[drupal-devel] simple and effective comment spam prevention
exists and works
Jeremy Andrews
jeremy at kerneltrap.org
Sun Oct 2 12:22:16 UTC 2005
On Sun, 2 Oct 2005 13:09:05 +0200
Adrian Rossouw <adrian at bryght.com> wrote:
> > Something similar is in core already, and will be in
> > Drupal 4.7. It currently cuts out over 99% of the spam I
> > see on KernelTrap: http://drupal.org/node/28420
>
> This has been integrated into the form api.
Cool! :)
> To make any form require a token, you set
> $form[token] = $key;
>
> Where key is something specific to the form .. in the case
> of comment : $form[token] = 'comment' . $edit['nid'] .
> $edit['pid'];
>
>
> It's still fairly easy to download the page first and grep
> out the token to send back though, but
> it's extra work for the spammer.
Yes. The best solution I have come up with is to track token
use, preventing token re-use. I had a nearly working patch a
while ago (it tracked the last n-used tokens), but ran out of
time. It had some issues telling previews and submits apart,
as well as with handling followup edits. When it becomes
necessary, I will surely dust it off again.
Cheers,
-Jeremy
More information about the drupal-devel
mailing list