Main Menu

Recommended sites

Add to MyYahoo!
Subscribe in NewsGator Online
Add to Newsburst
Add to Google
Add to My AOL
Add to Pluck
Subscribe in FeedLounge
Add to Windows Live
Add to NetVibes
Subscribe in Rojo
Subscribe in Bloglines
Add to MyMSN
Add to Plusmo for your cellphone
Add to PageFlakes
Add to Technorati
Add to BlinkBits
Slowing down spamming! Hashcash challenge in com_akocomment Print E-mail
User Rating: / 0
PoorBest 
Thursday, 24 February 2005 23:01
So I have just finished and test the integration of a hashcash challenge (MD5) into the com_akocomment component...using the code of this page http://dev.wp-plugins.org/browser/wp-hashcash/trunk/ only an extract but all credit to original authors:
  • C.S. - www.cimmanon.org
  • Gene Shepherd - www.imporium.org
  • John F -www.stonegauge.com
  • Magenson - http://blog.magenson.de/
  • Matt Mullenweg - photomatt.net
  • Matt Warden - www.mattwarden.com
  • Paul Andrew Johnston - pajhome.org.uk
    and to  Arthur Konze, the author of com_akocomment : This e-mail address is being protected from spambots, you need JavaScript enabled to view it

I must also pack everything into a new version of the component or better say refactored the code a little bit, because it is still full of debug statements...

Principle:
robot wo want to submit spam comments must pay the prize (using cpu time, approx. 100 hashcash max. each minute on a high end computer) and compute manually (can not be automated by submitting directly to the form) a Hashcash (www.Hashcash.org)


Extract form the document of wp-hashcash:
"Wordpress Hashcash
Introduction:
Taking Matt’s stopgap spam solution, which sends precomputed hashes to be echoed back by the user-agent’s form, I’ve added dynamic generation of the md5 hash. Rather than write it to a hidden field, we wait until the form is submitted to compute the hash. This prevents spammers from automatically scraping the form, because anyone wanting to submit a comment *must* execute the javascript md5.
This plugin used to be called “Spam Stopgap Extreme.â€? Now it’s been moved to the WP plugins repository under the new name “Wordpress Hashcash.â€? All future development will take place through the plugins repository.
New Features:
  • Log and emailing of spam, for your records
  • Client-side hash required.
  • The “Keyâ€? is hashed once before output to the html form–so spammers can’t make sense of it, and then hashed on the client side, again.
  • The “Keyâ€? is now a time-dependent, visitor dependent hash, for more variability. You can’t just compute the right md5 once, because it’s always changing.
  • Failure to compute the md5 hash results in a 1 minute timeout penalty. "

Expect a release before week end...But I must also inform Arthur Konze first for a feedback
Then I will add the same code in login page (because generizing the code),in order  to avoid brute forcing password in admin login page....and in guestbook (because I was spammed many times last week)
Comments
Add New Search RSS
Write comment
Name:
Email:
 
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
:):grin;)8):p:roll:eek:upset:zzz:sigh:?:cry
:(:x
Please input the anti-spam code that you can read in the image.

3.20 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

< Prev   Next >
Last Updated ( Friday, 25 February 2005 00:19 )
 

Another articles:


Content View Hits : 2426280

Enter Amount:

demo.waltercedric.com.jpg
demo2.waltercedric.com.jpg
forums.waltercedric.com.jpg
bugs.waltercedric.com.jpg
gallery.waltercedric.com.jpg
wiki.waltercedric.com.jpg

Popular