New to the community? Start here

The nonce check failed. But with no reason !

Hello hello !

AVH anti spam system is too… efficient !

I get many “The nonce check failed.” protection on real comments, even done by me in MY sites !

In the mail there is a link to “report spammer”, but no link to “this is not a spam”, and more than 50% of those “nonce check failed” are definitly not spam.

Any way to solve that annoyance ?

thank you !

:slight_smile:

Note : the AVH anti spam is not in the plugin list here despite it is installed on the mentioned site so i choose “support system”… :slight_smile:

Wed, 9 Apr 2014 9:32:24
  • Aphrodite
    • The Reaper

    Hi !

    Well the greatest and perhaps the simpliest thing to do is to add a link “this is not a spam” and publish the comment, because now i have many ones that are not spam, and it is just impossible to publish them unfortunately !

    Thanks for thinking about this one :slight_smile:

  • Aphrodite
    • The Reaper

    Hi

    Sorry to insist but this is becomming really embarassing.

    There are some importants sites on this network with many comments that are definitly not spam and are rejected as nonce error.

    There is no link in the notification email to say “not a spam” so comments are definitly rejected.

    Any solution ?

  • Tyler Postle
    • Recruit

    Hey Aphrodite,

    Terribly sorry about the delay on this issue! Seems this plugin has a different developer since the thread was originally made which may be why there wasn’t a response earlier. Either way, I have flagged SLS (the coding gurus) and flagged the current developer for you!

    I’ll do my best to make sure this gets escalated due to the age of the thread :slight_smile: Super appreciate your patience here.

    Let us know if you have any new details on this since the thread was originally made!

    All the best,

    Tyler

  • Jose
    • Bruno Diaz

    Hey @Aphrodite,

    Hope you are doing well today!

    I’m attaching a custom piece of code that I made for you. You just need to place the file remove-check-comment-nonce.php into the following folder:

    ../wp-content/mu-plugins

    Create the folder if it doesn’t exists.

    This code will skip the nonce check routine for comments, but all the other security layers will keep working.

    In regard to your suggestion of adding a “not spam” link, that is not possible because the filter is not marking as spam, but instead stopping the comment submission completely. So the comment is never saved into the DB.

    I really spent a good amount of time trying to reproduce the issue, but it works just fine in my installations.

    This error is triggered when the comment form nonce do not match the nonce that is created on the fly. Maybe there is some plugin or custom code in your site that is messing with the nonce creation process. It’s really hard to debug remotely.

    Anyway, if you can provide an url, I would love to take a look at any of the pages where the comments are being stopped. Mainly, I want to check if the form is actually containing the nonce.

    Please let me know how the custom code provided works for you.

    Thanks for your patience!

    Cheers,

    JJ

  • Aphrodite
    • The Reaper

    Hello !

    In fact i am not sure to undestand the nonce check routine and what it does.

    ALL of my network react like that, and i have 7 multisites, they all are “nonce” sensible :slight_smile:

    No custom codes, but many themes, plugins, but only one linked to comments : subscribe to comments reloaded.

    I deactivated FB comments though.

    The most important ones at the moment are those urls :

    http://chevalitude.com

    http://alter-equus.org

    on the same network.

    A set up th plugin and i keek you informed :slight_smile:

    The problem is that there is only 20% “false” nonce alert. And i receive many “rela” nonce spams. Will see how that react now :slight_smile:

  • Jose
    • Bruno Diaz

    Hi @Aphrodite,

    I was taking a look into the sites you mention above.

    Everything looks fine in the comments form.

    Did you isolate some particular step to reproduce the issue? Does it happens when you post a comment from a specific page/post, any specific browser, specific sites, or anything else?

    Keep me posted on how it behaves with the nonce validation deactivated please.

    Cheers!

  • Aphrodite
    • The Reaper

    Hello !

    Well, this occures on several networks i manage whatever the post or page. I think this is an external behavior consequence, but did not have the time to test on my testing network.

    Since i installed the plugin above there is no more nonce error, of course :slight_smile:

  • Jose
    • Bruno Diaz

    Ok, just want to confirm if the actual spam is being catch by the other protection layers.

    If this is the case, then I assume we can wait until you are able to test further and come back with more feedback and maybe specific steps to reproduce the issue.

    Thanks!

  • Aphrodite
    • The Reaper

    Apparently yes.

    I have 450 Spam stopped in 2014 – july

    Seems to be ok, and anyway i receive notification in suspicious cases, at the moment all seems ok :slight_smile:

    Most sites have a pre moderation setting for comment so no big problem at the moment :slight_smile:

    Thanks ! Will digg further in next days. Hard time here in Morocco for this month :wink: