[typo] AJAX comment spam

Trejkaz trejkaz at trypticon.org
Sun Mar 12 17:37:37 EST 2006


Marco van Hylckama Vlieg wrote:
> Nope, that's pingback. Similar to trackback, but different.
> Sending a trackback requires a manual action by the blogger who wants  
> to send one. Pingback however is done automatically.

Typo seems, at least on the surface, to consider the two to be exactly 
the same animal.

In any case, I don't think JavaScript is going to help in the long run. 
  As I said in my original message, the spambots have now figured out 
how to submit blog posts even though I have non-AJAX commenting 
disabled.  So it isn't like they're afraid of a little JavaScript 
anymore.  We need something better.

A lot of this could probably be done via some more clever integration 
between the admin UI and the spam blocking script.

e.g.:

    - I receive an IM saying a new comment has been posted, which has a
      link to the admin interface for that article (I'm planning to patch
      this feature into my local branch already.)
    - I go into the admin interface, and hit Delete.
    - The delete confirmation page has a new button, "Delete and Block",
      which adds that IP onto the blocked list.

The only other thing we can do is raise the bar some more, e.g. require 
OpenID authentication for all comments.  But things like that, a spammer 
can always work around.  Unfortunately, I really, really, really hate 
CAPTCHA setups, but that's starting to look like the only way to stop it.

TX


More information about the Typo-list mailing list