MT-Approval 0.1.2 »
Those of you who are inquisitive may have noticed that the hash provided by MT-Approval is pretty simple. You are correct. It is very easy, as the plugin was created as a proof-of-concept. That is to say, I wanted to see if it would work. Now that it appears to work, it is possible to build on the existing solution, and that is where the new version comes in.
You must be using Movable Type 3.1 or higher to use any version of MT-Approval.
Version 0.1.2 of MT-Approval is a simple upgrade. If you are already using version 0.1.1, you can just replace the approval.pm file in your installation. If you are a bit anal-retentive like myself, you will want to replace all the files so that the version and dates and stuff match. That's okay too. But the only place any code has changed is inside the approval.pm file. If you are using version 0.0.1 or 0.0.2, you will need to replace, at a minimum, your Approval.pl file and the aforementioned approval.pm file.
This new hash uses two fields that are available on the server side, but not on the client side. These fields are included when calculating the hash. This means that even if a comment spammer knows which fields you are using, they will not know the content of those fields, and so they will be completely unable to reproduce the hash, and thus you should remain comment-spam-free for a little while.
This is not to say that MT-Approval is bulletproof. It is not. When it becomes worth someone's while to do so, they will find a way around the script. There are already known ways around it, but at the moment none of the automated comment-spam-posting tools appear to support those ways. That isn't to say that they won't. In the meantime, I'm working on some ideas with a few others to see if we can't stay one step ahead of them. By the time a solution to MT-Approval exists, hopefully we'll have something else for them to contemplate.
