[typo] AJAX comment spam

Piers Cawley pdcawley at bofh.org.uk
Sun Mar 12 18:41:40 EST 2006

Trejkaz <trejkaz at trypticon.org> writes:
>     - I receive an IM saying a new comment has been posted, which has a
>       link to the admin interface for that article (I'm planning to patch
>       this feature into my local branch already.)
>     - I go into the admin interface, and hit Delete.
>     - The delete confirmation page has a new button, "Delete and Block",
>       which adds that IP onto the blocked list.

Hmm... I've been thinking along those lines too.

> The only other thing we can do is raise the bar some more,
> e.g. require OpenID authentication for all comments.  But things
> like that, a spammer can always work around.  Unfortunately, I
> really, really, really hate CAPTCHA setups, but that's starting to
> look like the only way to stop it.

You can get round CAPTCHAs too by re-serving the captcha images as
legitimate captchas on, say, your porn sites and feeding the punter's
response back to the spammed site. Even if you miss the timeout 9
times out of 10, there's always another punter.

Piers Cawley <pdcawley at bofh.org.uk>

More information about the Typo-list mailing list