-
-
Notifications
You must be signed in to change notification settings - Fork 26
-
-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IP address check will produce a lot of false positives #177
Comments
Are there any real world numbers on the percentage of Spam blocked by IP checks? Generally, version 2, separating the steps technically, might be a good idea, even if the IP filter is dropped. If the filter stays, I'd like to put one more suggestion into discussion, that is add a filter to automatilly skip the check, even if enabled, on such "addresses". Could match empty strings and local addresses (loopback and server's IP(s)) by default. This also fixes potential pre-existing issues with intransparent or just badly configured reverse proxies. |
There are at least two occurrences to check:
|
I think the cleanest way forward here would be remove the IP-check for the local database, but leave the others in place. |
Am I missing something or is the IP-check not removed? @websupporter |
@Zodiac1978, after some legal consultation by @krafit, we came to the conclusion, we can save a hash of the IP and check the IP of the currently incoming comment with the hashes, we have saved in the database. |
@websupporter This is not a legal question. It is about: What happens if every IP is changed to 127:0:0:1 or an empty value. Does it break our checks? |
No @Zodiac1978. We save it by our own. What I mean, we have WP plugins out there, which alter the IP address when the comment is saved. So we shouldn't rely on the saved data in What we rely on is |
With the GDPR coming, a lot of people will delete the IP address automatically, leaving an empty string or 127.0.0.1 or something similar. If this happens before our IP comparison, it will produce a lot of false positives. If it happens after our IP comparison, the comparison is useless.
We should consider to refactor this check.
This is, what I see right now:
We should do this quite soon.
The text was updated successfully, but these errors were encountered: