[wp-hackers] More anti-spam ideas

Amit Gupta amit at igeek.info
Sun Sep 26 17:03:01 UTC 2004 

Hashing last comment or post is not reliable. Also, taking user's IP & hashing it is also unreliable as if the user is on a dial-up & the connection breaks after the comment form is loaded & he re-connects before submitting the form, it won't work as dial-up users don't have static IPs.

I think that a better way would be to let the user store a alphanumeric string in a variable in the plugin file & then hashing that string & concatenating it with the hash of admin's eMail would be a better way, as both these(the seed string & admin eMail) won't change regularly(thus not blocking out users un-expectedly), but they both are quite easy to change anytime.


-----
Amit Gupta

|| Canned!! -- my Atropine || iG:Syntax Hiliter v2.0 Preview ||
|| iGEEK.INFO || Free Nokia Ringtones || Online Gaming @ Games Planet || 



---------- Original Message from mark.wordpress at txfx.net ----------

>
>
>But a flexible alternative like hashing the last comment or the last
>post would be better, I think. This way the hash changes all the time
>and is much harder to guess.
>

I think you have the right general idea, but the problem with one that 
changes with every comment, is that you limit the number of legitimate 
people who can make overlapping comments.

For example, at 10:00pm, User A loads entry.  At 10:01, User B loads 
entry.  They both get the same hash.  User B is a fast typer and 
submits 
a comment at 10:02.  User A takes his time and submits a comment at 
10:05 and gets an error because WP is looking for the hash from user 
B's 
comment.

One way to do it is to create a table of valid hashes like so:

page with comment form loaded... unique hash is dynamically formed, 
echoed into hidden form field, and stored in database, possibly along 
with user's IP address.  When comment is submitted, WP checks the 
database for that hash/IP combo.

That way, the hash is different every time, but you don't run into 
overlapping comment problems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/hackers_wordpress.org/attachments/20040926/45b312ad/attachment.htm

More information about the hackers mailing list