[spam-stopper] Heavy attack

Matt Mullenweg m at mullenweg.com
Fri May 26 09:25:36 UTC 2006


Eric A. Meyer wrote:
>> There are occassionally times when the referrer doesn't stick so
>> that's not reliable but an internal, randomly generated "key" which
>> puts it's md5() value onto the submit form and can then be tested by
>> the post would work. Change it daily and you've solved part of the
>> problem.
> 
>    That's exactly what I've started doing!  My first step was hacking 
> that kind of protection into my comments form and the 
> wp-comments-post.php script, and I'm going to move the part I hacked 
> into the script to a plugin.  I might also move the comment-form part 
> into the plugin-- we'll see.  Basically, I concatenate a few bits of 
> data together and md5-hash the result, just as you propose.

The first spam plugin I wrote back in 04 did something similar, some of 
the code may be useful:

http://dev.wp-plugins.org/file/spam-stopgap/spam-stopgap.php

It's used a per-post unique name and value. This worked for a few weeks, 
but then spambots adapted after more than a handful of people started 
doing it.

A similar thing was done in '02 by Shelley Powers:

http://weblog.burningbird.net/archives/2002/10/29/comment-spam-quick-fix/

-- 
Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com



More information about the spam-stopper mailing list