, the comment feature just hasn't been used by my visitors so I really won't miss it.

Thanks for your reply and of course, for fixing the bug. I never should have doubted...
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by muskrat: I had searched for "spam" and just didn't find the mention of that fix.

We have our geeklog-announce mailing list to keep you updated about things like that. Or click on the "GL Version Test" link in your Admin block occasionally ...

Quote by muskrat: But since I've been looking at this closer, I found that there is $_CONF['comment_code'] which, if set to -1 should disable comments completely. Will that stop this (I hope)?

That's only the default setting for the drop-down menu in the Admin's story editor and can be overriden there.

So you'll have to edit all your stories or use an SQL request to update them. Something like
PHP Formatted Code
UPDATE gl_stories SET commentcode = -1;
 
should do the trick.

Btw, you do know about Tom Willet's SpamX plugin, don't you?

bye, Dirk
 Quote

Status: offline

muskrat

Forum User
Chatty
Registered: 31/10/02
Posts: 41
Yes, I saw SpamX.
I find installing new plugins to be a little tedious and error prone. I try to keep my installation simple. Upgrades too are prone to error (when I do them). I really like software that comes with installers!

So... turning off comments will be my first choice.

Thanks again.
 Quote

newbie

Anonymous
I too had gone thru and disabled all the comments on all the articles (manually) but discovered much to my horror that the spam comments were back within a few days - only now, they aren't visible. The only way I knew about them was that the block that shows how many articles, links and comments have been added in the last 48 hours showed they were there.

SO ... is there a sure fire trick to patch this security hole?

Please help.

SMiles
 Quote

Status: offline

muskrat

Forum User
Chatty
Registered: 31/10/02
Posts: 41
Quote by newbie: I too had gone thru and disabled all the comments on all the articles (manually) but discovered much to my horror that the spam comments were back within a few days - only now, they aren't visible. The only way I knew about them was that the block that shows how many articles, links and comments have been added in the last 48 hours showed they were there.

SO ... is there a sure fire trick to patch this security hole?

Please help.

SMiles


I see the same on my site. However, I'm not sure if the comments are really there or if "what's new" block is reporting erroneously.

If they exist, they must be in a table in the geeklog database. Would it be safe to delete them using phpadmin for instance? If so, what table or records should I look for and delete?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by newbie: only now, they aren't visible

There is one bug left that lets you post comments on stories even when the comments have been disabled entirely.

Since this is kind of pointless (the comments aren't displayed, hence the advertising won't work), it wasn't considered necessary to release a fix for this (it's in CVS, though, buried between other things).

Obviously, though, spammers are as stupid as they say ...

For now, I'd really recommend installing the SpamX plugin. That should also take care of this problem.

bye, Dirk
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by muskrat: Would it be safe to delete them using phpadmin for instance? If so, what table or records should I look for and delete?

All the comments are stored in the gl_comments table.

Deleting them via phpMyAdmin won't reset the story's comment counter, though, which is used for displaying the "42 comments" below a story. So you would have to fix those manually, too.

bye, Dirk
 Quote

All times are EST. The time is now 10:21 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content