Sputnik 8.01 provides several forms of protection against link spam:
- Simple registration: Users need to create an account to edit the pages, though they can do this by simply logging in with a new user name. This does confuse a lot of spam bots, though.
- Post Tokens: POST requests are only accepted if the agent provides the cryptographic token that is passed to it together with the form. The tokens expire after three hours, which prevents replay attacks.
- Hashed fields and honeypots: The names of fields are hashed in the edit for and additional honeypot fields are edit. The hash depends on the post token. Agents that ignore the labels next to the fields will end up filling values into the honeypots and getting caught because of this.
- **Tracking of Recent Users: Sputnik provides a special RSS feed for edits by users who recently created their accounts. This would include all the spammers, naturally. So, in the worst case, you'll be alerted quickly of a spam attack.
- Per-page permissions: Additionally, you can protect your most important pages by setting [[Permissions|permissions]] on them.