By: Skuds

Skuds — Tue, 18 Jul 2006 00:32:35 +0000

That sounds about right. Its bloody annoying though. I would have thought that trying to prevent that script being called by anything other than a proper page would be the way to tackle it – but you just know that the spammers would then find some new way round it.

Not that they are that clever – I’m sure they are just script-kiddies using someone else’s code, but the ones who write that code are always up for a challenge.

By: Andrew

Andrew — Thu, 13 Jul 2006 23:45:07 +0000

I *think* that the spammers directly talk to the wp-comments-post.php script, which is called whenever a comment is submitted. They formulate the request so it looks like it comes from a real page, but doesn’t show up as a hit on the site. That’s based on something I vaguely remember reading, though, so could be completely wrong.

Comments on: WordPress Spam

By: Skuds

By: Andrew