Comments on: comment spam resistance http://simonhammond.com/blog/2005/03/22/comment-spam-resistance/ has moved to sihammond.com Fri, 21 Aug 2009 09:18:36 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: blog @ davegurnell.com http://simonhammond.com/blog/2005/03/22/comment-spam-resistance/comment-page-1/#comment-46 blog @ davegurnell.com Sun, 03 Apr 2005 22:53:31 +0000 http://simonhammond.com/blog/?p=83#comment-46 [...] der Web, Geek. Leave a comment | Trackback URL | Comments RSS Following the simple anti comment spam measures suggested by Simon, I am trying a little experiment of by own. I have removed the C [...] [...] der Web, Geek.
Leave a comment |
Trackback URL |
Comments RSS

Following the simple anti comment spam measures suggested by Simon, I am trying a little experiment of by own. I have removed the C [...]

]]> By: DaveG http://simonhammond.com/blog/2005/03/22/comment-spam-resistance/comment-page-1/#comment-48 DaveG Thu, 31 Mar 2005 11:27:26 +0000 http://simonhammond.com/blog/?p=83#comment-48 Another point to note (quite obvious, this one): CAPTCHAs don't affect trackback or pingback spam. In fact, in Wordpress 1.2 (which I'm still using for DJBA and SquirrelWeb) I don't think disabling the admin option for "Allow link notifications from other Weblogs (pingbacks and trackbacks.)" actually does anything. A quick remedy is to add a PHP die() to the beginning of the relevant files (wp-trackback.php and xmlrpc.php). However, this rather avoids the fact that trackbacks and pingbacks are cool. It's a shame to disable them. Perhaps a way around this would be to add a "blog URL" field to the trackback request, which can be whitelisted or blacklisted accordingly. I wonder if Wordpress 1.5 does this (I remember something about whitelisting)? Another point to note (quite obvious, this one):

CAPTCHAs don’t affect trackback or pingback spam. In fact, in WordPress 1.2 (which I’m still using for DJBA and SquirrelWeb) I don’t think disabling the admin option for “Allow link notifications from other Weblogs (pingbacks and trackbacks.)” actually does anything.

A quick remedy is to add a PHP die() to the beginning of the relevant files (wp-trackback.php and xmlrpc.php). However, this rather avoids the fact that trackbacks and pingbacks are cool. It’s a shame to disable them.

Perhaps a way around this would be to add a “blog URL” field to the trackback request, which can be whitelisted or blacklisted accordingly. I wonder if WordPress 1.5 does this (I remember something about whitelisting)?

]]> By: DaveG http://simonhammond.com/blog/2005/03/22/comment-spam-resistance/comment-page-1/#comment-47 DaveG Thu, 31 Mar 2005 11:12:15 +0000 http://simonhammond.com/blog/?p=83#comment-47 I think I'll try it anyway... <a href="http://djbigadventure.com" rel="nofollow">DJBA</a> is getting spam at the moment so I'll update it and we'll see what happens. Whoops! Almost forgot to tick the box! What kind of goody goody human am I?! I think I’ll try it anyway… DJBA is getting spam at the moment so I’ll update it and we’ll see what happens.

Whoops! Almost forgot to tick the box! What kind of goody goody human am I?!

]]> By: si http://simonhammond.com/blog/2005/03/22/comment-spam-resistance/comment-page-1/#comment-45 si Wed, 30 Mar 2005 16:57:30 +0000 http://simonhammond.com/blog/?p=83#comment-45 I expect that would probably stop most current spam-bots. The danger is that if many blogs have the same structure then the form elements might still be reliably inferred. Even if they aren't, spam-bots will probably just try random combinations because, hey, they don't care! From their point of view it's better to leave some kind of trace than none. I expect that would probably stop most current spam-bots. The danger is that if many blogs have the same structure then the form elements might still be reliably inferred. Even if they aren’t, spam-bots will probably just try random combinations because, hey, they don’t care! From their point of view it’s better to leave some kind of trace than none.

]]> By: DaveG http://simonhammond.com/blog/2005/03/22/comment-spam-resistance/comment-page-1/#comment-44 DaveG Tue, 29 Mar 2005 18:23:03 +0000 http://simonhammond.com/blog/?p=83#comment-44 How about just renaming the form elements to be something else? For example (substitute square brackets for echelons): [input name="melon"/] Name (required)[br/] [input name="bison"/] Mail (will not be published) (required)[br/] [input name="happy"/] Website [textarea name="airvent"][/textarea] I don't think spam bots will be able to interpret that, and it doesn't require ANY authentication. How about just renaming the form elements to be something else? For example (substitute square brackets for echelons):

[input name="melon"/] Name (required)[br/]
[input name="bison"/] Mail (will not be published) (required)[br/]
[input name="happy"/] Website
[textarea name="airvent"][/textarea]

I don’t think spam bots will be able to interpret that, and it doesn’t require ANY authentication.

]]>