Spam bots can still submit coments, even if the feature is disabled
|Reported by:||sendspace||Owned by:|
I have looked through the closed tickets for v2.1 but did not find this mentioned.
Even though blogs with disabled comments no longer produce the link to submit a comment spambots know the URLs and forms. They submit comments directly to the comment script and by doing so bypass 'comments disabled'.
I would suggest adding a check at the actual comment submission script in order to prevent this from happening.
Change History (9)
- Component changed from Administration to Security
- Milestone changed from 2.2 to 2.1.1
comment:3 markjaquith — 7 years ago
- Milestone 2.2 deleted
- Resolution set to invalid
- Status changed from new to closed
- Priority changed from low to normal
- Resolution invalid deleted
- Status changed from closed to reopened
- Priority changed from normal to high
- Severity changed from normal to major