search

walinejs / waline

💬 A Simple, Safe Comment System
https://waline.js.org/en/
GNU General Public License v2.0
2.27k stars 396 forks source link

[Question] 有用户汇报攻击者绕过了评论审核 #426

Closed Mister-Hope closed 3 years ago

Mister-Hope commented 3 years ago

我现在关了评论区,我再说一次,我的评论发出去是待审核的,但是攻击者的评论没有出现在待审核区,直接在通过区里面了。顺带说一下,我的邮件通知功能自部署以来就没有开启。

Originally posted by @WhitemuTeam in https://github.com/vuepress-theme-hope/vuepress-theme-hope/discussions/785#discussioncomment-1020900

Mister-Hope commented 3 years ago

我已经检查了代码,至少我没有看到攻击者有机会修改 data.status 绕过审核。@lizheming 可能有空审查一下。

njzjz commented 3 years ago

I could reproduce it when my waline was attacked several hours ago. I guess vercel may have caches and one needs to delete old deployments.

Moemu commented 3 years ago

我想我可以通过录制视频的方式来记录下攻击者是不是确实绕过评论审核,如果攻击者还保持继续攻击,当然我会将评论区重新开启

Moemu commented 3 years ago

我想你们可以先关闭issus,因为现在攻击者没有对我的Blog进行进一步的攻击