Top Commentators List Hijack
For those of you who use the Top Commentators plugin, beware of name hijacking. Jalaj first wrote about this last month at Top Commentators List Hijack, and recently I’ve been suffering from this myself.
To briefly explain, the plugin creates the top commentators list by counting the number of comments made per name which is easily forged, by accident or on purpose. It then links the name using the last URL given on that name’s comment. So all you need is someone to forge someone else’s name and use a different URL and they get a nice little, usually no followed, link from your site.
I’d forgotten about this (my heads pretty fuzzy right now with this cold!) but this morning suddenly twigged about comments sitting in my moderation queue, plus one that I’d actually allowed through. So a quick line change later in the plugin and it’s all working again, instead it counts the number of comments made per email not per name, the email address being the one thing no one else can copy.