Theoretically speaking: How safe is .Text?

Posted By: BlueFirehawk02 | Aug 19th, 2004 @ 7:01 AM
page 1 of 1
Comments: 5 | Views: 9040
#Aug 19th, 2004 @ 7:01 AM
BlueFirehawk02
BlueFirehawk02
I Code, Therefore, I Am
I was reading the blogs.msdn.com home page and I saw a comment from someone stating "wonder how long it will be before the Microsoft haters spam this site"

Which led me to think, since anyone can post a comment to a blog post, I am wondering how long it will be before we see a DoS worm that targets sites with /rss.aspx feeds? Random comment generators, filling of database back-ends with comments, etc. An army of 1,000 infected machines would probably put down your average web site.

I say theoretically speaking because I do not know if .Text has provisions to prevent this, I do know that out of the box anonymous users can leave comments.. so I assume a standard automated POST call is all that is needed to spam away.

I'm curious because I use .Text on my site as well and I'm sure some anti-Microsoft nut-job is already working on this concept.

What do you folks think?
#Aug 19th, 2004 @ 8:29 AM
Tom Servo
Tom Servo
W-hat?
What makes you think it'd be a .Text exclusive problem?
#Aug 19th, 2004 @ 8:42 AM
BlueFirehawk02
BlueFirehawk02
I Code, Therefore, I Am

Oh I'm sure it's not a problem exclusive to .Text. That'd be ignorant to insinuate that. I chose .Text because that is what Microsoft uses on their blogs.msdn.com site and what I use as well. If some pissed off anti-Microsoft zealot wanted to shut down the Microsoft's first and true open discussion portal with it's customers, they'd only have to implement something like I described above. The only way I see around it is to force a registration before posting comments.

#Aug 19th, 2004 @ 8:55 AM
Tom Servo
Tom Servo
W-hat?
Most blogging softwares (at least those I know) don't feature registrations for commenting. But it seems like people start to implement that, because of comment spam. Security graphics that show scrambled text which would need to be entered in a field before submitting might be the best idea.

.Text however will get a comment moderation queue with the next release, whenever that is.
#Aug 19th, 2004 @ 11:33 AM
jonathanh
jonathanh
My mod color is red
The .Text installation on blogs.msdn.com is actually running those new comment moderation features:
  • Default comment policy changed from "blogger has to actively delete each comment" to "blogger has to actively approve each comment"
  • That policy can be changed on a global basis, or on a post-by-post basis
  • Comments are turned off on posts older than 30 days

A lot of rarely-spammed Microsoft bloggers want to be able to turn off the last feature as well, so that should be coming soon.

The folks who run the site also actively block IP addresses that are a source of blog spam, so right now things seem pretty much under control

#Aug 19th, 2004 @ 12:40 PM
BlueFirehawk02
BlueFirehawk02
I Code, Therefore, I Am
Thanks for the feedback fellas. Security graphics is also probably the best way to do it in an unmoderated situation. Right on!
page 1 of 1
Comments: 5 | Views: 9040