[wp-hackers] More anti-spam ideas
Tara Star
tellme at climbtothestars.org
Sun Sep 26 06:09:23 UTC 2004
Kitty wrote:
> Ok, I got to thinking...
>
> I would guess that the largest comment spammers would be using scripts
> that directly call wp-comments-post.php, with the proper vars set.
>
> Now what if there was a unique hash for each comment to check that the
> posting was coming from wp-comments.php?
>
> In the attached patch, I create a hash by using the list of activated
> plugins joined with the file hash of index.php. This should be
> sufficiently unique across blogs that a spammer couldn't get the hash
> from outside.
>
> This is then checked when wp-comments-post.php is called, and lets the
> spammer know that scripts won't work if the hash doesn't match.
>
> I'm proposing this as a core addition, because it would go a long ways
> toward spam proofing WP against the more advanced spammers, and I'm sure
> that this sort of attack will be more common in the future. If you've
> been hit by 100+ spams in a few minutes, this is how it was done.
>
> Disadvantages:
> o Doesn't prevent manual or screen scraper attacks.
> o Could block a legitimate comment if you activate/deactivate a plugin
> while someone is writing a comment. (Other hash ideas are welcomed.)
without having looked at the code, this sounds like a good idea to me.
Steph
More information about the hackers
mailing list