[geeklog-devel] Found a spam comment hole.

Dirk Haun dirk at haun-online.de
Wed Aug 25 16:04:46 EDT 2004


Tom,

>If you search for this you will find a series of links mostly to geeklog 
>sites that point to the post a comment page all loaded and ready.  Simply 
>changing the 'Post a comment' link on stories to a form button would 
>eliminate this problem.

I would imagine that a button wouldn't look too good on most themes, though.

We could list that in a "how to prevent comment spam" FAQ entry, though,
together with the idea posted by Matthew Cox over on geeklog-devtalk,
which is to add an entry for comment.php to your robots.txt

We could also try some tricks with the referer, i.e. if referer does not
contain $_CONF['site_url'] then don't display comment.php (but redirect
to somewhere else).

The problem with the latter approach is that the referer is somewhat
unreliable (thus probably blocking a few legit users) and not too hard to
fake.

bye, Dirk


-- 
http://www.haun-online.de/
http://www.tinyweb.de/




More information about the geeklog-devel mailing list