August 04, 2004
no comments for a couple of days

I've had to disable comments for a couple of days because of intense comment spamming. While I could handle it with my one-click deletion hack , it's still not fun to do - and I still don't like MT blacklist very much but would prefer an auditing scheme. Until I get around to making one (or ditch MT completely in favour of a homespun solution) comments are off. It shouldn't take too long.

Another solution I've been thinking of as an augmentation is to integrate the comment script with some client side javascript (a signing process) to foil automated attacks. There's a limit to how hard you can spam ff you have to actually use a browser to do it.

My current favourite idea for that would be to generate a nonce server side. Include that in the page with the comment form and use client side javascript to generate an md5 signature of the command and nonce. The comment script would then check the signature to authenticate the comment was generated in a browser.
That would foil any automated attack unless the attacker was intent on working my blog in particular and if that was the case we would have an arms race that was even fun to participate in.

Posted by Claus at August 04, 2004 10:51 AM | TrackBack (0)
Comments (post your own)
Help the campaign to stomp out Warnock's Dilemma. Post a comment.

Email Address:


Type the characters you see in the picture above.

(note to spammers: Comments are audited as well. Your spam will never make it onto my weblog, no need to automate against this form)


Remember info?