“Detect spambots posting comments” option is blocking all comments.

Hi @jlmwp,

According to me it should be cache issue that the spam bot to detect the keys do not match in comment form with database.

WP security > Spam prevention > Comment spam

You may set the Spam comments detected should be: Marked as spam instead the Discarded

WP security > Spam prevention > Comment spam IP monitoring

Enable auto block of spam comment IPs: disable it right now.

I can not see the pastebin url you sent it shows 404 for me.

We have worked on the fix for the cache plugin issue where the cache page have older spam detection key than in DB but what you have issue without the Cache plugin so have to cross check.

If you can share that url again and make sure the antibot keys are added.

https://snipboard.io/5aY2Gw.jpg

Hello

Thank you for you answer. I’ll add some captures of what I did this time.

I changed the settings as you described.

On the site, I checked the comment form for the antibot keys. They were added.

I added two comments. This time my IP was not blocked, but both comments were marked as spam.

I tried this same test on a brand new installation. The comment was also marked as spam.

This is my dev site which is a clone of the production site with all others plugins disabled and the default theme: https://dev2.bicicosas.cl/cuales-son-los-accesorios-basicos-para-mi-bici-nueva/

This is another dev site which is the new instalation: https://dev3.bicicosas.cl/2024/09/25/hello-world/

Thank you.

Hi @jlmwp

Do you have Akismet Anti-Spam plugin active ?

I am asking though you mentioned that not any other plugin installed. As if it is active it may create problem and it is default installed.

I cross checked installing fresh setup the latest WordPress 6.6.2 and AIOS 5.3.3 and storefront as theme activated it do not mark as spam in my local

https://snipboard.io/T9dysY.jpg

I have posted comment on the below comment form page but it might be in spam Please cross check there..

https://dev3.bicicosas.cl/2024/09/25/hello-world/

HTTP_REFERER and HTTP_USER_AGENT are blank or the keys for form hidden field and set cookies if do not match it is marked as posted from bot.

Regards

Hello

I checked and only this this plugin is active

Your posted comment was indeed marked as spam. I also tested with my admin user while logged, and a test from a mobile device. All were marked as spam.

These are the headers I recovered from the last test.

• GENERAL
  Request URL: https://dev3.bicicosas.cl/wp-comments-post.php
  Request Method: POST
  Status Code: 302 Found
  Remote Address: 200.73.115.33:443
  Referrer Policy: no-referrer
• RESPONSE
  cache-control: no-cache, no-store, must-revalidate, max-age=0
  content-length: 0
  content-type: text/html; charset=UTF-8
  date: Tue, 08 Oct 2024 14:48:50 GMT
  edit: Set-Cookie (.*) “$1;HttpOnly;Secure”
  expires: Wed, 11 Jan 1984 05:00:00 GMT
  location: https://dev3.bicicosas.cl/2024/09/25/hello-world/#comment-6
  referrer-policy: no-referrer
  server: LiteSpeed
  set-cookie: comment_author_05523445a92ef4e351aef48dc345c80b=%20; expires=Mon, 09-Oct-2023 14:48:50 GMT; Max-Age=0; path=/; secure
  set-cookie: comment_author_email_05523445a92ef4e351aef48dc345c80b=%20; expires=Mon, 09-Oct-2023 14:48:50 GMT; Max-Age=0; path=/; secure
  set-cookie: comment_author_url_05523445a92ef4e351aef48dc345c80b=%20; expires=Mon, 09-Oct-2023 14:48:50 GMT; Max-Age=0; path=/; secure
  setifempty: Referrer-Policy: same-origin
  strict-transport-security: max-age=300; includeSubDomains; preload
  vary: User-Agent
  x-content-type-options: nosniff
  x-frame-options: sameorigin
  x-permitted-cross-domain-policies: none
  x-powered-by: PHP/8.1.29
  x-redirect-by: WordPress
  x-xss-protection: 1; mode=block
• REQUEST
  :authority: dev3.bicicosas.cl
  :method: POST
  :path: /wp-comments-post.php
  :scheme: https
  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
  accept-encoding: gzip, deflate, br, zstd
  accept-language: es,en-US;q=0.9,en;q=0.8
  cache-control: no-cache
  content-length: 172
  content-type: application/x-www-form-urlencoded
  cookie: jeost9tk=wkdl0i0lu65v; dea3ct95=9q3qcnx7c6ui; le67hezg=harnpbrxk5r7
  origin: null
  pragma: no-cache
  priority: u=0, i
  sec-fetch-dest: document
  sec-fetch-mode: navigate
  sec-fetch-site: same-origin
  sec-fetch-user: ?1
  upgrade-insecure-requests: 1
  user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1

According to your suggestions. I dont know if i’m undestanding this right, but i’ll try.

• “HTTP_REFERER and HTTP_USER_AGENT are blank”

I could not find the “HTTP_REFERER” header, but on the “General” headers, the “Referrer Policy” is set to “no-referrer” and on the Request Headers, the “user-agent” is set to “Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1”

• ” or the keys for form hidden field and set cookies if do not match”

This is the html code for the antibot-keys

<p class="comment-form-aios-antibot-keys">
	<input type="hidden" name="n5aip6c1" value="ha25m2vs4aa1">
	<input type="hidden" name="ffqu9qt4" value="lodm1911pb2x">
</p>

And on the Request headers, i only found this header

“cookie: jeost9tk=wkdl0i0lu65v; dea3ct95=9q3qcnx7c6ui; le67hezg=harnpbrxk5r7”

I dont know if any of this could be the reason.

