[typo] AJAX comment spam
Kevin Ballard
kevin at sb.org
Mon Mar 13 02:02:49 EST 2006
Yes, that's called a timeout. And Piers Cawley had it right when he said
> Even if you miss the timeout 9 times out of 10, there's always
> another punter.
There's no way for you to know, serverside, whether the access is by
a spammer or by a real user, so as long as the spammer gets an answer
to his captcha fast enough he can spam your blog with impunity.
On Mar 12, 2006, at 9:22 PM, Daejuan Jacobs wrote:
> I see what you're saying, but if my server deletes the session after
> you access the page to get the image (or timeout), than what you're
> tying to server me is invalid.
>
> On 3/12/06, Kevin Ballard <kevin at sb.org> wrote:
>> Uhh, what? The spammer serves back the result in the same session
>> they got the captcha in the first place. This is an automated process
>> so it has the potential to be fast enough.
--
Kevin Ballard
kevin at sb.org
http://kevin.sb.org
http://www.tildesoft.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2378 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/typo-list/attachments/20060312/07066902/attachment.bin
More information about the Typo-list
mailing list