Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By mrb on
Is anyone else getting spammed with empty comments? ie both subject and body are blank.
I've started getting them right after completing the 4.7.2 upgrade. I'm assuming they are from spammers as they arrive in groups of two or three from IP addresses all around the world.
Any ideas what changes in 4.7.2 could allow this? I was not getting the problem with 4.7.0.
If I visit the site and try and enter a blank comment as an anonymous user it will give me an error message. So not sure how the spammers bypass that?
I've also installed captcha. Again, it works for humans, but the spam still gets around it.
Any ideas?
Regards, MrB
Comments
not blank?
Maybe it's a space or some HTML that's getting filtered out by your default input type filter.
Good point
I'll try escaping instead of stripping in the HTML filter and see if that shows anything.
But how are they getting past the captcha?
MrB
Doesn't seem to be the input filter.
I'll try and get more information about why these blank comments are accepted, but any more suggestions where to start looking will be gratefully received.
MrB
See report and temporary fix at http://drupal.org/node/67972
http://drupal.org/node/67972
petermoulding.com/web_architect
petermoulding.com/web_architect