One thing. Our hosting has very strict rules for Modsecurity. Could this be related somehow?

Thanks.

Hi @jlmwp,

We have worked on improvement to cache-related issue for comment spam.

Can you please uplaod the below zip as Add new plugin to replace existing AIOS plugin.

https://gofile.io/d/ZIpjYR

It has option “Use cookies to detect comment spam” you may uncheck it so cookies are not used.

https://snipboard.io/PbwS81.jpg

Then you cross-check adding comment, It is still in the spam, If not then it is cookie issue.

Mod security rules, Please ask the hosting provider do they have any such comment spam feature. I see less chance.

Regards

Hello.
Thank you for the update.

I downloaded the file you sent. I uninstalled and deleted the installed version. Then I uploaded and installed the new file.

I applied the configuration you sent and re tested the comment.

The comment was marked as spam.

Regards.

Hello
I asked to my hosting about this. They say that the only blocking made by ModSecurity in the test domain, is to the file xmlrpc.php, and none of the IPs match the ones of the comments.

This is a capture they sent me

The web server we use is Litespeed. Could this be the cause?

Regards.

Hi @jlmwp

Thanks for installing that so we know that it is not the session issue.

And as per hosting provider also mod seucurity issue.

Can you please enable the debug log by adding below in wp-config.php , If below is too much technical also let me know.

// Enable WP_DEBUG mode
define( 'WP_DEBUG', true );

// Enable Debug logging to the /wp-content/debug.log file
define( 'WP_DEBUG_LOG', true );

And if possible change the is_comment_spam_detected in below mentioned file as per below code to have two error log entries to know if spam bot detection is by one of that reasons. Once you change the function try add the comment it will be marked spam but wp-content/debug.log will have one of below entries so we may know what is the issue,

/wp-content/all-in-one-wp-security-and-firewall/classes/wp-security-comment.php

public static function is_comment_spam_detected() {
		$return = false;
		if (!is_user_logged_in()) {
			if (empty($_SERVER['HTTP_REFERER']) || false === stristr($_SERVER['HTTP_REFERER'], parse_url(home_url(), PHP_URL_HOST)) || empty($_SERVER['HTTP_USER_AGENT'])) {
				error_log("comment spam due to referrer and user agent issue");
				$return = true;
			} elseif (self::is_bot_detected()) {
				error_log("comment spam due to bot detected for antibot keys do not match");
				$return = true;
			}
		}
		return apply_filters('aiowps_is_comment_spam_detected', $return);
	}

Hello. I changed the code as you described. This is the file.

After the test, the debug.log file was created. It only has this line: “[11-Oct-2024 14:52:31 UTC] comment spam due to referrer and user agent issue”

Regards

Hi @jlmwp,

Ok, it seems http referer or user agent issue as per log.

Can you please add the code below to the function after the error log for comment spam due to the referer and user agent to get more details? which is the making problem. After adding that code to the file function and saving it. you have to add again the comment and check the wp-conent/debug.log

error_log("HTTP_REFERER >> " . $_SERVER['HTTP_REFERER'] . " >> home_url >> ". home_url() . " >> HTTP_USER_AGENT >> " . $_SERVER['HTTP_USER_AGENT']);

public static function is_comment_spam_detected() {
		$return = false;
		if (!is_user_logged_in()) {
			if (empty($_SERVER['HTTP_REFERER']) || false === stristr($_SERVER['HTTP_REFERER'], parse_url(home_url(), PHP_URL_HOST)) || empty($_SERVER['HTTP_USER_AGENT'])) {
				error_log("comment spam due to referrer and user agent issue");
				error_log("HTTP_REFERER >> " . $_SERVER['HTTP_REFERER'] . " >> home_url >> ". home_url() . " >> HTTP_USER_AGENT >> " . $_SERVER['HTTP_USER_AGENT']);
				$return = true;
			} elseif (self::is_bot_detected()) {
				error_log("comment spam due to bot detected for antibot keys do not match");
				$return = true;
			}
		}
		return apply_filters('aiowps_is_comment_spam_detected', $return);
	}

So is_comment_spam_detected will be like above so we know exact issue is.

Regards

Hello

I replaced the code and tested.

This is the debug.log

thanks

• This reply was modified 1 month, 1 week ago by jlmwp.
• This reply was modified 1 month, 1 week ago by jlmwp.

Hello

After the last test, I looked for information about the http referer and WordPress. I found this link https://www.malcare.com/blog/referrer-policy-wordpress/

Following this information, I added these lines to the begining of the .htaccess

# Set Referrer-Policy
<IfModule mod_headers.c>
    Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>

I tested and the comments where added correctly! The debug.log file did not change.

I still need to test this on a full working installation, but looks like a posible workaround.

Regards

Hi @jlmwp,

Please contact your hosting provider if possible might be server behind proxy do not pass that info.

Also I can see in request header you sent have so it might be some thing at server blocking at sending info to browser.

Referrer Policy: no-referrer

If it can not be solved. We may apply the aiowps_is_comment_spam_detected and try to solve the issue.

Regards

• This reply was modified 1 month, 1 week ago by hjogiupdraftplus.

Hello

Adding those lines to the .htaccess file solved the problem. The option is now working correctly.

Thank you for your support.

Hi @jlmwp

Glad to know it works now after “Header set Referrer-Policy” set correct in .htaccess.

Can you please let me know which hosting did you use? In general, this is not required to be set.

Regards