Edit Rename Changes History Upload Download Back to Top

measure time between request of edit form and submission of the edited page

To detect spambots we could measure the time elapsed between request of the page edit form and submission of the form. If this is 3 seconds or less it 'must' have been an automaton.

Since I don't want to add server-side 'session' state for this we could put a time stamp in the edit form and use that to determine the elapsed time. Obviously that can be tweaked so we could obfuscate the timestamp (rot16 or something simalarly simple) or go all-out by digitally signing it.

Well, I implemented this, it seems to catch only half of the bots in the botnet that visit a specific page here. It seems several of the bots are either 'to far' away or severely overloaded machines since their edit times vary wildly.

I spoke too soon, it may be that those long edit times are related to my WikiServer doing domain name lookups - I'll look into that some more. I also had a large swath of Russian IP numbers blacklisted in my firewall due to excessive wiki spam. I removed those from the blacklist and it seems to make no impact since I introduced time measurement :-)


Edit Rename Changes History Upload Download Back to Top