I'm wondering if any thought has been given to obscuring the URLs of common net-accessible features, like Trackback and Comments, to make it more difficult to automate comment and trackback spamming?
Before anyone knee jerks "security by obscurity!", let me explain my situation and preface the discussion by telling you that attempts to spam my comments and trackbacks account for something in excess of 80% of my site traffic, at the present time. (That figure has increased sharply in august, but it hasn't been below 60% of my traffic in months.) Those attempts are all, without exception, being made by bots that hit pre-constructed URLs like "/trackback/80". The bots are designed to do it that way because, on some systems, that works.
What I'm suggesting is that the path for features like trackback or comments could vary by site -- by install, even. On one install, "trackback" might map to "asdfasd"; on another, to "melvin". That would make the success rate of trackback spambots drop through the floor. (Whether that would matter is another question...)
I suppose it's possible to modify the core codebase to change the names that show up in the URL, but I don't know what the scope would be or what other functions it would break.
