check my amazon wishlist


CoreMedia vs. TYPO3

TIMTAB latest builds

stable:
v0.5.11 from TER
bug fix: commenting was possible although disabled for a post

unstable:
2006-04-15

what's new in unstable:
Ready for TYPO3 4.0.0. Trackback routines reorganized. Now Trackbacks will be sent only when the post is not hidden. Please test wether Trackbacks are working when writing post with tools like w.bloggar.

renner

Coding Night Wannabe an Apple? Robert Sebastian Session Robert

Archives

Categories

Buddies and others

del.icio.us links del.icio.us linkage




    Powered by Technorati



    Disclaimer

    I just brought the site back to life so that people can stop reminding me that it's down. Please note that probably most if not all content is outdated. I'll try to update stuff as soon as possible.

    best Ingo

    10
    Sep
    2006

    Down with these spamers


    Long time no post here... anyway spamers don't care whether you update your blog or whether you don't. So I received an enormous amount of comment spam lately which is like more than 350 spam entries in just 4 days. Actualy the comments came in on an old post and so I just disabled the comments for that particular post.

    The comment form is disabled now, but spam kept flying in so that i was wondering what they did to achieve this. Pretty fast I came to the idea that you don't need to fill out a form necessarily but instead just need to send HTTP POST requests to make a comment. I then figured that TIMTAB/ve_guestbook is not checking whether comments are disabled when saving comments to the database but only when displaying the comment form and so they could still comment even without a form.

    The hook needed to fix this fortunately was already in place in ve_guestbook. The preEntryInsertHook is placed right before saving the comment to the database and gives the comment data and a reference/copy to the ve_guestbook object as parameters to the hook function. So I only needed to write and register a function to hook into that place.

    The new function now checks on incoming comments whther they are allowed for the current blog post and if it's not the comment data is discarded without writing it to the database.

    BTW: This hook is actually the same place where you would need to register for to build a spam filter.

    You can get the fixed version from TER now, so have fun!

    comments

    #1 | Thomas commented on Sunday, 10-09-06 17:40

    Gravatar: Thomas

    Hello Ingo,
    great! :-) Let's fight the spam!

    Greets,
    Thomas


    #2 | Fladi commented on Monday, 11-09-06 08:04

    Gravatar: Fladi

    Hi Ingo,
    great Job!

    regards
    Tim


    Sorry, comments are closed for this post.