[wp-hackers] Simple comment spam experiment

Viper007Bond viper at viper007bond.com
Wed Apr 16 15:21:20 GMT 2008


None of these solutions will work for long. It's incredibly easy to work
around them, unless they're dynamic.

WP-Spamfree could easily be beaten by faking the cookie. Although that could
be beaten by having the cookie value be a salted hash of their IP or
something. Problem is then no one with cookies or JS disabled (tons of
people run noscript) could comment. Not sure on % of people who are like
that though.

As for hidden inputs, it's trivial to ignore type="hidden" inputs -- just
load the HTML and parse it (more work, I know, but still easy). Hiding the
field via CSS would work a lot better.

Personally though, I don't care. I have an incredibly beefy server (so I can
handle the hits) and Defensio is currently sitting at 99.94% recent
accuracy. Since the 23rd, I've gotten 26375 spams, 185 legit, 16 missed
spams, and 10 falsely marked as spam. No Bad Behavior (too many false
positives) or anything else.**

-- 
Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/


More information about the wp-hackers mailing list