[uf-discuss] rel-edit
Evan Prodromou
evan at prodromou.name
Mon May 28 15:00:42 PDT 2007
On Sat, 2007-26-05 at 13:48 +1000, Michael MD wrote:
> > So, on the tail of RecentChangesCamp Montreal
> > (http://www.rocococamp.info/), there's an effort to work out some
> > universal conventions for wiki engines to indicate that a page is
> > editable.
> >
>
> Good idea in theory ... but what about the possible misuse by spambots
> crawling for places to post their spam?
>
> I know this is a separate issue (the site would need to enforce
> logins/authentication/etc and spambots are likely to find such pages but
> just following links anyway), but it may deter people from using it if this
> issue isn't thought about.
I don't think rel-edit would be particularly helpful for spambots.
I'd guess that a typical spambot doesn't go to
http://microformats.org/wiki/how-to-play to find the edit link. It knows
that http://microformats.org/wiki?title=%s&action=edit is the correct
pattern to use to edit a page. It probably doesn't even bother with that
(unless there's some kind of XSS protection on the site), but probably
just POSTs directly to the submission page.
There are lots of things that a spambot needs to know (names of fields
in the submission form, submission target URL) that couldn't be
discovered just by using rel-edit. The information that rel-edit gives
the spammer (what the URL pattern is for the edit form) is far easier to
get by hand than by a random crawl of the Internet.
So: it's possible that a pre-spamming discovery bot might be programmed
to search the Internet for links marked with rel-edit, but that wouldn't
get the spammer too far, and security through obscurity isn't that
useful, anyways.
-Evan
More information about the microformats-discuss
mailing list