[wp-hackers] Close old comments and pingbacks: feature or plugin?

[David Chait]

I've done that for the past two and a half years! ;)

It helps, but since the file name is noted in the form, script kiddies can 
and do pull it from there.

Beyond that, on a new site you can remove the generator meta (so automatic 
scripts don't immediately 'see' the name "Wordpress", and know what to look 
for...).

Additionally, captcha or nonce type authentication (if not registration) 
would pretty much shut off the rest.  Well, 99.9%.

I've used a custom plugin for my site's entire existence -- not as elaborate 
as SK2 (maybe more like SK1... ;)), but mostly gets the job done.  Though, 
I'd have more fun designing for a site getting .75M hits/day -- send me some 
of that traffic! ;)

-d

----- Original Message ----- 
From: "Brian Layman" <Brian at TheCodeCave.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, July 14, 2006 9:36 AM
Subject: RE: [wp-hackers] Close old comments and pingbacks: feature or 
plugin?


|> One thing I did that helped reduce a lot of it was to rename
| wp-comments-post.php to a
| > random name and update the comment form's action to that new name.
|
| I always wondered if someone did that.  It seems like a great way to 
reduce
| spam, but of course if WordPress adopted that in the core, spam bots would
| come out that parse the name of the comment form prior to spamming.