[typo] AJAX comment spam

Kevin Ballard kevin at sb.org
Mon Mar 13 02:02:49 EST 2006

Yes, that's called a timeout. And Piers Cawley had it right when he said

> Even if you miss the timeout 9 times out of 10, there's always  
> another punter.

There's no way for you to know, serverside, whether the access is by  
a spammer or by a real user, so as long as the spammer gets an answer  
to his captcha fast enough he can spam your blog with impunity.

On Mar 12, 2006, at 9:22 PM, Daejuan Jacobs wrote:

> I see what you're saying, but if my server deletes the session after
> you access the page to get the image (or timeout), than what you're
> tying to server me is invalid.
> On 3/12/06, Kevin Ballard <kevin at sb.org> wrote:
>> Uhh, what? The spammer serves back the result in the same session
>> they got the captcha in the first place. This is an automated process
>> so it has the potential to be fast enough.

Kevin Ballard
kevin at sb.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2378 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/typo-list/attachments/20060312/07066902/attachment.bin 

More information about the Typo-list mailing list