Joomla extensions have moved!

Galaxiis (formely www.waltercedric.com) creates industry leading premium Joomla Extensions and is the longest running Joomla extensions provider since 2005.

Powerful Joomla extensions. - Excellent documentation. - Amazing support.

Visit now www.galaxiis.com

So I have just finished and test the integration of a hashcash challenge (MD5) into the com_akocomment component...using the code of this page http://dev.wp-plugins.org/browser/wp-hashcash/trunk/ only an extract but all credit to original authors:
  • C.S. - www.cimmanon.org
  • Gene Shepherd - www.imporium.org
  • John F -www.stonegauge.com
  • Magenson - http://blog.magenson.de/
  • Matt Mullenweg - photomatt.net
  • Matt Warden - www.mattwarden.com
  • Paul Andrew Johnston - pajhome.org.uk
    and to  Arthur Konze, the author of com_akocomment : This email address is being protected from spambots. You need JavaScript enabled to view it.

I must also pack everything into a new version of the component or better say refactored the code a little bit, because it is still full of debug statements...

Principle:
robot wo want to submit spam comments must pay the prize (using cpu time, approx. 100 hashcash max. each minute on a high end computer) and compute manually (can not be automated by submitting directly to the form) a Hashcash (www.Hashcash.org)


Extract form the document of wp-hashcash:
"Wordpress Hashcash
Introduction:
Taking Matt’s stopgap spam solution, which sends precomputed hashes to be echoed back by the user-agent’s form, I’ve added dynamic generation of the md5 hash. Rather than write it to a hidden field, we wait until the form is submitted to compute the hash. This prevents spammers from automatically scraping the form, because anyone wanting to submit a comment *must* execute the javascript md5.
This plugin used to be called “Spam Stopgap Extreme.â€? Now it’s been moved to the WP plugins repository under the new name “Wordpress Hashcash.â€? All future development will take place through the plugins repository.
New Features:
  • Log and emailing of spam, for your records
  • Client-side hash required.
  • The “Keyâ€? is hashed once before output to the html form–so spammers can’t make sense of it, and then hashed on the client side, again.
  • The “Keyâ€? is now a time-dependent, visitor dependent hash, for more variability. You can’t just compute the right md5 once, because it’s always changing.
  • Failure to compute the md5 hash results in a 1 minute timeout penalty. "

Expect a release before week end...But I must also inform Arthur Konze first for a feedback
Then I will add the same code in login page (because generizing the code),in order  to avoid brute forcing password in admin login page....and in guestbook (because I was spammed many times last week)