Commenting using admins detais

  • Hi guys, I run a site https://www.streetphire.co.uk/ which allows users to comment on topics/articles made. The problem is that when people are commenting which I leave open to anyone I noticed the other day the users (logged in or just general public) could post a comment using registered peoples names. So admin or H Man (me) as it shows or Pete (another admin) can be used as their name no matter who they are. How come?

    Is this a security flaw or is it because once an IP has made two sucessful approved comments its allowing that IP to comment no matter what the name the user uses to post as?

    Anyone help?

    Im using 2.5.1 with simple captcha for protection against spam

    thanks
    H Man

Viewing 3 replies - 1 through 3 (of 3 total)

  • The “name” that people type into the “name” box when they leave a comment can be whatever someone likes. It could be the same name as one of the admins, or a gibberish name. It’s not tested to see if it matches with an admin’s name or anything else.

    If you’re actually logged in, you don’t have a name box to fill in.

    Thread Starter Steve

    (@h-man)

    But then it looks like the admins of the site are leaving comments they didnt want to leave. That raises issues doesnt it?

    Its like a me using your login name to say something you didnt want to say…

    H Man

    As an admin you can edit the names (and/or the comments) if people are filling them in to create junk comments.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Commenting using admins detais’ is closed to new replies.