Page 1 of 2

suggest enhance comments moderation

PostPosted: Thu Nov 18, 2010 2:53 am
by smithfox
1. can batch delete garbage comments
there are more advertisement comments by robot.

2. can disable one entry comments function, but do not affect other entries.

Thanks
-Smith

Re: suggest enhance comments moderation

PostPosted: Thu Nov 18, 2010 10:14 am
by Harm10
I think batch deleting would be hard to implement. What criteria to use for example?
In stead you could activate the anti spam question. In that case it would become very hard for robots to publish fake comments.

You can (de)activate the possibility of comments per entry in the Allow comments radio button.

Re: suggest enhance comments moderation

PostPosted: Thu Nov 18, 2010 3:42 pm
by hansfn
We had a batch spam remover for Pivot - I just haven't had time to convert it to a PivotX extension. Will do some time.

Re: suggest enhance comments moderation

PostPosted: Fri Nov 19, 2010 1:22 am
by smithfox
we need not complex intelligent implements, just add checkbox before every comments, we can check all, and then click delete button

about the former second question, it's my inattention. Pivotx have already implements the function ! :)

I have another issue, need your help:

When I login as admin to prepare moderating comments, the page automatically open "windows media player", and also invoke a applet program. It's terrible!!

After I delete those spam comments, everything go well.

So I strongly recommend Pivotx admin add an option "only show comments as 'plain text' in admin windows", do not leave any chance to those spam do some bad action

Thanks
-Smith

Re: suggest enhance comments moderation

PostPosted: Fri Nov 19, 2010 11:14 am
by hansfn
Hm, comments should be displayed as plain text - HTML tags aren't allowed. This sounds a major bug/security issue. What version of PivotX are you using? I'll fix this immediately, if it hasn't been fixed in the current development version.

Re: suggest enhance comments moderation

PostPosted: Sat Nov 20, 2010 5:57 am
by smithfox
I'm using pivotX2.2, I can not sure the issue caused by the comments, But any way, we can provide choice to end-user administor.

Thanks
-Smith

Re: suggest enhance comments moderation

PostPosted: Sat Nov 20, 2010 4:34 pm
by hansfn
I have tested with a comment
<xss>evil</xss>

and the tags are stripped before saving the comment to the database. Looking at the code confirms this: The only allowed tags that are allowed (unless you have set "allow_html_in_comments" in the advanced configuration) are b, em, i and strong. (Also the javascript/onwhatever attributes are removed.) Conclusion: I don't understand how
... a page automatically open "windows media player", and also invoke a applet program. It's terrible!!

could happen. Were those new comments?

Re: suggest enhance comments moderation

PostPosted: Tue Nov 23, 2010 5:30 am
by smithfox
During those days, I struggled against with a web Trojan virus, which always append some <ifram> and <img> to my pages.

Then I do a test: write a simplest php as index. but the Trojan still there.

So I conclude that the Trojan virus is from my web host vendor.

I have sent Email notify them.

The Trojan virus is very sly, Every client IP only be sent once the trojan code everyday, so it is very difficult to catch it.

So the root cause mostly is not PivotX, but the issue remind us we should be careful those virus spam.

Thanks
-Smith

Re: suggest enhance comments moderation

PostPosted: Sat Dec 04, 2010 3:42 am
by smithfox
Could you add a feature in some next release?
Add a verify method for preventing comments robot.
For example:
when someone submit comments, pivotx check whether the comments content start with "###", if not will fail.
every blog admin can set his/her blog's specail authentication string.

The feature can be closed in admin setting.

Re: suggest enhance comments moderation

PostPosted: Sat Dec 04, 2010 9:42 am
by hansfn
This won't add any protection compared to the current HashCash spam protection.

PS! A lot spam is unstoppable because it's posted manually (for a very low pay).