Comments on: Comments Spam http://www.cjc.org/blog/archives/2004/09/29/comments-spam/ Sun, 26 Sep 2010 03:06:45 +0000 hourly 1 https://wordpress.org/?v=4.9.8 By: CJC.org http://www.cjc.org/blog/archives/2004/09/29/comments-spam/comment-page-1/#comment-442 Tue, 01 Feb 2005 12:35:48 +0000 /?p=128907#comment-442 Trackback Spam
Well, I got bombed last night with some 300 trackbacks advertising an online poker site. WordPress handles trackbacks processing differently from comments processing (even though they all wind up in the same database table), so this spam robot escaped…

]]> By: Cheng http://www.cjc.org/blog/archives/2004/09/29/comments-spam/comment-page-1/#comment-206 Mon, 24 Jan 2005 22:43:40 +0000 /?p=128907#comment-206 I haven’t gotten any spam with just the captcha, and I don’t believe I’m reducing the ability of people behind multiple-IP proxies from commenting.

]]> By: Sigg3 http://www.cjc.org/blog/archives/2004/09/29/comments-spam/comment-page-1/#comment-205 Mon, 24 Jan 2005 18:56:09 +0000 /?p=128907#comment-205 Yup, can see that’n.
Still, with the md5 variable and a word verify (like yours) I haven’t gotten _any_ spam at all…

]]> By: Cheng http://www.cjc.org/blog/archives/2004/09/29/comments-spam/comment-page-1/#comment-200 Tue, 14 Dec 2004 11:40:05 +0000 /?p=128907#comment-200 That’s actually a decent idea: a hidden variable with a value related to the browser’s IP address (possibly MD5 hashed for obscurity) in the comments form, and then a check for that value in the PHP script that processes the form. Since the spam robots generally just invoke the processing script, it should work reasonably. It should also be relatively simple to modify for WP, though I probably won’t look into doing so myself.

Some drawbacks that I can see off-hand: some big ISPs (such as AOL) use web proxies that rotate IP addresses, so it’s possible for a user on one of these ISPs to present two different IPs between seeing the comments form and the actual posting. A second problem would be that this relies on the non-standardness of the hack. The spam robot authors are presumably unaware of this hidden field, but if this hack becomes popular/official, it would be easy to circumvent, though at some cost as the robot would have to make two different requests from the server (cost to the robot, cost to your server, too). The nice thing about captcha methods is that they are simple Turing tests, and are relatively difficult to code for by the robot authors.

]]> By: Sigg3 http://www.cjc.org/blog/archives/2004/09/29/comments-spam/comment-page-1/#comment-199 Tue, 14 Dec 2004 10:53:41 +0000 /?p=128907#comment-199 You could check out the anti-spam for b2, and see wether the Avert_Spam could be re-written for WP.

Check: http://www.sigg3.net/cafelog/

]]>