[wp-testers] "spam" attacks on WP.org / plugin rating
Aaron Harun
admin at anthologyoi.com
Sun Apr 20 20:19:32 GMT 2008
The cause of the problem is that WP.org doesn't require unique email
addresses. If you really wanted to be unethical, it takes about 2
seconds to register a name, change it slightly and register another
one. You basically end with a list of users and passwords that you
just need to copy and paste.
The highest rated plugin has 217 ratings. If you were to take 2
seconds per registration and 5-10 per rating. It would take about
20-40 minutes for someone to _manually_ vote that many times. If
someone made a bot, it would take seconds.
This is the cause of the problem and the hole that should be closed.
The fact that there were only 15 one-star ratings should make the
plugin author feel glad that the rater didn't feel like spending more
than a minute or two doing it.
Aaron.
More information about the wp-testers
mailing list