[wp-hackers] Simple comment spam experiment

Alexander Beutl xel at netgra.de
Thu Apr 17 07:59:41 GMT 2008


because spammers will know this after a week or less.
They will start loading the page every second full hour and therefore they
will allways have the possibility to spam you again.
The only thing which will change is that you do not have to fight the spam
only but will also have much more hits on your post pages.

This is like kicking your own ass. If you implement a detectable and
crackable solution via core the only thing which happens is more load on
your server - first for the security addon and second for the higher traffic
you get because spammers need to load the page before posting to it. I am
nearly sure it wouldn't hurt them badly to scan your page for the name and
the value of that field. And yes something like that secret key was used
before.

2008/4/17, Ryan McCue <ryanmccue at cubegames.net>:
>
> Alexander Beutl wrote:
>
> > While the my_hash_function creates a hash depending on several factors
> > including post id, hour and date and some not informations not available
> > to
> > public.
> > When the comment is posted this hash will be evaluated against the hash
> > which would be used now and the hash used last hour.
> >
> Even better, why not use your secret key (with salting)? I think it could
> be a viable solution for core, because the name of the field would change
> for each installation.
>
> Thanks,
> Ryan.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list