- Timestamp: don't allow a long period between reading and posting. (I had mixed success with this way back when.)
- Hash: check the IP, timestamp, post # - prevents playback attacks.
- Randomized field names.
- Honeypot fields: invisible (not hidden) fields that, if filled in, are a spam indicator.
The author of the post uses these and only these to block spam - no content-based filters at all. That's cool.
As you know, Bob, I have long wanted to produce a workflow system of sorts that would include spam content filters; form generation is something I hadn't even considered - but it's a great idea. So ... keep this in mind.
No comments:
Post a Comment