I know, I know, complaints about spam traps and timing of comments etc.
Just had a look at the spam trap, which only holds spam for 30 days, then it falls out into being entirely deleted.
There’re 10,000 pieces in there. Sorry, this is not perfectible. Any system trying to deal with this will have errors and compromises.
If you find you’re “posting too quickly”, simply click the supplied link to go back to your attempted comment, then resubmit.
Just like that!
Any system trying to deal with this will have errors and compromises.
Hmm… If that were so one would expect to encounter the same problems elsewhere which happily I don’t.
@TMB
I think it’s true there will always be compromises and errors. No spam trap will eat every spam post comment no valid ones.
But the current spam trap is doing an awful job re valid comments. Far worse than any other blog I use. If you have to write a comment three times for it to go through, it’s a big disincentive to bother writing a comment at all. Has something changed recently in terms of how sensitive it is? I never used to get posting too fast errors.
Also have been getting lots of intermittent errors from Cloudflare suggesting that the site’s server is down. Am hoping that’s just maintenance? This also results in comments not posting.
Hi Guys,
Can someone send me the actual error you receive when posting?
“If you have to write a comment three times for it to go through” doesn’t really explain to me whats happening.
Is there an error? – if so send me a copy and i’ll ask WordFence who make the spam trap 🙂
Thanks
Rich
@MBE
You’re quite right and I might have phrased my point better.
I thought I detected a slightly complacent tone in Tim’s post and my contention was that while there will always be imperfections in the fruits of human endeavour, the current dreadfulness of this site puts it in a league of its own among those I visit.
Richard, it’s along the lines of “You are posting too quickly, please slow down” with a link underneath to return to the previous page, where the text is “go back”.
And lo! Hitting submit on the above sentence promptly produced;
“You are posting comments too quickly. Slow down.
« Back”
“There’re 10,000 pieces in there”
Tim, I think you may have just explained how Richard came up with his “best evah” 13K comments in January….
https://www.timworstall.com/2020/01/26/tim-worstall-in-numbers/
ie 10K of spam and circa 3.5K real (as in “appearing on the blogs”)…
@Ducky
Thanks,
I will get on to their support now.
We have two problems with the site:
1) SPAM Comments
2) Brute Force Attacks
Both are very different. The above error is due to the firewall thinking you are an attack as you are working too quickly. This is obviously ridiculous so im certain that a setting somewhere is set too high.
I will report back…
Whitelist regular posters by e-mail address, or do you feel that’s too easy to fake?
@PF
Bingo!
🙂
And separately, I have to say that I find that remarkable – that there’s almost a 3:1 ratio of rubbish to genuine, given that the site perhaps flies somewhat below the radar compared to many?
And which makes the filtering out process all the more important if the rubbish isn’t going to continually fill up the screen.
@PF
I honestly believe a lot of it is automated. This morning alone we have had 22,501 Brute Force attacks to the wp-login page from ONE IP alone. The firewall banned it after 5 hits but they then just use a different IP, its like whack a mole. This is primarily the reason for making the firewall more sensitive as all those hits to one page do really rinse server resources. Its just a fine balance between too soft and blowing your load.
We do get some targeted SPAM too which is people trying to post comments with Tim’s email and username.
If the speed caper can’t be got rid of at least let us get back to our comment screen without the comment being erased.
And have the site cache-clearing lock icon be on screen for all inc my Windows 7 run screen.
Thanks
My comments aren’t erased when it happens to me, I just hit the provided back button, wait a couple of seconds and then it always works.
I’m using the Brave browser.
But the important thing is, we need a loyalty card.
Free work, in return for, ah, free work.
It’s possible I am being niave (sp? Mr B?) Niaf? Naif?
Wottevarrrrr …
But ackschuakliee, there is a serious point buried in here. Tom tickles our tummies or tussles (sp?) our hair, we get racing, sort the whole thing out. Were it not for Tom, we might not bother. It might be the case that the world is better for us having done so….
On the other hand …
Oh, … that bears no contemplation.
Richard;
Attempts against wp-login are almost always automated. We rarely (as in, don’t) use WordPress as the CMS, but occasionally do see requests for that URL in the raw httpd logs, typically in spikes – which when I can be arsed to check, occur when a new scripting tool gets released for the kiddies.
Since wp-login doesn’t exist on our CMS, they get a 404. Which means the attacks subside pretty damn quickly.
Have you considered obfuscating the admin login URL?
@TW, Richard
What anti-spam product are you using?
Still akismet?
@MBE
+1
@TMB
Yes, Tim did sound rather complacent and contemptuous; ironic when he’s hustling for donations
@Richard
“the firewall thinking you are an attack as you are working too quickly”
The “posting too fast” error frequently occurs when previous post >10 minutes ago and also when >12 hours ago
As this only started when SSL change made, what else did you change?
Yep I got the ‘posting too fast’ error about 3-4 times, on posts that seemed normal to me. Maybe they were very quick to write – can’t remember.
Don’t seem to have encountered it in the last couple of days.
You lost valuable user-generated content there hohoho
At least I’m having fun trying to guess how to beat PTQ, Posting Too Quickly. I think I have figured out how to beat it, then it goes bad again. Probably just random reinforcement. From comments above, it may not be my action, but that of others, that triggers the problem.
Like Ecks et al, my comment is erased when I go back. I copy my comment before submitting, so the pain isn’t too great, cause I can paste it back.
I have an additional problem, occasionally. When I post, it is accepted, but the screen returns to the top of the page, not my comment. Scrolling down, my post isn’t there. I paste my saved text to a new comment. When submitted, I get ‘duplicate’ error.
In all cases where this happens, my post NEVER appears. So I paste into a comment again, add some [blah, blah, blah] to beat the duplicate, and submit. Usually works.
OK.
No response from the firewall guys yet but i have worked out what the problem is (i think). Now just need to look for a solution.
WordPress for whatever reason thinks you are all using the same IP (see image). The IP in question is a local IP of the wordpress install. Since you’re all posting on different threads at the same time it thinks you’re the same person and it looks suspicious.
https://www.timworstall.com/wp-content/uploads/2020/01/Screenshot-2020-01-29-at-18.54.10.png
Looking for a solution now. Thanks for bringing it to my attention and will hopefully have a solution soon.
Rich
Whut? Localhost? Is it just seeing the address of the DB process? Weird.
@Richard January 29, 2020 at 6:59 pm
cough – Localhost Cache/Proxy, Cloudflare ?
As I said “review what Else you changed when SSL added”
btw ConTel “Latest” sidebar has vanished
@PCar
Yeah, it’ll most likely be cloudflare, i have opened a support ticket.
They’re pretty good so will likely have a solution in the AM.
Update: https://wordpress.org/support/topic/the-ip-address-appears-as-127-0-0-1-when-using-cloudflare/
Will make the changes now.
I have implemented the code and it now appears that IP’s are being logged correctly. It was an incompatibility between Varnish Cache and CloudFlare.
Please do let me know if you have any issues from now on.
Rich
Pingback: Comment issue should be fixed | Tim Worstall