Spam in comments with CAPTCHA enabled

stevenew

Hi,

Been using Zenphoto for a few years now on the same sites and have always kept up to date with the latest release, currently running 1.3.1.2 [5831]. Until this week I have never had a problem with spam in the comments. This week I am suddenly getting lots of spam even though I have the simple spam filter enabled with CAPTCHA as well as name & email enabled.

Any thoughts? For now I have disabled comments as the sites are currently quiet regarding real comments.

Thanks

Steve

acrylian

Well, captcha and the simple spam filter are quite basic spam filters. I suggest to try Akisment (if that spam filter still works, since it is not officially supported).

stevenew

Hi,

OK thanks for that, I'll look in to Akisment and maybe give it a go, I guess I have just been lucky up till now!

Steve

stevenew

HI,

I know this should be obvious to me, but I thought switching comments off on the admin/album page would disable comments for the individual images within that album as well as the album, but it dosen't. Is there another way to bulk disable comments for all the images within an album other than clicking the check box on each individual image?

Yes I woke up to more spam this morning!

Thanks

Steve

acrylian

No it does not, it disables the comments on the album itself, not its images. You can disable comments on each item type (images, albums, pages, news articles) on the comment_form plugin options. If you disable that plugin you will have no comments at all.

stevenew

Thanks, I knew it must be somewhere.

Steve

warriorone

Disabling comments almost defeats the purpose of a blog. As far as I know Akismet simply places spam in a spam folder. It is also not 100% .. Of the two I would select Akismet rather than switching off comments

stevenew

@warriorone, switching off comments is just a temporary measure for now. After 3 years of no spam, finding loads every day is a bit of a shock. I don't log in to the sites everyday, so I don't want it to build up.

Regarding Akisment, I am actually at a bit of a loss how to implement it as there is no specific plugin for zenphoto. I am probably just missing the obvious.

Maybe I should just make all the users register?

Thanks

Steve

sbillard

Your most secure would be to have people who want to post become registered users. Hopefully there are not a lot of them.

There is an Akisment plugin on the Zenphoto WEB plugin pages. But it is written by a user so unless he visits here you will be pretty much on your own using it. Also, unfortunately, I have no idea of how to locate it. (I have always had problems with the site serach!)

micheall

The akismet spamfilter can be found here:

http://www.zenphoto.org/2009/11/spamfilter-akismet/

As well there's a few other spam filter plugins for zp here:

http://www.zenphoto.org/tag/spam/

I use akismet myself and it seemed to work fine while using the zen comments

stevenew

@sbillard, would I be right in presuming that if I implement user registration, the gallery would still be visible to the public but to comment registration is required?

I have started experimenting but have 3 problems with the registration plugin:

1) On the user registration that is created, I am getting HTML code visible around the text 'passwords must be at least 6 characters long and contain at least one character from each of the following groups:'

2) On the verification email that is sent only the domain is created as a link all the code after the link is just plain text, so to verify one needs to highlight the whole link and text and then cut/paste in to the browser.

3) When the verify is initiated in the browser it works but at the top of the page there are warnings (I have removed the actual server path:

Warning: pack() [function.pack]: Type H: illegal hex digit . in /path/zp-core/zp-extensions/register_user.php on line 150

Warning: Cannot modify header information - headers already sent by (output started at /path/register_user.php:150) in /path/index.php on line 120

Warning: Cannot modify header information - headers already sent by (output started at /path/zp-core/zp-extensions/register_user.php:150) in /path/index.php on line 121

Warning: Cannot modify header information - headers already sent by (output started at /path/zp-core/zp-extensions/register_user.php:150) in /path/index.php on line 122

Warning: Cannot modify header information - headers already sent by (output started at /path/zp-core/zp-extensions/register_user.php:150) in /path/themes/zenpage/register.php on line 3

I am using the zenpage theme

Thanks

Steve

sbillard

1) Yes. Users and site access are somewhat independent. You can, of course, password protect your gallery on the gallery option tab. Then only registered users can access the site.

2) I would guess your mail client is insterting line breaks on long lines. (A common problem.) Not much we can do about that on our end.

3) Probably related to #2? If the link is "damaged" it will not work. A line break in the link would constitute an invalid hex character.

stevenew

@sbillard, thanks for that, any thoughts on the first issue:

1) On the user registration page that is created, I am getting HTML code visible around the text 'passwords must be at least 6 characters long and contain at least one character from each of the following groups:'

sbillard

That would be a standard indication of the strength of passwords required. There is actually an option that determines the required password pattern. If you want less strict passwords change the "Password characters" option on the general options tab. Setting it empty means no restrictions, so no message either.

stevenew

@sbillard, I understand what the message about the password length means but I don't understand why I am seeing the raw HTML code around it on the user registration page, it appears between the re-enter password field and the enter CAPTCHA field.

sbillard

Right off hand I do not know. Perhaps a link to the site so that we can take a look at the page/html?

stevenew

@sbillard, http://www.katzentv.net/page/register

sbillard

Well, the password note is being HTML encoded. That is not done by the standard register user form. Have you made any changes in this area? Look for something like `$msg = $_zp_authority->passwordNote();` and be sure that the raw $msg is echoed: `echo $msg;` not something like `echo html_endode($msg));`

stevenew

@sbillard, I haven't changed any code related to the user registration, all I have done at this stage is check the the user registration plugin so its loaded, I haven't even changed any of the default settings yet.

I'll look for that code you mention, I presume its in the zp extenstions folder somewhere? User registration I guess?

Steve

sbillard

Looks like this was something fixed in the development stream. Look at the register_user_form.php script circa line 38 and remove the htmlspecialchars() bit.

stevenew

@sbillard, I only just got round to working on this, I removed `echo htmlspecialchars($msg,ENT_QUOTES);` which seems to have worked - thanks.

Regarding the the possible line breaks in the verification email link, I have taken the line into BBedit to look at it but cannot see any line breaks. It actually ceases to be a link right after the domain, so in the message you get `http://www.domain.net` as the link but /index.php? onwards is just text. Any you sure something isn't going wrong in the generation of the link?

Thanks

Steve

sbillard

There are no line breaks in the original message. Often mail clients will insert line breaks to be "helpful" to you for reading the message. It is a common problem with e-mailing links.

acrylian

Apples Mail likes to do this with long url as well.

stevenew

Thanks, I guess I just have to hope my users think to copy and paste the whole link in to the browser.

Steve