diff --git a/bbs/ajax.comment_token.php b/bbs/ajax.comment_token.php
new file mode 100644
index 000000000..c90b09b9e
--- /dev/null
+++ b/bbs/ajax.comment_token.php
@@ -0,0 +1,14 @@
+<?php
+include_once('./_common.php');
+include_once(G5_LIB_PATH.'/json.lib.php');
+
+$ss_name = 'ss_comment_token';
+
+set_session($ss_name, '');
+
+$token = _token();
+
+set_session($ss_name, $token);
+
+die(json_encode(array('token'=>$token)));
+?>
\ No newline at end of file
diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php
index d370e625a..e791eb0e6 100644
--- a/bbs/write_comment_update.php
+++ b/bbs/write_comment_update.php
@@ -3,6 +3,11 @@ define('G5_CAPTCHA', true);
 include_once('./_common.php');
 include_once(G5_CAPTCHA_PATH.'/captcha.lib.php');
 
+// 토큰체크
+$comment_token = trim(get_session('ss_comment_token'));
+if(!trim($_POST['token']) || !$comment_token || $comment_token != $_POST['token'])
+    alert('올바른 방법으로 이용해 주십시오.');
+
 // 090710
 if (substr_count($wr_content, "&#") > 50) {
     alert('내용에 올바르지 않은 코드가 다수 포함되어 있습니다.');
diff --git a/js/common.js b/js/common.js
index d20942579..4877b7c5b 100644
--- a/js/common.js
+++ b/js/common.js
@@ -546,6 +546,26 @@ function font_resize(id, rmv_class, add_class)
     set_cookie("ck_font_resize_add_class", add_class, 1, g5_cookie_domain);
 }
 
+/**
+ * 댓글 수정 토큰
+**/
+function set_comment_token(f)
+{
+    if(typeof f.token === "undefined")
+        $(f).prepend('<input type="hidden" name="token" value="">');
+
+    $.ajax({
+        url: g5_bbs_url+"/ajax.comment_token.php",
+        type: "GET",
+        dataType: "json",
+        async: false,
+        cache: false,
+        success: function(data, textStatus) {
+            f.token.value = data.token;
+        }
+    });
+}
+
 $(function(){
     $(".win_point").click(function() {
         win_point(this.href);
diff --git a/mobile/skin/board/basic/view_comment.skin.php b/mobile/skin/board/basic/view_comment.skin.php
index 4640365e4..ce49cf92a 100644
--- a/mobile/skin/board/basic/view_comment.skin.php
+++ b/mobile/skin/board/basic/view_comment.skin.php
@@ -250,6 +250,8 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
 
         <?php if($is_guest) echo chk_captcha_js(); ?>
 
+        set_comment_token(f);
+
         document.getElementById("btn_submit").disabled = "disabled";
 
         return true;
diff --git a/mobile/skin/board/gallery/view_comment.skin.php b/mobile/skin/board/gallery/view_comment.skin.php
index 4640365e4..ce49cf92a 100644
--- a/mobile/skin/board/gallery/view_comment.skin.php
+++ b/mobile/skin/board/gallery/view_comment.skin.php
@@ -250,6 +250,8 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
 
         <?php if($is_guest) echo chk_captcha_js(); ?>
 
+        set_comment_token(f);
+
         document.getElementById("btn_submit").disabled = "disabled";
 
         return true;
diff --git a/skin/board/basic/view_comment.skin.php b/skin/board/basic/view_comment.skin.php
index 1169827de..0afc0f6d6 100644
--- a/skin/board/basic/view_comment.skin.php
+++ b/skin/board/basic/view_comment.skin.php
@@ -258,6 +258,8 @@ function fviewcomment_submit(f)
 
     <?php if($is_guest) echo chk_captcha_js();  ?>
 
+    set_comment_token(f);
+
     document.getElementById("btn_submit").disabled = "disabled";
 
     return true;
diff --git a/skin/board/gallery/view_comment.skin.php b/skin/board/gallery/view_comment.skin.php
index 1a46d3b9c..b4b117397 100644
--- a/skin/board/gallery/view_comment.skin.php
+++ b/skin/board/gallery/view_comment.skin.php
@@ -258,6 +258,8 @@ function fviewcomment_submit(f)
 
     <?php if($is_guest) echo chk_captcha_js();  ?>
 
+    set_comment_token(f);
+
     document.getElementById("btn_submit").disabled = "disabled";
 
     return true;
diff --git a/theme/basic/mobile/skin/board/basic/view_comment.skin.php b/theme/basic/mobile/skin/board/basic/view_comment.skin.php
index 4640365e4..ce49cf92a 100644
--- a/theme/basic/mobile/skin/board/basic/view_comment.skin.php
+++ b/theme/basic/mobile/skin/board/basic/view_comment.skin.php
@@ -250,6 +250,8 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
 
         <?php if($is_guest) echo chk_captcha_js(); ?>
 
+        set_comment_token(f);
+
         document.getElementById("btn_submit").disabled = "disabled";
 
         return true;
diff --git a/theme/basic/mobile/skin/board/gallery/view_comment.skin.php b/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
index 4640365e4..ce49cf92a 100644
--- a/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
+++ b/theme/basic/mobile/skin/board/gallery/view_comment.skin.php
@@ -250,6 +250,8 @@ var char_max = parseInt(<?php echo $comment_max ?>); // 최대
 
         <?php if($is_guest) echo chk_captcha_js(); ?>
 
+        set_comment_token(f);
+
         document.getElementById("btn_submit").disabled = "disabled";
 
         return true;
diff --git a/theme/basic/skin/board/basic/view_comment.skin.php b/theme/basic/skin/board/basic/view_comment.skin.php
index 23a29b17a..265b223dd 100644
--- a/theme/basic/skin/board/basic/view_comment.skin.php
+++ b/theme/basic/skin/board/basic/view_comment.skin.php
@@ -258,6 +258,8 @@ function fviewcomment_submit(f)
 
     <?php if($is_guest) echo chk_captcha_js();  ?>
 
+    set_comment_token(f);
+
     document.getElementById("btn_submit").disabled = "disabled";
 
     return true;
diff --git a/theme/basic/skin/board/gallery/view_comment.skin.php b/theme/basic/skin/board/gallery/view_comment.skin.php
index ae8515d92..d2a83cd43 100644
--- a/theme/basic/skin/board/gallery/view_comment.skin.php
+++ b/theme/basic/skin/board/gallery/view_comment.skin.php
@@ -258,6 +258,8 @@ function fviewcomment_submit(f)
 
     <?php if($is_guest) echo chk_captcha_js();  ?>
 
+    set_comment_token(f);
+
     document.getElementById("btn_submit").disabled = "disabled";
 
     return true;