Comments Plus update being attacked by bots?

Ever since updating to version 1.6.7, I've noticed several bots failing on URLs of posts that include name='comments-plus-form' appended to the URL.

What's curious is they're identifying themselves as Googlebots, but I think they're actually comment spam bots trying to attack the plugin form.

I haven't figured out how they're getting them yet, but I'm curious why these started not too long after upgrading, after I'd never seen anything similar to them in the logs before.

Any ideas, or anything I could do to slow them down? They haven't landed any spam yet, I think because the URLs they're trying don't exist...

  • atouchofsummer

    Well, I'm not sure what's going on, but I downgraded back to version 1.6.5, and the cornucopia of 404 errors being generated has gone away. Turns out they weren't spambots at all, but regular search engine bots, getting confused.

    After I upgraded, I was seeing several hundred of these 404 errors per day, and immediately after I downgraded, the errors stopped.

    This tends to make me think there might be something incompatible with the new version of the plugin and my site, but nothing in the changelogs jumped out at me as a possible source.

    I have not yet checked several other sites running Comments Plus, simply because the one site where I saw the 404s is running Redirection, so I saw them in the wp-admin; the other sites I'd have to paw thru the raw logs, but that's a plan this week.

    None of the sites I have running Comments Plus are HTML5 yet... that couldn't possibly be a factor, could it?

  • atouchofsummer

    Hi Michelle, thanks for the escalation!

    I have an HTML5 update scheduled for this site, so what I really need is confirmation that that is indeed the issue. It would be good information for other plugin users to have, as well.

    I have 1.6.7 installed on the development site, but because it's not getting any traffic, I don't know if it's generating the same errors... I'd hate to push the update live and find out the same thing's happening.

    But if it is an HTML5 compatibility problem, I can wait until the site is updated to update the plugin. Irksome, but a viable workaround for me :slight_smile:

  • Tyler Postle

    Hey atouchofsummer,

    Hope you're doing well today and thanks for getting back to us!

    What are the 404 errors you're seeing with version 1.6.7 exactly? and where are you seeing them? On your actual side or in error logs? Sorry, catching up on this thread and didn't really see that specified anywhere.

    Also, is there any possibility you can switch out to the default 2014 theme temporarily and see if the errors still come up? We just want to confirm whether this is indeed an HTML5 conflict, or maybe just a Genesis theme conflict with the recent update since I know Genesis codes their themes a little different than the norm :slight_smile:

    Let us know how those tests go. Look forward to hearing back!

    All the best,
    Tyler