[pmwiki-users] Pondering adding comment ability to wiki pages, and thoughts on spam prevention

tamouse mailing lists tamouse.lists at gmail.com
Sat Mar 24 10:06:36 CDT 2012


On Wed, Mar 21, 2012 at 10:03 AM, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Wed, Mar 21, 2012 at 06:01:48PM +1300, John Rankin wrote:
>>
>> Have you investigated the option of a "honey trap"? That is, a field
>> within a <div> with a class for display:none, so a human doesn't see it.
>> The theory being that if the field is filled in, it must be a spambot, so
>> reject the comment.


This was one particular option I am thinking of implementing, I am
still in the investigation phase on this.

>
> pmwiki.org has used a couple of honeypots for a while, and it works
> fairly well.  On the Site.EditForm, we have
>
>    (:input hidden code1 6472:)
>    %comment%Enter code: (:input text code2:)
>
> Then in local.php, something like:
>
>    if ($action == 'edit' && preg_grep('/^post/', array_keys(@$_POST)) {
>        if (@$_REQUEST['code1']!='6472' || @$_REQUEST['code2'] > '') {
>            $EnablePost = 0;
>            $IsBlocked = 1;
>        }
>    }
>
> The 'code1' hidden input control verifies that hidden input controls
> are being filled in and not modified by the submitter.  The 'code2'
> input control is the honeypot; although it's in the HTML output it
> doesn't display in the browser (because of %comment%).  If code2 comes
> back filled in with a value, it's probably a robot of some sort.
>
>> It would be interesting to know how well this works in
>> practice, because it is simple to implement (a field, a css class and an
>> if statement) and adds no burden to human commenters. No password or
>> captcha is required.
>
> When I added this to pmwiki.org (several years ago), I did some logging
> to see how effective it was -- it did manage to trap quite a lot of
> spam submissions.  However, it's not a total solution, as evidenced by
> the fact that spam still manages to get past it onto pmwiki.org.
>
> Pm

Thanks Pm, I thought I had read about this.

I am aware it does not get all spam, but then I think nothing really
will get all spam. They get more devious every day, sort of an
ever-escalating trade war.



More information about the pmwiki-users mailing list