New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Akismet: Spam comments are added to Subscriptions #250

Closed
IvanRF opened this Issue Mar 6, 2016 · 23 comments

Comments

Projects
None yet
5 participants
@IvanRF

IvanRF commented Mar 6, 2016

I just received one Spam comment detected by Akismet and the plugin added an entry in the Subscriptions with Delivery = weekly (default is daily) and Status = unconfirmed.

Mail Queue and Event Log is empty, maybe because in my WP settings all comments must to be approved.

So, luckily the confirmation mail was not sent to the Spam account (is what I guess from the log). However, I don't like the idea of having to remove an entry from Subscriptions every time I get one Spam.

@IvanRF

This comment has been minimized.

IvanRF commented Mar 6, 2016

I just sent a confirmation to myself and it was not present in the Queue Log, so I have no way to tell if the plugin sent or not a mail to the Spam account.

@raamdev

This comment has been minimized.

Contributor

raamdev commented Mar 8, 2016

I just sent a confirmation to myself and it was not present in the Queue Log, so I have no way to tell if the plugin sent or not a mail to the Spam account.

Yes, there's an issue for that open here: #196

I just received one Spam comment detected by Akismet and the plugin added an entry in the Subscriptions with Delivery = weekly (default is daily) and Status = unconfirmed.

Hmm, that shouldn't happen. If Akismet flags something as spam, Comment Mail should be ignoring it. Marking this as a bug that needs testing.

@raamdev raamdev added this to the Next Release milestone Mar 8, 2016

@raamdev raamdev changed the title from Akismet / Spam support to Comment Mail does not ignore comments flagged as spam by Akismet Mar 8, 2016

@raamdev raamdev changed the title from Comment Mail does not ignore comments flagged as spam by Akismet to Comments flagged as spam by Akismet are not ignored Mar 8, 2016

@IvanRF

This comment has been minimized.

IvanRF commented Mar 8, 2016

Hmm, that shouldn't happen. If Akismet flags something as spam, Comment Mail should be ignoring it. Marking this as a bug that needs testing.

I currently have 6 spams, and they were not added in Subscriptions. So, it is working.

The strange thing is that Delivery was set to weekly, so maybe this was a real comment (not bot) marked as Spam by Akismet. When I had this issue I didn't realized I had 2 pages of spam and I emptied all, so if it was a real comment I lose it. Nevertheless, it should not have been added. If I face this again, I will include more details.

@raamdev

This comment has been minimized.

Contributor

raamdev commented Mar 8, 2016

@IvanRF Great! Thank you. I was just reviewing the code and I see that Comment Mail should already be obeying Akismet, so I'm not sure how an Akismet-flagged comment would have a subscription created by Comment Mail.

I'll leave this GitHub issue open for now, pending any future feedback.

@raamdev raamdev removed this from the Next Release milestone Mar 8, 2016

@IvanRF

This comment has been minimized.

IvanRF commented Mar 14, 2016

This happened again. This time I know the confirmation mail was sent from the Email log data.

14-3-2016 12-11-51 p- m-

14-3-2016 12-12-27 p- m-

The IP 178.137.93.120 is from Ukraine.

@IvanRF

This comment has been minimized.

IvanRF commented Mar 14, 2016

I use Wordfence but I don't know if they send emails to Spam too. This is from Wordfence log:

[Mar 13 08:58:42] Scanning comment with Author: flqlplqo Email: yealiw@bjjxxe.com Source IP: 178.137.93.120
[Mar 13 08:58:42] Checking 7 host keys against Wordfence scanning servers.
[Mar 13 08:58:42] Done host key check.
[Mar 13 08:58:42] Scanned comment with Author: flqlplqo Email: yealiw@bjjxxe.com Source IP: 178.137.93.120
@IvanRF

This comment has been minimized.

IvanRF commented Mar 31, 2016

@raamdev some more proofs. I just emptied the Spam comments and there are 3 subscriptions still there:

31-3-2016 4-00-31 p- m-

31-3-2016 3-59-27 p- m-

Event Log:
31-3-2016 4-07-39 p- m-

@IvanRF

This comment has been minimized.

IvanRF commented Apr 1, 2016

I just checked the Subscriptions table before deleting Spam comments, and the Subscriptions are added for Spam comments.

Spam comments
31-3-2016 10-06-42 p- m-

Subscriptions
31-3-2016 10-07-26 p- m-

@IvanRF IvanRF changed the title from Comments flagged as spam by Akismet are not ignored to Akismet: Spam comments are added to Subscriptions Apr 1, 2016

@raamdev

This comment has been minimized.

