[wp-hackers] Simple comment spam experiment
m at mullenweg.com
Wed Apr 16 15:25:32 GMT 2008
> Spammers, for the most part, are not loading the comments form and using it.
> They're merely hitting a list of sites and the wp-comments-post.php file
> directly. Renaming this file and adjusting accordingly has much the same
> effect as using a hidden field, of course.
My conclusion from this is:
Because you do something that almost no one else does, and your site is
not a large enough target, spammers have not yet done the trivial
workaround it would require to get past this. If it was put into core,
they most certainly would.
So, continue to do this if it helps, just don't tell anyone. ;)
"The really interesting thing about these approaches, from a game theory
perspective, is that they are all Club solutions, not Lojack solutions.
There are two basic approaches to protecting your car from theft: The
Club (or The Shield, or a car alarm, or something similiar), and Lojack.
The Club isn’t much protection against a thief who is determined to
steal your car (it’s easy enough to drill the lock, or just cut the
steering wheel and slide The Club off). But it is effective protection
against a thief who wants to steal a car (not necessarily your car),
because thieves are generally in a hurry and will go for the easiest
target, the low-hanging fruit. The Club works as long as not everyone
has it, since if everyone had it, thieves would have an equally
difficult time stealing any car, their choice will be based on other
factors, and your car is back to being as vulnerable as anyone else’s.
The Club doesn’t deter theft, it only deflects it.
"Similarly, installing a secret form field on your comment form will
stop spammers from spamming your comments, until enough people do that
that it’s worth the spammer’s time to upgrade their scripts. Ditto
referer hacks (just set the referer); ditto registration schemes (just
auto-register); ditto time limits (just hit each weblog sequentially).
Ditto ditto ditto."
http://ma.tt | http://automattic.com
More information about the wp-hackers