[drupal-devel] simple and effective comment spam prevention
exists and works
Khalid B
kb at 2bits.com
Sat Oct 1 17:31:01 UTC 2005
No, a captcha is very different.
A captcha relies on some output (letters/numbers in a graphic or an
equation to solve) that is human readable/solvable. This is almost
impossible for a bot to decipher and hence is a good defense.
A referer is trivial to fake. Just put the domain name in the referer
and voila: it is not a defence.
So, it just becomes another arsenal in the arms race that becomes
useless quickly, giving a false sense of securty, wasting effort, and
bloating the code.
On 10/1/05, Larry Garfield <larry at garfieldtech.com> wrote:
> Um, isn't that the idea behind a captcha? We've got that already.
>
> http://drupal.org/project/captcha
>
> On Saturday 01 October 2005 10:44 am, Theodore Serbinski wrote:
> > One method we may want to look into. When a session is created a for
> > user and they are on a page that allows comments, we come up with a
> > unique hash based on say the node ID and session ID. We store this in
> > the user's session. When the user goes to create a comment, we pass
> > this unique hash with a hidden input field and when they click "post
> > comment" we verify this input hidden hash against one stored in the
> > user's session. This should prevent most spam comments, IMO.
> >
> > ted
> >
> > On 10/1/05, Khalid B <kb at 2bits.com> wrote:
> > > This defense may work for a while, but will be very short lived.
> > >
> > > Spam bots will be upgraded to fake a referer that contains the domain
> > > name.
> > >
> > > The spam arms race continues ...
>
> --
> Larry Garfield AIM: LOLG42
> larry at garfieldtech.com ICQ: 6817012
>
> "If nature has made any one thing less susceptible than all others of
> exclusive property, it is the action of the thinking power called an idea,
> which an individual may exclusively possess as long as he keeps it to
> himself; but the moment it is divulged, it forces itself into the possession
> of every one, and the receiver cannot dispossess himself of it." -- Thomas
> Jefferson
>
More information about the drupal-devel
mailing list