Contributor

raamdev commented Apr 4, 2016

@IvanRF Thanks for the additional info. It looks like this needs more testing on our end.

@gretlouise

This comment has been minimized.

gretlouise commented Apr 25, 2016

I am receiving "Mail delivery failed: returning message to sender" emails for every "confirm subscription" email that was sent to a spam commenter. This is definitely still an issue.

@IvanRF

This comment has been minimized.

IvanRF commented May 15, 2016

Today a bot that has nothing better to do sent 350 spam comments to my site and 294 subscriptions were created for those spam mails. Any news with this issue?

@IvanRF

This comment has been minimized.

IvanRF commented May 15, 2016

@raamdev I noticed that removing a comment which is not spam triggers a subscription removal, but using the "Delete permanently" option from the Spam page does not trigger a subscription removal.

(today I had other 450 spams, I closed comments on that page for now...)

@IvanRF

This comment has been minimized.

IvanRF commented May 16, 2016

Tired of doing this work, I did a research on blocking spam before being marked as Spam and I found this plugin: https://wordpress.org/plugins/wp-spamshield/
So far blocked 250 spams with no false positives. Excellent to avoid all the DB processing that my site was having.

@raamdev

This comment has been minimized.

Contributor

raamdev commented May 16, 2016

@jaswsinc It looks like we just need to add the following here:

if($this->comment_status == 'spam')
     return; // Not applicable.

Do you agree?

@raamdev raamdev added this to the Next Release milestone May 16, 2016

@jaswrks

This comment has been minimized.

Member

jaswrks commented May 16, 2016

Agree :-)

raamdev added a commit to websharks/comment-mail-pro that referenced this issue May 17, 2016

@raamdev

This comment has been minimized.

Contributor

raamdev commented May 17, 2016

@IvanRF I've submitted a patch for this to our dev branch, but if you could test this by modifying includes/classes/comment-post.php#L79 by adding the following, that would be great:

        if($this->comment_status == 'spam') {
            return; // Not applicable.
        }

This is the sort of thing that's hard to test unless you already have a site getting spam. I guess this is one case where we need a site to get some spam to really test it. 😆

raamdev added a commit to websharks/comment-mail-pro that referenced this issue May 17, 2016

raamdev added a commit to websharks/comment-mail-pro that referenced this issue May 17, 2016

raamdev added a commit to websharks/comment-mail-pro that referenced this issue May 17, 2016

@raamdev raamdev self-assigned this May 17, 2016

@IvanRF

This comment has been minimized.

IvanRF commented May 21, 2016

@raamdev I thought I had this under control with wp-spamshield but they do have false positives 😠 and were blocking some real comments.

So, back to Akismet, I added those 2 lines on comment-post.php and in the last 30 minutes I got 6 spams and nothing went to Subscriptions. Thus, the fix works!

I'll let you know more in the next days, since more spam is coming... 😩

@raamdev

This comment has been minimized.

Contributor

raamdev commented May 21, 2016

the fix works!

Thank you for confirming that! I'll make sure this fix gets pushed out with the next update. Good luck with the spam. 😞

@raamdev raamdev added bug and removed needs testing labels May 21, 2016

@raamdev

This comment has been minimized.

Contributor

raamdev commented May 21, 2016

Next Release Changelog:

  • Bug Fix: Fixed a bug that allowed spam comments to create subscriptions in Comment Mail when using Akismet. Props @IvanRF. See Issue #250.

@raamdev raamdev closed this May 21, 2016

@graylaurenm

This comment has been minimized.

graylaurenm commented Jun 12, 2016

Is there a known date when the version with this fix be released? I have a client with the same problem. Actually, she has 63,637 entries in the subscriptions event log and they are even subscribed?! They are clearly spam emails.

By the way, and off-topic, @IvanRF did SpamShield allow you to work with email replies? We tried Anti-Spam in the past but it blocks Comment Mail email replies.

@IvanRF

This comment has been minimized.

IvanRF commented Jun 12, 2016

@oncecoupled no idea, as I said wp-spamshield was blocking real comments in my site so I remove it. I manually modified the line which solves this issue in the Comment Mail code for my site.

@raamdev

This comment has been minimized.

Contributor

raamdev commented Jun 13, 2016

@oncecoupled A release candidate was published a few days ago that includes the fix described here (see announcement). We usually publish a general availability release a week or so after the RC (to give us enough time for testing). Thanks for your patience!

