[drupal-devel] simple and effective comment spam prevention exists and works

Theodore Serbinski tss24 at cornell.edu
Sat Oct 1 15:44:52 UTC 2005

One method we may want to look into. When a session is created a for
user and they are on a page that allows comments, we come up with a
unique hash based on say the node ID and session ID. We store this in
the user's session. When the user goes to create a comment, we pass
this unique hash with a hidden input field and when they click "post
comment" we verify this input hidden hash against one stored in the
user's session. This should prevent most spam comments, IMO.


On 10/1/05, Khalid B <kb at 2bits.com> wrote:
> This defense may work for a while, but will be very short lived.
> Spam bots will be upgraded to fake a referer that contains the domain name.
> The spam arms race continues ...

More information about the drupal-devel mailing list