[wp-hackers] More anti-spam ideas
Mark Jaquith
mark.wordpress at txfx.net
Sun Sep 26 07:45:25 UTC 2004
>
>
>But a flexible alternative like hashing the last comment or the last
>post would be better, I think. This way the hash changes all the time
>and is much harder to guess.
>
I think you have the right general idea, but the problem with one that
changes with every comment, is that you limit the number of legitimate
people who can make overlapping comments.
For example, at 10:00pm, User A loads entry. At 10:01, User B loads
entry. They both get the same hash. User B is a fast typer and submits
a comment at 10:02. User A takes his time and submits a comment at
10:05 and gets an error because WP is looking for the hash from user B's
comment.
One way to do it is to create a table of valid hashes like so:
page with comment form loaded... unique hash is dynamically formed,
echoed into hidden form field, and stored in database, possibly along
with user's IP address. When comment is submitted, WP checks the
database for that hash/IP combo.
That way, the hash is different every time, but you don't run into
overlapping comment problems.
More information about the hackers
mailing list