[geeklog-devel] Found a spam comment hole.

Dirk Haun dirk at haun-online.de
Wed Aug 25 16:04:46 EDT 2004


>If you search for this you will find a series of links mostly to geeklog 
>sites that point to the post a comment page all loaded and ready.  Simply 
>changing the 'Post a comment' link on stories to a form button would 
>eliminate this problem.

I would imagine that a button wouldn't look too good on most themes, though.

We could list that in a "how to prevent comment spam" FAQ entry, though,
together with the idea posted by Matthew Cox over on geeklog-devtalk,
which is to add an entry for comment.php to your robots.txt

We could also try some tricks with the referer, i.e. if referer does not
contain $_CONF['site_url'] then don't display comment.php (but redirect
to somewhere else).

The problem with the latter approach is that the referer is somewhat
unreliable (thus probably blocking a few legit users) and not too hard to

bye, Dirk


More information about the geeklog-devel mailing list