Comment spam fix
10Jan2005 Filed under: internetI have been struggling with comment spam, but I think I’ve vanquished it with this latest plugin. It makes the user compute a md5 hash in javascript before submitting a page. Basically, a md5 hash is a unique fingerprint of some binary sequence, that can only be computed by running the md5 algorithm. What this script does is take the IP address of the user agent hitting your post page, a site-specific string, the user agent string, and the time down to the hour. Then it md5 encodes that string, which means analysis of the string itself can’t reveal how it is generated.
It inserts into each page a randomly-named javascript function that, upon submission, computes the md5 for the md5-encoded string and makes that the name of a hidden form variable, which in turn has a unique value.
What this means is this:
- A spammer must visit every comment page in order to get the information needed to comment on each page.
- A spammer must implement enough javascript & DOM to handle the function.
- A spammer must compute a md5 sum.
All of these things are expensive, computationally speaking. Calculating the md5 sum itself is not so bad, rendering a DOM tree & loading a javascript engine is fairly expensive, if you’re trying to spam millions of pages.
This may not be the ultimate fix, but I suspect it may put the “cost” of generating spam too high for most spammers. If you have a WordPress blog, I can’t recommend the WP-Hashcash plugin enough.
One Response to “Comment spam fix”
Leave a reply
Bookmarks
- LDAP Schema DesignFinally, someone who actually talks about schema design.
- Go Paperless, Get Organized | Pixilyoffers prepaid mail-in envelopes for all types of docs.
- configuration API - Augeasedit config files via an api
- Maatkit: a toolkit of utilities and tools for MySQLEssential tools for any sort of multi-server Mysql deployment
- Automated PHP Deployment With CapistranoMake your php app deploy via Capistrano
- Online Performance and Scalability Book
- The Zombie of Montclaire Moors Sculpture - Design ToscanoZombie lawn statue
- Wackamole: use your resourcesmake your virtual ips float between n machines
- Enomalism : Elastic Computing Platformallows for the management of internal virtual machines as well as ec2 instances
- Using Git as a versioned data store in Python | Git, Python | New Artisans LLC
April 6th, 2005 at 4:29 am
I installed the authimage.php plugin and, of course, changed the code a bit to my liking. I have not had a single spam since, very happy about that. The main thing I did was to make it so it transmitted the seed for the random generation in the form submit so I could do some other things and didn’t have to save any state, if that makes any sense. It removes the requirement to have sessions used for this and makes it easier to use other places (I’ve used it for non word press purposes).