[drupal-devel] simple and effective comment spam prevention exists and works

Larry Garfield larry at garfieldtech.com
Sat Oct 1 17:26:14 UTC 2005

Um, isn't that the idea behind a captcha?  We've got that already.


On Saturday 01 October 2005 10:44 am, Theodore Serbinski wrote:
> One method we may want to look into. When a session is created a for
> user and they are on a page that allows comments, we come up with a
> unique hash based on say the node ID and session ID. We store this in
> the user's session. When the user goes to create a comment, we pass
> this unique hash with a hidden input field and when they click "post
> comment" we verify this input hidden hash against one stored in the
> user's session. This should prevent most spam comments, IMO.
> ted
> On 10/1/05, Khalid B <kb at 2bits.com> wrote:
> > This defense may work for a while, but will be very short lived.
> >
> > Spam bots will be upgraded to fake a referer that contains the domain
> > name.
> >
> > The spam arms race continues ...

Larry Garfield			AIM: LOLG42
larry at garfieldtech.com		ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 

More information about the drupal-devel mailing list