Note: If you'd like to be notified about release candidates, please sign-up to be a beta tester here.

raamdev added a commit that referenced this issue Jun 18, 2016

Phing release of v160618 with the following changes:
- **Restructured Codebase**: The codebase has been completely restructured to improve performance, enhance flexibility, and make it easier to build in new features! Props @jaswsinc. See [Issue #150](#150).
- **Comment Mail Pro Upgrade Notice: Incompatible Advanced Templates.** This version of Comment Mail includes a rewritten and improved codebase. This rewrite, however, came with the unfortunate side effect of breaking backwards compatibility with Advanced Templates that were customized in a previous version of Comment Mail Pro.

     If you are currently using Comment Mail Pro and you've customized your Advanced Templates, all of your customized Advanced Templates will be backed up and the templates will then be reset to their new defaults. You will find the backup of your old customized template appended to the bottom of the new template, separated with a  <code>Legacy Template Backup</code> PHP comment. See [example screenshots](#238 (comment)).

     Note: This change has no effect on Simple templates—only Advanced Templates are affected. Advanced Templates are a Pro-only feature, so this notice only applies to Comment Mail Pro. See [Issue #238](#238).
- **Bug Fix**: Fixed a bug where `esc_html()` was being used where `esc_sql()` should've been used. Props @jaswsinc @kristineds. See [Issue #268](#268).
- **Bug Fix**: Fixed a bug that in some scenarios resulted in a "DB table creation failure" error when activating the plugin. Props @thienhaxanh2405, @PanNovak, @kristineds, and @jaswsinc. See [Issue #260](#260).
- **Bug Fix**: Fixed a bug where "New reply" notification emails were not being parsed properly by some Hotmail accounts and were showing up as blank. Props @kristineds. See [Issue #259](#259).
- **Bug Fix**: Fixed a bug that allowed spam comments to create subscriptions in Comment Mail when using Akismet. Props @IvanRF. See [Issue #250](#250).
- **Bug Fix** (Pro): When Chrome or Firefox Autofill Username/Password was enabled, the Comment Mail Pro Updater fields would incorrectly be autofilled by the browser with invalid credentials. This has been fixed. Props @renzms. [Issue #274](#274).
- **Bug Fix**: Fixed a bug where the cron job for the Queue Processor could get deleted and never recreated, which would result in notifications getting stuck in the Mail Queue and not being sent out. If you ever installed Comment Mail and then deleted it (without first disabling Data Safeguards), and then installed Comment Mail again, you were probably affected by this issue. This release fixes the issue and makes the cron setup more robust. Props @kristineds, @renzms, @jaswsinc, and @IvanRF for help testing. See [Issue #194](#194) and [Issue #173](#173).
- **Bug Fix:** Fixed a bug where a subscriber who selected Hourly Digest and who had never been notified before could, in some scenarios, have their subscription treated instead as a Weekly Digest. This bug was found and fixed during the codebase restructuring. Props @jaswsinc. See [Issue #150](#150) and additional discussion in [Issue #173](#173 (comment)).
- **Bug Fix:** Fixed a bug where in some scenarios Mail Queue entries for Digest Notifications that should have been held for sending later were not being held and were also not being sent. They also would not have shown up in the Mail Queue Event Log. This bug was found and fixed during the codebase restructuring. Props @jaswsinc. See [Issue #150](#150) and additional discussion in [Issue #173](#173 (comment)).
- **Enhancement**: Minor improvements to the Options Page menu links and positioning of the Pro Preview link. Props @renzms. See [Issue #227](#227).
- **Enhancement**: It's now possible to use the following shortcodes in the Email Footer Tag for Email Footer Templates: `[home_url]`, `[blog_name_clip]`, and `[current_host_path]`. Props @kristineds and @IvanRF. See [Issue #246](#246).
- **Enhancement**: Improved the Subscriptions meta box that appears on the Post Edit screen. For each subscription, the meta box now lists the full name and email address, the date the subscription was created, and a view link that allows you to view/edit the subscription. Props @kristineds. See [Issue #231](#231).
- **UX Enhancement (Pro)**: Improved the Dashboard notice that appears when you try to enable the Pro version of Comment Mail when the Lite version is currently enabled. Props @kristineds @jaswsinc. See [Issue #230](#230).
- **UX Enhancement**: When Subscribing Without Commenting, the Add New Subscription form now pre-populates the Name and Email address fields whenever possible. Props @kristineds. See [Issue #204](#204).
- **UI Enhancement**: Dashboard notices generated by Comment Mail now use the WordPress-style dismiss button to keep things consistent. Props @kristineds. See [Issue #193](#193).
@raamdev

This comment has been minimized.

Contributor

raamdev commented Jun 19, 2016

Comment Mail v160618 has been released and includes changes from this GitHub Issue. See the v160618 announcement for further details.


This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#250).

@websharks websharks locked and limited conversation to collaborators Jun 19, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.