Re: [COREblog-en] comment poster privacy issue?

Fri, 11 Feb 2005 07:56:39 -0800

Frank Scholz wrote: 
- Firstly, such a script has to be custom made for my site, I mean, the
spammer has to realize that there is a non-spam protection in  the
site, manually follow the poster's link, annotate the names of the
form's fields and make the script. And this work for every site... The
effort is much bigger than just having a robot collecting mailto
references, don't you think?
    
sure! But if these aren't fetchable that easy anymore,
they (the spammers) will look for other ways.
A skript like this is easy, look at the things that are
used for comment or trackback spamming.
I think worldpress or movabletype blogs have been attacked
like this and changed form and field names. But this is only
another logic step and no real obstacle.
If you are the only one using this with COREBlog, then,
depending on your blog-reach, perhaps nobody every
takes the trouble to write such a skript, but if it
is implemented in every COREBlog site and COREBlog
suddenly is the blog of choice ;-),... And have a look at
http://en.wikipedia.org/wiki/Security_through_obscurity
I agree entirely on almost all you have said, except about comment and trackback spam (I will comment on this later). You are right, this system wouldn't be a good one if it was implemented in every Coreblog. I have just quickly patched the problem, it works for me at the moment, and maybe will be interesting for others for the moment, while Atsushi or others think of a better solution... I can only think of adding a captcha to it, but you have already pointed out its faults.. You seem to know quite a lot about the matter, what do you propose?
- Secondly, the comment poster might be receiving some spam through our
site, but at least his address is never compromised and put in the
hands of spammers.
    
I don't think that's a big difference for a spammer,
he wants to spread his message. Again, look at
comment or trackback spamming.
I don't agree in this point. I don't think trackback spamming has any complication, I would compare it to the mailto references. The URLs for sending trackbacks are publicly shown and easily distinguishable. It is very easy for spammers to have robots searching for 'http://.../tbping' or things like that, and then ping to it automatically, as easy as the traditional search for mailto's and sending messages.
As to comment spam... Lately I have been hearing a lot about comment spam, but I'm not suffering any, while I am suffering a lot of trackback spam. The latter means that my site has been spotted by spammers, so why aren't they sending me any comment spam? I think it can be because of the contact form. I imagine that spammers, in order to be able to publish comment spam, look for forms. Maybe in my case they have found the contact form and are using it thinking that it is the publishing form? Because in fact, I am receiving e-mail spam sent through the contact form of my blog... This e-mail spam is annoying, but I prefer it to having to delete comment spam. So in my case, maybe I have accidentally found a honeypot method to avoid comment spam?
- Thirdly, as all the traffic goes through our server, if we see spam
sent through it, we can implement filters that would block spam.
    
this is a broad field for legal discussions.
I wouldn't saddle myself with this.
Well, what sort of legal consequences might it have? I don't think a comment poster would get angry with me because I blocked a spam message that was being sent to him through my blog (in fact, it would be more probable that he would get angry with me if he received spam sent through my blog, or if his address fel in the hands of spammers because of my fault). Or you mean that the spammer can take legal actions against me for not letting him spam through my blog? This would be funny...

------------------------------------------------------
Igor Leturia Azkarate
Elhuyar I+G+B
Zelai Haundi kalea, 3
Osinalde industrialdea
20170 Usurbil
(+34) 943 36 30 40
[EMAIL PROTECTED] / www.elhuyar.org 




_______________________________________________
COREblog-en mailing list
[email protected]
http://postaria.com/cgi-bin/mailman/listinfo/coreblog-en
Unsubscription writing to [EMAIL PROTECTED]

Reply via email to