WordPress.org

Ready to get started?Download WordPress

Forums

wp-morph (12 posts)

  1. skinnylatte
    Member
    Posted 9 years ago #

    wondering if anyone's tried wp-morph and has any comments

    :http://neuromancer.dif.um.es/blog/?p=109http://neuromancer.dif.um.es/blog/?p=109

    i'm currently relying on a capcha but thinking of removing it because of the inconvenience it's causing to my readers.

    but i'm not sure if this one's what i'm looking for (esp. looking at the need for javascript support)

  2. cicloid
    Member
    Posted 9 years ago #

    I prefer, WP-HashCash, or SpamKarma :) of course, this are my preferences...

  3. dsevilla
    Member
    Posted 9 years ago #

    Hehe... I would say that I have pretty good results with WP-Morph :) I don't like hashcash because it has a flaw in design I explain in the webpage of WP-Morph. I haven't tried SpamKarma though, but I'll give it a try.

  4. Jinsan
    Member
    Posted 9 years ago #

    what's this hashcash flaw you speak of? Never had a spam commment get through with it, only legit ones.

  5. brainwidth
    Member
    Posted 9 years ago #

    I hate making the users have to do anything extra to post comments, so all I do is use the optional comment moderation plugin to send any comments made on posts older than 10 days to moderation.

  6. whooami
    Member
    Posted 9 years ago #

    i prefer a well-thought .htaccess. I use NO plugins. I get No spam.

  7. dsevilla
    Member
    Posted 9 years ago #

    Jinsan, hashcash's flaw is that it requires the browser to interpret a md5 routine written in JavaScript to codify a result. At first sight, this would require a browser to interpret the code. However, this is not true, as the only requirement is to "interpret" an md5 routine, any spammer that has a, say, perl script with an md5 routine can generate the correct answer and send the form automatically. I don't know if you've received any spam using HashCash, but it has been reported elsewhere (look in the WP-HashCash main page).

    Best regards,
    diego

  8. dsevilla
    Member
    Posted 9 years ago #

    whoami, would you be so kind that share with us what techniques do you use in your .htaccess? BTW, with WP-Morph the user has to do nothing special: no capcha, etc. Just enable JavaScript.

    Best regards,
    diego

  9. Elliott C. Bäck
    Member
    Posted 9 years ago #

    Actually, there's a little bit more that has to be done than simply sending the md5 of a certain field with WP-hashcash, although it's certainly subtle. First, the spammer has to identify that WP-hashcash is in use on the blog, which in the 2.0 release is substantially more difficult, because the javascript is obfuscated. Then, it has to compute the md5 of a special form field and set the name dynamically. In theory it could be beaten, I suppose, so I may well want to add a computation for the value part as well, in the next .1 release.

  10. Elliott C. Bäck
    Member
    Posted 9 years ago #

    I've just updated WP-Hashcash in SVN to insert javascript to compute the value part of the hashcash computation in one of three random ways, which should stave off any attempts to just hack in the md5. It'll be posted shortly.

  11. angsuman
    Member
    Posted 9 years ago #

    @dseville
    What you said is theoretically correct. In real-life I am yet to see a spammer who realized it and used a bot to break it.
    Having said that variety of solutions are good and fixing it is good too.
    That gives spammers more task :)

    I have been running spam free (comment spam or referrer spam or trackback spam) for last 3-4 months using Hashcash etc. You can find the details here.

  12. Elliott C. Bäck
    Member
    Posted 9 years ago #

    The design flaw Diego mentions has been rectified, and you can get the latest version here:

    http://dev.wp-plugins.org/browser/wp-hashcash/trunk/

    If anyone wants to contribute some identity functions for wp / hashcash, that would be great. Basically, if I give you a number, I want you to give me a javascript function that returns that number but does not contain it.

Topic Closed

This topic has been closed to new replies.

About this Topic