I just wrote this in response to this comment on Gagalac's blog.
Well, I got blammed last night and discovered the high utility value of MT-Blacklist. Doing further research today, I discovered your very useful site (thanks!) and FloodMT (search Google for this).
What's a guy to do? We're looking at a war between blog software owners and manufacturers and these black-hat hackers. Unfortunately, bringing down their sites (easily enough done if one uses their tactics against them) simply isn't a solution.
I suppose the operative question is whether or not the FloodMT code is exposing a valid flaw in the coding of MT and LJ or simply taking advantage of the nature of the software design (an inherent element without which blogs wouldn't work). I haven't looked at the code (yet) or studied how it works but I fear that a multiple IP-based attack using random strings is going to be very hard to sidestep.
Maybe we need to establish/enforce some sort of trusted cross-site identification system for comments. Something cryptographically secure and that uses certificates from a central issuing authority. That way, one couldn't post without possessing a key and we would "know" who the posters were.
This, of course, creates a barrier to entry to everyone but it could be a one-time process.
I imagine this sort of authentication would end the ability of these flood and blamming mechanisms to automate comment entries.
Posted by artandscience at January 22, 2004 10:36 AM