Re: [drupal-devel] simple and effective comment spam prevention exists and works

One method we may want to look into. When a session is created a for user and they are on a page that allows comments, we come up with a unique hash based on say the node ID and session ID. We store this in the user's session. When the user goes to create a comment, we pass this unique hash with a hidden input field and when they click "post comment" we verify this input hidden hash against one stored in the user's session. This should prevent most spam comments, IMO. ted On 10/1/05, Khalid B <kb@2bits.com> wrote:

This defense may work for a while, but will be very short lived.

Spam bots will be upgraded to fake a referer that contains the domain name.

The spam arms race continues ...