News module + disable not working?

[cmlawson]

I'm getting a lot of p*** comments on my news posts. When I go in there and choose either 'private' or 'disabled' in the commenting section, I'm still getting comments. Am I misunderstanding how this is supposed to work? I'm assuming that if I put 'disabled' that people shouldn't be able to comment?

[ruebenwurzel]

Hello,

disabling the contents only makes it invisible. The code is already present and reachable from spams as they use the url to the commenting page.

Unfortunately there exists no easy solution how to prevent Spam from news commenting once the spammer has the Url. One possible Solution could be to rewrite the news core files to use the calculate tool from guestbook 2.0 instead of captcha or to disable the whole commenting scripts in core files of news modul.

Matthias

[cmlawson]

Matthias,

Thanks for the response. I guess I won't use the news module on that site, huh?

cml

[jena6]

I am having the same problem, but it seems to be only on posts that were once public.
I am putting all new posts out with commenting disabled, but I still have to go back and delete 2 or 3 drug/sex related comments every day.
As a temporary fix, I wish I could find a module that would allow me to see all comments either site-wide or page-wide so I could delete them quicker.  Does anyone know of such a module?
kh

[cmlawson]

I am having the same problem, but it seems to be only on posts that were once public.
I am putting all new posts out with commenting disabled, but I still have to go back and delete 2 or 3 drug/sex related comments every day.
As a temporary fix, I wish I could find a module that would allow me to see all comments either site-wide or page-wide so I could delete them quicker.  Does anyone know of such a module?
kh

It would be better if we could just take commenting out. That spam is not going to go away you know.

Which line of code could we comment out so that it would fix the issue? It would be really helpful!

cml

[jena6]

This will work, but it is extreme.  Rename or delete the following files...yourwebsite bakerroot/modules/news/comment.php and comment_page.php.  I do not guarantee that there will not be other problems caused by this, but now comment posters get a 404 page.

[jena6]

might be better to rename submit_comment.php or save_comment.php.  I don't know, I'm a noob, but I renamed them all and I don't think there will be any more spam comments.  Unfortunately, no more real comments, either.

[cmlawson]

Instead of a 404 I'm was thinking maybe we could just HTML comment out the link so that they couldn't even get to the form at all?

Did renaming the whole file have any adverse affects so far?

[jena6]

No need, if you set the commenting to disabled, I think the only ones who will find these pages are the spammers, and I like them to get the 404.
I added back the comment.php, that allows us to display, but without the submit and save, I hope to lockout the spammers.  As for me fixing the php, i'm a green screen programmer, i picked up html, css, website baker in the last month in my spare time.  I hope to pick up php and mysql in the next couple of months, but my old green screen programming work is keeping me too busy!
Until then, the best I can do is hacks like this.  I'm hoping some old pro will pick up on this and give us better advice, cause i'm totally ignorant at php.  Maybe if my other business turns down...

[kingttx]

Oh wow, there has to be a fix to this one. I have the exact same issue and was hoping that upgrading from 2.6.4 to 2.6.7 will fix it. Since I'm not an advanced coder, this is beyond me, but there should be a check from the save comment page to see what the page's comment status is. If it's disabled, don't allow a post.

Is that possible?

[kweitzel]

The main issue here is that these sites have already been spidered by Google and others. So the spammers know, that the files exist.

New Site is easier to protect:

1) Obscure (rename) the admin folder and reflect this in the config file
2) maybe protect the folder with .htaccess
3) rename the pages directory
4) define a robots.txt which allows only spidering of the pages directory and nothing else

cheers

Klaus