[geeklog-devel] Found a spam comment hole.
Peter Roozemaal
mathfox at xs4all.nl
Wed Aug 25 16:28:31 EDT 2004
Dirk Haun wrote:
>>If you search for this you will find a series of links mostly to geeklog
>>sites that point to the post a comment page all loaded and ready. Simply
>>changing the 'Post a comment' link on stories to a form button would
>>eliminate this problem.
>
> I would imagine that a button wouldn't look too good on most themes, though.
>
> We could list that in a "how to prevent comment spam" FAQ entry, though,
> together with the idea posted by Matthew Cox over on geeklog-devtalk,
> which is to add an entry for comment.php to your robots.txt
>
> We could also try some tricks with the referer, i.e. if referer does not
> contain $_CONF['site_url'] then don't display comment.php (but redirect
> to somewhere else).
>
> The problem with the latter approach is that the referer is somewhat
> unreliable (thus probably blocking a few legit users) and not too hard to
> fake.
Groklaw has a link (from an external site) to a comment entry form. An
automatic redirect on both the comment entry and comment submit would be
very helpfull against stupid linking.
Greetings,
Peter.
More information about the geeklog-devel
mailing list