[dokuwiki] Re: Anti spam brainstorming
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Thu, 9 Nov 2006 22:59:00 +0100
On Thu, 9 Nov 2006 14:42:22 -0700
"Daniel Mitchell" <DanielMitchell@xxxxxxxxxxxxx> wrote:
> I'm not sure if I'm explaining that correctly, so here's the link:
>
> http://isc.sans.org/diary.php?storyid=1836
The described idea wouldn't work to well with the recent targeted
attacks. The spammer identifies the needed fields once manually, then
he configures his script with the correct field names and runs the
script with a a list of page names (obtained through google).
But in the comments was something that could work nearly like a captcha
but without user interaction:
Ed writes: "So far I have been successful by using a session variable
that is set when the form is requested via http get. If the submitted
form doesn't have the session variable set, I dump the email and return
a bogus error message."
Another idea could be to create such a verification key automatically
from some browser user data and an encryption key - like the one we use
to protect the auth cookie from being stolen. This could really
work :-)
Thanks for your input.
Andi
--
http://www.splitbrain.org
Other related posts:
