Child’s Play Charity
December 6, 2006 5:44pm
Tulane Hospital for Children in New Orleans has been added to the charity list! So, instead of buying me something, instead buy a game, movie, cd, etc. for a sick kid stuck in the hospital. Last year, I bought a Playstation 2 for the Texas Children’s Hospital, this year it’s the Lord of the Rings Trilogy on DVD, a Lego Star Wars Video game, and the always fun Clue and Life board games going to Tulane Hospital.
Please, pass this along.
From Child’s Play Charity ( http://www.childsplaycharity.org ):
Since 2003, gamers have banded together through registered Seattle-based charity, Child’s Play. Over a million dollars in donations of toys, games, books and cash for sick kids in children’s hospitals across North America and the world have been collected since our inception.
We collect no administrative fees or other charges, 100% of all gifts and donations go directly to our partner hospitals, to help make life a little brighter for a sick child.
This year, we have continued expanding across the country and the globe. With over 25 partner hospitals and more arriving every month, you can be sure to find one from the map above that needs your help! You can choose to purchase requested items from their online retailer wish lists, or make a cash donation that helps out Child’s Play hospitals everywhere. Any items purchased through Amazon or DStore will be shipped directly to your hospital of choice, please be sure to select their shipping address rather than your own.
Spam Comment Cache-busting.
December 6, 2006 1:51pm
So, one of the issues I’ve seen with comment spam is the bots’ use of cached versions of blog/etc pages. While my new spam reduction method was pretty effective, it did nothing whatsoever to stop spamming via cached-pages.
Since the older cached pages didn’t have the baited field, it didn’t submit a value for said field, and therefore the comment was posted.
This could be an issue. So I created a new, “hidden” field on the comments page. Looks something like this:
<input name=”cache” value=”442588497e34d3313cdc493a9ae0963c” type=”hidden” />
Initially, I had the cache value set to “1″, but I realized that would itself get cached, and that was pointless against future cached versions. So I needed to create a value daily, automagically.
So, in the wp-config.php file, I added the following lines:
// ‘Cache Buster’ extra data to make sure the md5 checksum it generates in the
// comment form is not reverse engineer-able. In the installation process, it would auto-fill
// with a rand() echo;
define(‘COMMENTCACHE’, ‘This is where the extra data goes.’);
So, the value that you see above, 442588497e34d3313cdc493a9ae0963c, is a md5 hash of the current date plus the COMMENTCACHE variable: 20061206This is where the extra data goes.
And on the backend, I modified the wp-comments-post.php file from:
if(!$_POST['subject']) { // execute comment
$comment_id = wp_new_comment( $commentdata );
}
to:
if( !$_POST['subject'] && $_POST['cache'] == md5(date(Ymd).COMMENTCACHE) ) { // execute comment
$comment_id = wp_new_comment( $commentdata );
}
So now we have a unique value, automatically generated daily that can’t be generated by bots (because they don’t know the extra data), that completely stops spam from cached content sources.
So here’s the numbers of the spam tests, from no method, to hidden method, to hidden + cache method:
Sonny: 1423 -> 953 -> 190
Me: 201 -> 10 -> 4
Looks to be pretty effective overall to be submitted to WordPress for inclusion in their next revision. And yes, I have changed my ‘extra data’. ;)
