Hello. I've been running Pixelpost on various sites for a few years now and have loved it. I started a photoblog to document the my baby boy last October. Things have been good until the last 5 months or so when I started receiving a lot of spam.

Here is some information..

Running PP version 1.7.1 (Better than Ever) - January 2008

PHP-version 4.4.9 (Pixelpost's min requirement: PHP version: 4.3.0 )
Session save path /tmp
MySQL version 5.0.45-log (Pixelpost's min requirement: MySQL: 3.23.58 )
GD-lib bundled (2.0.28 compatible) with JPEG support
File Uploads to Pixelpost site are possible.
Server Software Apache
EXIF Pixelpost is using exifer v1.5 for EXIF-information.

Defensio is enabled.


I installed the CAPTCHA addon to see if that would help, but it appears that it shows up in the comment section, but the new comment will go through whether you fill in the CAPTCHA form or not. I'm not sure what to do about that. Both pieces are enabled.

I'd hate to have to go through and disable comments on all images, because I value what friends and family have to say about the photos, but deleting all of this spam is getting a little cumbersome.

Can anyone offer any assistance? It would be greatly appreciated.

-Seth

What version of Defensio are you running? The latest version (http://www.pixelpost.org/extend/addons/defensio-for-pixelpost/) available is 1.4.

Sorry, I forgot to include that I am indeed running Defensio v1.4.

Go to General Options>>Spam Control, and tell me what your settings are for the following:

ENABLE TOKEN IN FORMS
Should this setting be enabled?
Maximum time in minutes between opening the comment window and submitting a comment:

PREVENT SPAM FLOOD
Number of seconds before a new comment can be posted (to prevent floods):

MAXIMUM NUMBER OF URLs
Number of URLs allowed in one comment:

Have you gotten the .htaccess code from the Update Banlists section at the top of that page, created a file called .htaccess and uploaded it to your server?

Go to General Options>>Spam Control, and tell me what your settings are for the following:

ENABLE TOKEN IN FORMS
Should this setting be enabled?
Maximum time in minutes between opening the comment window and submitting a comment:

PREVENT SPAM FLOOD
Number of seconds before a new comment can be posted (to prevent floods):

MAXIMUM NUMBER OF URLs
Number of URLs allowed in one comment:

Have you gotten the .htaccess code from the Update Banlists section at the top of that page, created a file called .htaccess and uploaded it to your server?

Thanks for the reply.

ENABLE TOKEN IN FORMS
This is set to NO and 5 seconds.

PREVENT SPAM FLOOD
This is set to 30 seconds.

MAXIMUM NUMBER OF URLs
This is set to 5.

I have not gotten the .htaccess code from the Update Banlists section, created the file and uploaded it. I suppose you are saying I need to do that?

Thanks again for the help.

Do you have a valid Defensio Key? (and did you by any chance contact Carl Mercier over at Karabunga (the makers of Defensio) about this problem?)

I do have a valid Defensio key and I have not contacted Carl Mercier, that may be the next step though, I suppose.

Thanks for the reply.

ENABLE TOKEN IN FORMS
This is set to NO and 5 seconds.

PREVENT SPAM FLOOD
This is set to 30 seconds.

MAXIMUM NUMBER OF URLs
This is set to 5.

I have not gotten the .htaccess code from the Update Banlists section, created the file and uploaded it. I suppose you are saying I need to do that?

Thanks again for the help.

First, check the image_template.html file in your template (Suffocate) and make sure that the <TOKEN> tag is still in there (around line 94, before the closing form tag).

<input type='hidden' name='parent_id' value='<IMAGE_ID>' />
<input type='hidden' name='parent_name' value='<IMAGE_NAME>' />
<TOKEN>
</form>

Upload that to your server. Then log into your PP admin and go to General Options>>Spam Control again, and change the settings as follows:

ENABLE TOKEN IN FORMS
Set this to YES. (5 seconds is fine.)

PREVENT SPAM FLOOD
30 seconds is okay.

MAXIMUM NUMBER OF URLs
Change this to 1.

I would also recommend setting up the .htaccess file and getting it uploaded to your server as well.

I've been using the above settings in my photoblog for well over a year (along with Akismet) and I haven't gotten a single spam comment. Maybe I'm just lucky. :)

Great, thanks a ton for the help. I've made those changes and uploaded the .htaccess into the root (assuming that is correct) directory on the webserver.

Also, I've enabled Akismet which, for some reason, I'd disabled in favor of Defensio. I suppose it doesn't hurt to keep them both running. Is there a newer version of Akismet for me to be using other than what was supplied with PP 1.7? I believe it's 1.4/1.3.

Thanks again!

You can't run both Defensio and Akismet at the same time. If you want to use Akismet, then you'll need to disable Defensio.

You can't run both Defensio and Akismet at the same time. If you want to use Akismet, then you'll need to disable Defensio.

Gotcha, thanks for the clarification. I'll roll with what is working for you and simply disable Defensio.

Thanks again.