[spam-stopper] Heavy attack
Matt Mullenweg
m at mullenweg.com
Fri May 26 09:25:36 UTC 2006
Eric A. Meyer wrote:
>> There are occassionally times when the referrer doesn't stick so
>> that's not reliable but an internal, randomly generated "key" which
>> puts it's md5() value onto the submit form and can then be tested by
>> the post would work. Change it daily and you've solved part of the
>> problem.
>
> That's exactly what I've started doing! My first step was hacking
> that kind of protection into my comments form and the
> wp-comments-post.php script, and I'm going to move the part I hacked
> into the script to a plugin. I might also move the comment-form part
> into the plugin-- we'll see. Basically, I concatenate a few bits of
> data together and md5-hash the result, just as you propose.
The first spam plugin I wrote back in 04 did something similar, some of
the code may be useful:
http://dev.wp-plugins.org/file/spam-stopgap/spam-stopgap.php
It's used a per-post unique name and value. This worked for a few weeks,
but then spambots adapted after more than a handful of people started
doing it.
A similar thing was done in '02 by Shelley Powers:
http://weblog.burningbird.net/archives/2002/10/29/comment-spam-quick-fix/
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the spam-stopper
mailing list