login clarification

[defacto7]

It seems I can leave a comment to my blog or forum without being logged in or registered. I have the self registration plugin setup and spam protector.... but I can comment anyway. It is set to only allow a comment if registered. There are 2 possibilities that I can think of: one is that my blog is wide open for comments when it shouldn't be and the other is that it knows I am writing from my IP address and allows it.

I'm a little worried this is like very insecure... Help!

Under the circumstances I probably should not post my blog address here but I could PM it if you want to check.

Thanks

[garvinhicking]

Hi!

So when you go to yourblog/serendipity_admin.php you are asked to log in, right?

Please tell us your s9y version number, version numbers of the involved plugins and what exactly your ocnfig settings are for those 2 plugins you mentioned.

Regards,
Garvin

[defacto7]

Thanks .....

So when you go to yourblog/serendipity_admin.php you are asked to log in, right?

Yes. Logging into the admin is working correctly. I get an email if someone makes a comment. I get an email if someone registers and they are added to the users. What is not happening is they can comment without registering and I cannot mediate the message; it's added anyway.

Please tell us your s9y version number, version numbers of the involved plugins and what exactly your ocnfig settings are for those 2 plugins you mentioned.

s9y - 1.5.4

User Self-registration 2.34
Default userlevel Editor
Disable user / forbid activity? No
Rights: Publishing entries? Yes
Show sidebar login box? Yes
Straight insert? No
Registered users need admin approval?
If enabled, administrators will first need to approve new users before they receive an email. No
Use Captchas No


Spam Protector 1.77
Emergency comment shutdown No
Disable spamblock for Authors None
Do not allow duplicate comments Yes
Reject comments which only contain the entry title Yes
IP block interval .5
Forbid direct comments (XSRF protection) Yes
Enable Captchas No
- (captcha con't)
-
-
Force comment moderation after how many days 30
What to do with comments when being auto-moderated? Moderate
Trackback/Pingback: ip validation Moderate
Exclude URLs from IP Validation ----
Force API comment moderation after how many days 30
What to do with trackbacks/pingbacks when being auto-moderated? Moderate
How to treat comments made via APIs Moderate
Check trackback/pingback URLs No
How many links before a comment gets moderated 7
How many links before a comment gets rejected 13
Activate wordfilter Moderate
Wordfilter for URLs -------
- (filters con't)
-
-
Activate URL filtering by blogg.de Blacklist None
- (blacklist con't)
-
-
Hide E-Mail addresses of commenting users No
Check e-mail addresses? No
Required comment fields name,email,comment
Block bad IPs via HTaccess? Yes
Choose logging method File
- (logfile)
- (captcha example)

That's it I think....

[garvinhicking]

Hi!

You only mentioned the configurtion of the sidebar plugin of the user self-registration plugin. It also comes with an event plugin, and that's the one responsinble for the option to allow comments only for registered authors...?

Also, which other event plugins are you using? Maybe one of them is interfering (like DNSBL spamblock plugin, which comes to my mind)

HTH,
Garvin

[defacto7]

Oh boy...

There is no event version of the user self-reg plugin!

I just clicked the "install new event" link to add it and got the following:

Trying to open URL package_event_en.xml...
Fetched 430192 bytes from already existing file on your server. Saving file as /var/www/blah.blah.com/serendipity/templates_c/package_event_en.xml...

Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 512 bytes) in /var/www/blah.blah.com/serendipity/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line 272

This sounds like a different problem...

I do have the RBL and SURBL spam plugins installed... the RBL one is not set up yet.


BTW... the install side bar plugin link works.

[garvinhicking]

Hi!

Ok, you definitely need to install that event plugin. Seems your provider only allows 16MB of memory; you can count about 1,5M of memory usage for each active event plugin, so you might need to reduce on amount of plugins if possible -- or you need to contact your provider to raise the PHP memory_limit to something higher.

You should think about not using RBL and SURBL plugins; those tend to over-refuse many valid comments, and especially if multiple anti-spam plugin are involved those usually do less good than more. Especially if you plan on allowing comments only for registered authors, those two plugins should not be required at all.

HTH,
Garvin

[defacto7]

Thanks... actually, I am my own provider.... I haven't set any limits on the server that I know of. I can check but is there any other reason why I'd get that error message?

Edit: I just checked my Apache php config... it seems the default is 16M.. I just raised it and the add event plugin works now... I will go ahead and try to add the plugin....

[defacto7]

It looks like that did the trick! Thanks.

[garvinhicking]

Hi!

Great to hear that. Hope you have fun using Serendipity, report back here if you have any more issues

Regards,
Garvin