[geeklog-devel] Found a spam comment hole.
Dirk Haun
dirk at haun-online.de
Wed Aug 25 16:04:46 EDT 2004
Tom,
>If you search for this you will find a series of links mostly to geeklog
>sites that point to the post a comment page all loaded and ready. Simply
>changing the 'Post a comment' link on stories to a form button would
>eliminate this problem.
I would imagine that a button wouldn't look too good on most themes, though.
We could list that in a "how to prevent comment spam" FAQ entry, though,
together with the idea posted by Matthew Cox over on geeklog-devtalk,
which is to add an entry for comment.php to your robots.txt
We could also try some tricks with the referer, i.e. if referer does not
contain $_CONF['site_url'] then don't display comment.php (but redirect
to somewhere else).
The problem with the latter approach is that the referer is somewhat
unreliable (thus probably blocking a few legit users) and not too hard to
fake.
bye, Dirk
--
http://www.haun-online.de/
http://www.tinyweb.de/
More information about the geeklog-devel
mailing list