[wp-hackers] Another anti-spam technique
Jamie Talbot
wphackers at jamietalbot.com
Thu Oct 28 14:19:35 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Assuming that mod_rewrite is enabled, first create a rule that makes it
| impossible to access wp-comments-post.php directly, instead returning a
| 403. Then, create a rule that redirects a randomly generated URL to
| wp-comments-post.php. Change the comment posting page so that it uses a
| PHP function in the form action to insert the appropriate redirected URL.
As not everyone has a mod-rewrite rule enabled, we should try to have a
method which doesn't rely on it or Javascript. How about creating a
random dummy php file, such as 19jscqip.php which just performed a
silent redirect to wp-comments-post.php? This could then check that the
referrer filename matches the stored random string. This random string
and file could be regenerated every 10 posts or whatever...
Just thinking out loud :)
Jamie.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBgP/3rovxfShShFARAjRKAJ96TgR3BXDzvMMizavEYFBt5FA5wgCeOTKE
3LnmArD4Cv2F4RiGQ1UwieA=
=Ta7B
-----END PGP SIGNATURE-----
More information about the hackers
mailing list