Comments on: JSSpamBlock-like protection for any website http://paulbutler.org/archives/jsspamblock-like-protection-for-any-website/ Sun, 16 Oct 2011 08:56:20 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Brandon Checketts http://paulbutler.org/archives/jsspamblock-like-protection-for-any-website/#comment-152 Brandon Checketts Thu, 11 Oct 2007 15:05:29 +0000 http://www.paulbutler.org/archives/jsspamblock-like-protection-for-any-website/#comment-152 Paul, thanks for the explaining your reasoning on JSSpamBlock. I agree that a database is ultimately the only way to verify that a spammer can't reuse a given key. I added the timestamp to the equation to limit the length of time that any key is valid for. In reality, most bots don't even visit the page before posting to it. Even fewer attempt to parse the page. If a bot does have the ability to load and parse the page once versus doing it every time doesn't seem like it would stop them much. In any case, either solution only limits bots who don't execute javascript. Once they are able to execute javascript, these tools will need to be used in conjunction with another level of protection that might include content scanning and black/whitelisting, among other things Paul, thanks for the explaining your reasoning on JSSpamBlock. I agree that a database is ultimately the only way to verify that a spammer can’t reuse a given key. I added the timestamp to the equation to limit the length of time that any key is valid for.

In reality, most bots don’t even visit the page before posting to it. Even fewer attempt to parse the page. If a bot does have the ability to load and parse the page once versus doing it every time doesn’t seem like it would stop them much.

In any case, either solution only limits bots who don’t execute javascript. Once they are able to execute javascript, these tools will need to be used in conjunction with another level of protection that might include content scanning and black/whitelisting, among other things

]]>