Comments on: Comment Notifier Plugin for Wordpress. http://i-gorod.org/itblog/2009/07/19/comment-notifier-plugin-for-wordpress/ Personal web site of Ilya Gorodnyanskiy Sun, 05 Sep 2010 06:05:14 +0000 http://wordpress.org/?v=2.8 hourly 1 By: Ilya G. http://i-gorod.org/itblog/2009/07/19/comment-notifier-plugin-for-wordpress/comment-page-1/#comment-29837 Ilya G. Tue, 21 Jul 2009 18:46:34 +0000 http://i-gorod.org/itblog/?p=69#comment-29837 Unfortunately, I must temporaly disable this plugin. Two days later I noticed, that it's a nice backdoor for the spam bots. I suppose, that the main reason is that "Comment Notifier" does not support any interaction with capcha plugin. So following happens: a spam bot sends a message to my cms. Its message is ignored by the comments plugin, because the robot cannot authorize itself as a human. But the Comment Notifier plugin saves this message in its database table and sets the bot on the subscriber list. The result is - all the users, who have ever left a comment for a particular posting and subscribed for notification, receive this spam message. Sure, to fix it is just a matter of 5 minutes... but I guess I'll have this time only next weekend. Unfortunately, I must temporaly disable this plugin. Two days later I noticed, that it’s a nice backdoor for the spam bots. I suppose, that the main reason is that “Comment Notifier” does not support any interaction with capcha plugin. So following happens: a spam bot sends a message to my cms. Its message is ignored by the comments plugin, because the robot cannot authorize itself as a human. But the Comment Notifier plugin saves this message in its database table and sets the bot on the subscriber list. The result is – all the users, who have ever left a comment for a particular posting and subscribed for notification, receive this spam message.

Sure, to fix it is just a matter of 5 minutes… but I guess I’ll have this time only next weekend.

]]>