-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02 Oct 2005, at 6:10 AM, Jeremy Andrews wrote:
Something similar is in core already, and will be in Drupal 4.7. It currently cuts out over 99% of the spam I see on KernelTrap: http://drupal.org/node/28420
This has been integrated into the form api. To make any form require a token, you set $form[token] = $key; Where key is something specific to the form .. in the case of comment : $form[token] = 'comment' . $edit['nid'] . $edit['pid']; It's still fairly easy to download the page first and grep out the token to send back though, but it's extra work for the spammer. - -- Adrian Rossouw Drupal developer and Bryght Guy http://drupal.org | http://bryght.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFDP7/SgegMqdGlkasRArSaAJwND55A4jdH/DwS7e3fUjKTvlZ6EQCgutav whI0qd2ZvcvxJvu4aKCuezM= =Kl2Q -----END PGP SIGNATURE-----