[wp-hackers] Another anti-spam technique
Kimmo Suominen
kim at tac.nyc.ny.us
Thu Oct 28 14:37:28 UTC 2004
If the web server is to create files, there needs to be a specific
directory that has permissions to do so, and the code has to work
(using a fallback to the current behaviour, or something) even if that
directory is not writable (or does not exist).
I'm more concerned that someone manages to upload a script to the web
server and run it, than that I have to moderate spam...
Regards,
+ Kim
--
<A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>
On Thu, Oct 28, 2004 at 11:19:35PM +0900, Jamie Talbot wrote:
>
> | Assuming that mod_rewrite is enabled, first create a rule that makes it
> | impossible to access wp-comments-post.php directly, instead returning a
> | 403. Then, create a rule that redirects a randomly generated URL to
> | wp-comments-post.php. Change the comment posting page so that it uses a
> | PHP function in the form action to insert the appropriate redirected URL.
>
> As not everyone has a mod-rewrite rule enabled, we should try to have a
> method which doesn't rely on it or Javascript. How about creating a
> random dummy php file, such as 19jscqip.php which just performed a
> silent redirect to wp-comments-post.php? This could then check that the
> referrer filename matches the stored random string. This random string
> and file could be regenerated every 10 posts or whatever...
>
> Just thinking out loud :)
>
> Jamie.
More information about the hackers
mailing list