[wp-hackers] More anti-spam ideas
Kitty
kitty at mookitty.co.uk
Mon Sep 27 03:25:07 UTC 2004
On Sun, 2004-09-26 at 18:29, Thiago Becker wrote:
> For all sugestions, one can always get the comments post page and use
> the hash in there to post spam. Very expensive to them but it can be
> done.
Yes, the point of this hash passing was to prevent the use of scripts
that don't load the page but send the spam as an HTTP POST message.
Quoting myself:
> > Disadvantages:
> > o Doesn't prevent manual or screen scraper attacks.
If the spam script is loading the comments page, they have access to the
hash. Then we're in the providence of the traditional spam tools, as the
spammer could be a bot or human at this point.
This was a way to prevent a bot from HTTP POSTing a bunch of spam, and
ending the easy payoff of idiot spammers that have a list of
"wp-comments-post.php" pages and point their script at those pages with
the HTTP POST carrying the proper variables.
Granted, a bot could load the page, grab the hash, then add that to it's
list of vars to send in.
--
Cheers!
Kitty
http://blog.mookitty.co.uk/
http://mookitty.co.uk/devblog/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/hackers_wordpress.org/attachments/20040926/84aab9e9/attachment.bin
More information about the hackers
mailing list