#20165 closed feature request (duplicate)
Guest might comment with nickname and e-mail of administrator
Reported by: | wikicms | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3.1 |
Component: | Comments | Keywords: | needs-patch |
Focuses: | Cc: |
Description
The bug described on http://leks13.ru/2012/02/spam/ (Russian language).
In short - If guest know e-mail of admin, he can make reply (comment) without moderation. May be don't allow guests commented with e-mail of registered users?
Thanks.
Change History (4)
#2
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
#3
follow-up:
↓ 4
@
13 years ago
- Type changed from defect (bug) to feature request
This isn't really bug, it's designed to work this way, so I changed the type to feature request. I discovered this a couple of years ago and did an experiment on a site on wordpress.ocm where @designsimply and I wrote spurious comments on a post masquerading as each other by being not logged in and entering the other's email.
The display of registered users is not the issue, it's a matter of being logged in. The way to prevent fake commenting (and since the email generates the gravatar it looks real to the outsider) for registered users would be to force a login if the email is recognized. For non-registered users, there is no way to verify they are who they say they are unless we started using some external thing (sign in with facebook etc).
I will admit I was up in arms about it a couple of years ago, but the response I got then was that this wasn't really a big problem, and now I tend to agree. Abuse of commenting identity is pretty edge-case, so while I still support forcing a login for registered users, I think the non-registered commenter identity issue is probably best left to a plugin. Suggest closing wontfix since the registered user part already has a 2-year old ticket (that dd32 linked above).
#4
in reply to:
↑ 3
@
13 years ago
Replying to jane:
I discovered this a couple of years ago and did an experiment on a site on wordpress.ocm where @designsimply and I wrote spurious comments on a post masquerading as each other by being not logged in and entering the other's email.
[Sorry, Offtop] )
It would be nice to do Gravatar opportunity allowed the sites to which you can use my email. Thanks for message Jane.
Themes can choose to style registered users comments differently if they choose to do so.
However: #10931