Steve Jones - SSC Editor wrote:Phil Parkin wrote:Out of interest, are the spammers (and their bots) using the standard GUI to create these posts, or is there a back door that they've hacked into?
No backdoor. They're using WGET/CURL quite a bit. We've blcoked those.
This isn't a hole, it's how the Internet works. Your browser does a GET, renders data, and when you click post/submit/etc, you send an HTTP POST (or PATCH) to the server. That HTTP POST can be automated (as can GETs) with various tools.
We've added some things looking for CLI tools as opposed to browsers, but potentially those can be spoofed. We're looking at other things
Thanks, Steve
That implies that they need a valid username to do the submit. Which brings us back round to whether it's possible to validate people with <n posts differently from others? Max one post per hour until 50 posts, perhaps?