Those cunning comment spamers have done it again! The last three comments on here were from one "Online Poker". So over the next few weeks, I'll be changing things around in an effort to find a solution that works (and do a little experimentation in the meantime).
So far as I can see, defeating my l33t security means one of three things:
- They have developed some sophisticated AI that can parse my webpages to determine the password.
- They hit me with some sort of dictionary attack.
- A human is putting in the spam.
Since I cant imagine the last the be profitable, and judging by the number of failed requests to "saveComment" in my logs, I'm betting on a dictionary attack.
I've changed the comment password to "camel" for the time being. If it gets broken, I'll try a non-dictionary word.