[typo] AJAX comment spam
trejkaz at trypticon.org
Sun Mar 12 17:37:37 EST 2006
Marco van Hylckama Vlieg wrote:
> Nope, that's pingback. Similar to trackback, but different.
> Sending a trackback requires a manual action by the blogger who wants
> to send one. Pingback however is done automatically.
Typo seems, at least on the surface, to consider the two to be exactly
the same animal.
As I said in my original message, the spambots have now figured out
how to submit blog posts even though I have non-AJAX commenting
anymore. We need something better.
A lot of this could probably be done via some more clever integration
between the admin UI and the spam blocking script.
- I receive an IM saying a new comment has been posted, which has a
link to the admin interface for that article (I'm planning to patch
this feature into my local branch already.)
- I go into the admin interface, and hit Delete.
- The delete confirmation page has a new button, "Delete and Block",
which adds that IP onto the blocked list.
The only other thing we can do is raise the bar some more, e.g. require
OpenID authentication for all comments. But things like that, a spammer
can always work around. Unfortunately, I really, really, really hate
CAPTCHA setups, but that's starting to look like the only way to stop it.
More information about the Typo-list