[wp-hackers] Close old comments and pingbacks: feature or plugin?
David Chait
davebytes at comcast.net
Fri Jul 14 15:08:35 GMT 2006
I've done that for the past two and a half years! ;)
It helps, but since the file name is noted in the form, script kiddies can
and do pull it from there.
Beyond that, on a new site you can remove the generator meta (so automatic
scripts don't immediately 'see' the name "Wordpress", and know what to look
for...).
Additionally, captcha or nonce type authentication (if not registration)
would pretty much shut off the rest. Well, 99.9%.
I've used a custom plugin for my site's entire existence -- not as elaborate
as SK2 (maybe more like SK1... ;)), but mostly gets the job done. Though,
I'd have more fun designing for a site getting .75M hits/day -- send me some
of that traffic! ;)
-d
----- Original Message -----
From: "Brian Layman" <Brian at TheCodeCave.com>
To: <wp-hackers at lists.automattic.com>
Sent: Friday, July 14, 2006 9:36 AM
Subject: RE: [wp-hackers] Close old comments and pingbacks: feature or
plugin?
|> One thing I did that helped reduce a lot of it was to rename
| wp-comments-post.php to a
| > random name and update the comment form's action to that new name.
|
| I always wondered if someone did that. It seems like a great way to
reduce
| spam, but of course if WordPress adopted that in the core, spam bots would
| come out that parse the name of the comment form prior to spamming.
More information about the wp-hackers
mailing list