[geeklog-devel] Found a spam comment hole.

Peter Roozemaal mathfox at xs4all.nl
Wed Aug 25 16:28:31 EDT 2004

Dirk Haun wrote:

>>If you search for this you will find a series of links mostly to geeklog 
>>sites that point to the post a comment page all loaded and ready.  Simply 
>>changing the 'Post a comment' link on stories to a form button would 
>>eliminate this problem.
> I would imagine that a button wouldn't look too good on most themes, though.
> We could list that in a "how to prevent comment spam" FAQ entry, though,
> together with the idea posted by Matthew Cox over on geeklog-devtalk,
> which is to add an entry for comment.php to your robots.txt
> We could also try some tricks with the referer, i.e. if referer does not
> contain $_CONF['site_url'] then don't display comment.php (but redirect
> to somewhere else).
> The problem with the latter approach is that the referer is somewhat
> unreliable (thus probably blocking a few legit users) and not too hard to
> fake.

Groklaw has a link (from an external site) to a comment entry form. An
automatic redirect on both the comment entry and comment submit would be
very helpfull against stupid linking.


More information about the geeklog-devel mailing list