[wp-xmlrpc] Posting comments through XMLRPC

Alex Forrow alex at fav.or.it
Thu Jul 31 15:42:29 GMT 2008


Hi,

Had a look at commentserver and it seems to provide a pretty comprehensive
set of functions for comment manipulation. The work I have been doing
focuses just on the posting of new comments, not so much on the support
afterwards, but these functions certainly look useful for blog authors.

Unless I'm mistaken commentserver only opens up the comment api to WordPress
users, so doesn't attempt to solve the anonymous comment problem.

The only new thoughts I have had on this relate to the types of clients that
would use XMLRPC for anonymous commenting. Its fair to say POSTing through
the form is all be done through a browser, generally your average user.
XMLRPC on the other hand is more likely to be used by either advanced users,
or web services. As many/most WordPress installations already run through
Akismet (a centralised service) would it be possible to require all
anonymous comment senders using XMLRPC to pre-register. Once registered they
build up kudos for each comment sent, which is fed back into the spam
decision process for future comments. If a service starts abusing the XMLRPC
interface, it loses kudos, making it less likely for its comments to get
approved in future.

Thats just a thought, but hopefully some of these ideas will lead us to a
solution which is flexible without making the spam problem worse. 

Btw Joseph, taken on board what you said about having a single function for
anonymous and authenticated comments and have updated the plugin as a
demonstration, does seem to keep things simpler. Its online at
http://croc.fav.or.it/alex/wp_plugin_0.2.zip

Kind regards,

Alex Forrow
Systems Administrator, Favorit Limited
Blog: http://blog.fav.or.it/
Telephone: 0845 643 0673
Address: favorit Ltd, Building L033, London Road, Reading, RG1 5AQ

This e-mail contains confidential information and is for the exclusive use
of the addressee/s. If you are not the addressee, then any distribution,
copying or use of this e-mail is prohibited. If received in error, please
advise the sender and delete it immediately. We accept no liability for any
loss or damage suffered by any person arising from use of this e-mail.
favorit Limited
Registered No: 06411859 England
Registered Office: Reading Enterprise Hub, University of Reading, Earley
Gate, Reading, Berkshire, RG6 6AU


-----Original Message-----
From: wp-xmlrpc-bounces at lists.automattic.com
[mailto:wp-xmlrpc-bounces at lists.automattic.com] On Behalf Of Vladimir Yushko
Sent: 24 July 2008 08:53
To: wp-xmlrpc at lists.automattic.com
Subject: Re: [wp-xmlrpc] Posting comments through XMLRPC

 Hi!
I have solution. This is comment server plugin which is server part  of
comment client. Download here:
http://commentclient.com/download/commentserver.zip

Comment server have many features such as spam protected protocol which
allows send comments from another blogs and include intgration with forms.
Documentation not available, sorry.

--
Best regards, Vladimir Yushko
http://commentclient.com/

----- Original Message -----
From: "Joseph Scott" <joseph at randomnetworks.com>
To: <wp-xmlrpc at lists.automattic.com>
Sent: Thursday, July 24, 2008 7:38 AM
Subject: Re: [wp-xmlrpc] Posting comments through XMLRPC


>
> On Jul 21, 2008, at 2:20 AM, Alex Forrow wrote:
>
> > We have written a plugin which integrates into our software to allow
> > WordPress to receive comments through XMLRPC. The interface we have
> > created
> > is standard but to avoid spam, unless the user can authenticate,
> > the plugin
> > will only accept comments received for our site. Assuming we could
> > find a
> > more general method for avoiding spam, we would like to propose
> > that this
> > plugin is made generic and integrated into the WordPress codebase.
> >
> > If a user can authenticate to WordPress (either in the database of the
> > WordPress installation, or against WordPress.com account for hosted
> > blogs),
> > this can be used to prove the users identity. Can't see any
> > problems here.
>
> Comments that come with a valid username and password we could
> consider trusted.
>
>
> > The more tricky situation is where anonymous comments need to be
> > posted. I
> > see no reason why not to mandate the sending of name and email with
> > the
> > comment and follow standard comment filtering rules, but ideally we
> > would
> > have another level of security. One suggestion is to provide a
> > trackback
> > service, so a trackback url is posted with the comment, which
> > WordPress can
> > connect back on using some kind of unique identifier, and verify
> > the service
> > did actually send the comment.
>
> I suppose technically there's no difference between submitting a form
> and providing an API, but it would be nice not to provide one more
> way for spammers to submit junk.
>
>
> > Another, slightly more complicated idea could be based around the
> > principles
> > of DomainKeys, a technology for email-spam avoidance
> > (http://en.wikipedia.org/wiki/DomainKeys). The comment sender could
> > sign the
> > comment using a public/private key pair, the public key being
> > posted in a
> > DNS TXT record of the domain of the sender. This enables the receiving
> > XMLRPC to verify that the comment is actually from the domain the
> > sender
> > says they are in. Unfortunately this doesn't actually solve the spam
> > problem, it only allows receivers to verify the sender of the
> > comment. This,
> > however, could be the basis of a another solution which requires
> > sender
> > verification (e.g. A managed blacklist/whitelist).
> >
> > The plugin in its current form is available at
> > http://croc.favsys.net/alex/wp_favorit.zip if anyone would like to
> > take a
> > look.
>
> I don't think it's worth having two separate methods for this, may as
> well just have one.  Then if the username and password aren't
> provided we treat it as an unauthenticated comment.
>
> --
> Joseph Scott
> joseph at randomnetworks.com
> http://joseph.randomnetworks.com/
>
>
>
>
> _______________________________________________
> wp-xmlrpc mailing list
> wp-xmlrpc at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-xmlrpc

_______________________________________________
wp-xmlrpc mailing list
wp-xmlrpc at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-xmlrpc



More information about the wp-xmlrpc mailing list