wp-morph

I prefer, WP-HashCash, or SpamKarma ?? of course, this are my preferences…

Hehe… I would say that I have pretty good results with WP-Morph ?? I don’t like hashcash because it has a flaw in design I explain in the webpage of WP-Morph. I haven’t tried SpamKarma though, but I’ll give it a try.

what’s this hashcash flaw you speak of? Never had a spam commment get through with it, only legit ones.

I hate making the users have to do anything extra to post comments, so all I do is use the optional comment moderation plugin to send any comments made on posts older than 10 days to moderation.

i prefer a well-thought .htaccess. I use NO plugins. I get No spam.

Jinsan, hashcash’s flaw is that it requires the browser to interpret a md5 routine written in JavaScript to codify a result. At first sight, this would require a browser to interpret the code. However, this is not true, as the only requirement is to “interpret” an md5 routine, any spammer that has a, say, perl script with an md5 routine can generate the correct answer and send the form automatically. I don’t know if you’ve received any spam using HashCash, but it has been reported elsewhere (look in the WP-HashCash main page).

Best regards,
diego

whoami, would you be so kind that share with us what techniques do you use in your .htaccess? BTW, with WP-Morph the user has to do nothing special: no capcha, etc. Just enable JavaScript.

Best regards,
diego

Actually, there’s a little bit more that has to be done than simply sending the md5 of a certain field with WP-hashcash, although it’s certainly subtle. First, the spammer has to identify that WP-hashcash is in use on the blog, which in the 2.0 release is substantially more difficult, because the javascript is obfuscated. Then, it has to compute the md5 of a special form field and set the name dynamically. In theory it could be beaten, I suppose, so I may well want to add a computation for the value part as well, in the next .1 release.

I’ve just updated WP-Hashcash in SVN to insert javascript to compute the value part of the hashcash computation in one of three random ways, which should stave off any attempts to just hack in the md5. It’ll be posted shortly.

@dseville
What you said is theoretically correct. In real-life I am yet to see a spammer who realized it and used a bot to break it.
Having said that variety of solutions are good and fixing it is good too.
That gives spammers more task ??

I have been running spam free (comment spam or referrer spam or trackback spam) for last 3-4 months using Hashcash etc. You can find the details here.

The design flaw Diego mentions has been rectified, and you can get the latest version here:

https://dev.wp-plugins.org/browser/wp-hashcash/trunk/

If anyone wants to contribute some identity functions for wp / hashcash, that would be great. Basically, if I give you a number, I want you to give me a javascript function that returns that number but does not contain it.