Blog Comments Problem Solved
February 22nd, 2006 by Angsuman ChakrabortySimple Thoughts Blog had a sporadic but consistent comment problem. On submitting comments a blank page was occasionally returned instead of the original page with the comment added. How did I debug it?
First I wanted to reproduce the error consistently. I could very rarely see this error with my Firefox browser, possibly because I remain logged in most of the time and/or cookies. So I opened Internet Explorer and cleared the cache. I created a test post and started adding comments.
I was lucky. The bug was consistently reproducible in Internet Explorer. All I had to do was refresh as post page (posting to wp-comments.php) and a blank page would be returned. My first job was done.
BTW: In the process I discovered a stupid bug in WordPress’ implementation of first time moderation. It is purely email based.
Next I had to go in the code to find out the exact location of the error in wp-comments.php. However before I did that I wanted to remember which plugins hooked into wp-comments. The only one was wp-hashcash, an excellent comment spam prevention plugin.
So before going further I disabled the plugin.
Voila, the error was gone. I was using a really old version of the plugin, probably 1.5. So I tried upgrading. However it started spewing strange database errors. So I decided to keep it disabled for now.
Now my blog is more vulnerable to comment spammers. However it will not prevent legitimate commentators from commenting anymore.
Thanks goes to James Huff, who kindly pointed me to this error for the second or third time. I couldn’t let it pass anymore thinking it was only occasional or postpone it for the next version of the site.
Filed under CMS Software, Computer Security, Firefox, Headline News, How To, Internet Explorer, Open Source Software, Pro Blogging, Tech Note, Web, Web Services, WordPress | | RSS 2.0 | Email this Article
Add to Technorati Favorites
February 22nd, 2006 at 11:58 am
I noticed the same strange database errors when using the 3.0 beta version of hashcash..
so now you are not using hashcash at all?
doesnt that mean you will get a flood of comment spam?
I am not sure now what I should use as a spam prevention solution.. maybe I should go back to the older version of hashcash..
February 22nd, 2006 at 12:27 pm
No. I have stopped using HashCash. I still have first comment moderation on. So hopefully (unless the spammer uses the exploit mentioned in this post) I will get a chance to moderate the comments before it appears on the site.
If I start getting too many spams, as before, I will opt for Bad Behavior plugin. I have heard good words about it from James Huff aka MacManx.
February 22nd, 2006 at 1:07 pm
I have been using Bad Behavior for almost a year now. It’s an excellent plugin and very effective at stopping bandwidth-wasting and email-harvesting bots as well as comment and trackback spam bots. Since the developer of Bad Behavior is never pleased by false positives, some spam comments do pass by its defenses. Once WordPress 2.0 was released about two months ago, I decided to add Akismet as a second layer of spam protection, and MacManX.com has been 100% spam-free ever since.
February 22nd, 2006 at 1:23 pm
> Bad Behavior is never pleased by false positives, some spam comments do pass by its defenses
I would support the Bad Behavior approach of focussing on eliminating false positives at the cost of letting few spams through. It is better than the overly aggresive approch of SpamKarma.
So Bad Bahavior it is then
February 22nd, 2006 at 1:33 pm
Good choice!
I should also mention that I have received absolutely no false positives during the past two months in which I have been using both Bad Behavior and Akismet. So, if you ever get tired of managing your moderation list, try adding Akismet to your mix.
February 22nd, 2006 at 10:28 pm
James,
Thanks.
I have two issues with Akismet.
Firstly I do not fall under their narrow definition of non-commercial blog
Secondly I somehow feel hesitant to hand over the control of my comments to third-party. Just from an architectural point it appears incorrect.
February 23rd, 2006 at 1:17 pm
I am not sure why, but I chmoded the file wp-hashcash.key to 666 and the database errors seem to be gone and I can access all my blogs pages fine now..
I may use bad behavior eventually but I am a bit concerned about it blocking legitimate bots like google and yahoo etc.
February 23rd, 2006 at 5:40 pm
Angsuman, you make $500 or more per moth off of Simple Thoughts?! You lucky blogger. As for third-party control, there really isn’t much there. The Akismet server evaluates each incoming comment for spam content. Comments marked as “spam” by the plugin are still stored in your database for fifteen days and viewable in a log interface. If you find a comment incorrectly marked as “spam”, just hit the “not spam” button to post it on your blog and submit to Akismet for re-evaluation and system education, and visa-versa for any spam comments that get past the plugin. Architecturally, Akismet seems like the best available anti-spam solution. The effect of the community contribution to the spam evaluating engine leads to comment spam floods being stopped across the internet in a matter of seconds. According to the Akistmet engine, there have been “4,242,796 spams caught so far, 63,824 so far today, [and] 81% of all comments are spam.” But, if you can’t or don’t want to use Akismet, Bad Behavior and a good moderation list should keep you spam-free.
Thomas, Bad Behavior shouldn’t be blocking any well-established and properly-coded legitimate bots. Bad Behavior compares existing legitimate bots to their IPs and known behavior patterns. For example, Bad Behavior will block a bot with the Googlebot user agent only if it came from a non-Google IP and/or it is not following the Googlebot’s behavior pattern. If you are concerned, just check Bad Behavior’s log each day. For more information, look for the commented fields inside each of Bad Behavior’s files.
February 23rd, 2006 at 11:03 pm
James,
Shh
Though I have to admit things are slowing down a bit for unknown reasons.
You have convinced me wrt. Akismet. I will definitely try it.
BTW: I noticed after eliminating wp-hashcash, I have started getting lots of legitimate comments. It appears wp-hashcash was eating (due to the bug you found) much more than just illegitimate comments.
February 24th, 2006 at 11:20 am
Just wanted to give you a heads up.. at 12:17 PM eastern time I got a “cannot connect to database error” when trying to access your page..
probably just a fluke but thought i should let you know
February 24th, 2006 at 12:35 pm
Thomas,
Thanks for the heads-up.
Best,
Angsuman
July 7th, 2006 at 11:22 pm
There’s a new release of Bad Behavior out which should address your issue of false positives, especially from various South Asian countries (it has a strict mode, which you want to disable to allow this traffic).
Combined with Akismet, you should no longer see 3000 spams a day
July 7th, 2006 at 11:51 pm
Thanks Michael. I will try it out.
February 3rd, 2007 at 11:41 am
I’ve found that Akismet gives that blank page error on posting now (with WP 2.0.7). The Akismet guys said they addressed the bug, but the new version still gives me the same problem.
Re-enabling Akismet even after it’s been deactivated reveals the spams that have been coming in and that it’s trapping them even though the plugin is disabled, which is almost a miracle! Moreover, it revealed several false positives that I had to de-spam…
Really not sure what’s going on.