[nycphp-talk] user contributed notes on php.net
1j0lkq002 at sneakemail.com
Mon Jan 10 21:46:19 EST 2005
David Mintz dmintz-at-davidmintz.org |nyphp dev/internal group use| wrote:
>Gee it must've been a worse sentence than I thought. My point is that they
>apparently have all these plugins that use all kinds of computational
>muscle to defeat comment-spamming, as opposed to the fairly new
>MoveableType style system, which relies on the TypeKey authentication
>service -- a modest PITA for the legitimate commenter, perhaps, but I have
>found it 100% effective and stopping comment spamming.
A central-signon authentication system like typekey is just a hurdle in
the way of spammers, just like captchas, word games, pictures, and
randomized forms. However, a central authority that cannot be trusted
(such as typekey) is actually more dangerous,because it purports to be
somehting blog publishers can "trust" and whenever there is trust there
is a hack. (Typekey can't be trusted because it doesn't actually
authenticate anyone.. it just acts as a middleman i.e. hurdle).
Granted the only thing at risk here is your blog, but the point is why
set up a trusted authority if you can't trust it? In other words, why
pass off some control to a "central authority" when you went to blogging
in order to be free of the centralized mamagement system for publishing?
Sure of course SixApart would never abuse all that information about who
is commenting on what blog...... just like Google can be trusted with
Back to Wordpress... it is cutting edge, so you will find plug ins for
just about every approach to comment spam management, along with blogs
chronicling how it did or di not work. Here's a page with links 15
different approaches (tarpit, google redirector, latency management,
blacklist, etc etc etc).
More information about the talk