WordPress.org
Get WordPress

Make WordPress Core

Opened 19 years ago

Closed 19 years ago

Last modified 18 years ago

#2237 closed defect (bug) (fixed)

incorrect use of gethostbyname leads to false detection of comment spam

Reported by: tanuki's profile tanuki Owned by:
Milestone: Priority: normal
Severity: critical Version: 2.0
Component: General Keywords: comment spam wrong detection bg|has-patch bg|commit
Focuses: Cc:

Description

In functions-post.php, function wp_proxy_check($ipnum), we encounter the following code:

$lookup = $rev_ip . '.opm.blitzed.org';
if ( $lookup != gethostbyname( $lookup ) )
     return true;

Unfortunately, a hostname not ending with a dot is a relative hostname. Thus, the name is first resolved relatively to the domain name of the hosting server, and if it is not resolved, it is then tried to be resolved as an absolute hostname. For domain names where there is a 'catch-all' IP registered, there is always a resolved address, and then the control fails, marking the comment as SPAM. (Refs: RFC 1034, Linux man page for gethostbyname).

Fix:

$lookup = $rev_ip . '.opm.blitzed.org.';
if ( $lookup != gethostbyname( $lookup ) )
     return true;

Change History (5)

#1 @westi
19 years ago

  • Milestone set to 2.0.1

Marking as a candidate for 2.0.1

#2 @davidhouse
19 years ago

  • Keywords bg|has-patch added

Agree with westi. Low-hanging fruit.

#3 @davidhouse
19 years ago

  • Keywords bg|commit added

#4 @ryan
19 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3433]) Force absolute lookup. Props tanuki. fixes #2237

#5 @(none)
18 years ago

  • Milestone 2.0.1 deleted

Milestone 2.0.1 deleted

Note: See TracTickets for help on using tickets.