Captcha Now Enabled
We finally got some comment spam after upgrading to Expression Engine. Four of them overnight. Oh, the humanity!
Worse, they were posts where the comments were closed. We have a strict closure after ten days, which I hate having to do. Perhaps we’ll change that, if it’s not going to stop spammers. I don’t like that it makes any previous comments received no longer viewable.
Anywho, I believe the spammers found a loophole. In pMachine and other products, posts are referenced by sequential ID number. What could be easier for spammers? All they have to know is what file and location on your server is the one that handles comments, and access it programmatically.
In Expression Engine, post URLs are not numeric. This one, for instance, will end in captcha_now_enabled, rather than a number. Except the posts still have ID numbers and can technically still be referenced that way too. Doh! Apparently EE has been “out there” long enough, and become widespread enough, it became worth bothering to figure out.
So I have just turned on captchas. That’s the graphic showing a word you have to type in for your comment to be accepted. It was nice not to need it. Oh well.
Meanwhile, I think I figured out why people have trouble with our trackbacks. Each one has a security code at the end, allegedly usable one time only before it changes, and you have to click the trackback link to copy and paste the current URL that includes the code at the end. Trackbacks are also throttled to five per hour, though that’s not likely to be an issue except possibly when hosting something highly linked like a carnival. Anyway, while it’s possible the security code function acts up and causes problems, I suspect that some people copy the trackback link URL rather than clicking through and copying the coded version. Now you know.
Next entry: Your Daily Sadie
Previous entry: 3 weeks past a year