Webmention Abuse

by joeld

15 thoughts
last posted Oct. 21, 2014, 4:33 p.m.

6 earlier thoughts

0

From the current spec:

  • The verification process SHOULD be queued and processed asynchronously to prevent DDoS attacks.
  • Receivers SHOULD moderate Webmentions, and if a link is displayed back to the source, SHOULD link to source with rel="nofollow" to prevent spam.
  • Receivers MAY periodically re-verify webmentions and update them.
  • If a receiver chooses to publish data it picks up from source, it should ensure that the data is encoded and/or filtered to prevent XSS and CSRF attacks.

This is well and good as far as it goes, but it's not enough to keep abuse from potentially sinking the whole thing in the not-too-distant future.

created Sept. 28, 2014, 4:29 a.m.

8 later thoughts

Keyboard Help

Keyboard navigation

  • ? This help dialog
  • c Compose a new Thought
  • g Compose a new General Thought
  • j or View previous card in stream
  • k or View next card in stream
  • p View card details in presentation mode
  • s Go to stream detail from card detail
  • ctrl + enter Publish card currently being created
  • alt + enter Save card in draft status that is currently being created.
  • esc Close an open modal