[wp-hackers] Fwd: [kunjan.net] Comment: "The Ansari X Prize"
John Sinteur
john at sinteur.com
Wed Nov 10 06:35:45 UTC 2004
>> One solution would be to have a hidden value in the form that is
>> checked
>> by a plugin when the comment is submitted. This value could be
>> something like the hash of the raw entry text. Sure, he could figure
>> it
>> out by looking at the form, but most spammers don't... they post
>> comments directly. This wouldn't penalize those who don't send
>> referrers.
Marginally better than a hash of the raw text would be something like
this:
in the comment form, a random word from a dictionary in a hidden field
and an md5 checksum in a hidden field. The checksum is calculated from
three things: 1) the post Id you're commenting on, 2) the random word,
3) a phrase that's only known to the server. There's no way to
calculate the checksum without goign through the form.
Mind you, most of he spam is done by automated tools, so the next
generation of spam-tools will fetch your weblog page, extract the form,
and post using the info in that. That's about 10 lines of perl. But for
now, it will certainly help.
I'll try to find some time later this week to experiment with this..
-John
More information about the hackers
mailing list