Categories

 

January 2006
S M T W T F S
« Dec   Feb »
1234567
891011121314
15161718192021
22232425262728
293031  
« Stephen Harper is Our Next Prime Minister  
  DVD Updates »

Unhappy Blogger

Spammers, you can fuck off and die. Of course, you’re not likely to be reading this since it’s your automated scripts that are doing the dirty work, but the point stands.

I got sick and tired of the comment spam over the past few weeks. I guess once you’ve been identified as using open commenting on a common blog system (in my case, b2evolution) it doesn’t take long before you’re completely inundated. I did a pretty good job of deleting them daily, so you may not have even seen any of the offending posts.

The anti-spam feature of b2evolution turned out to be pretty useless; the central blacklist that we can check against and submit to is a nice idea, but there’s just countless new domains popping up. The next logical measure was to turn off commenting except for registered users (not that anyone is posting legitimate comments nowadays, though). Unbelievably, after much searching in the admin tool and the rest of the Interweb, nothing like this seemed to exist! Even just a simple thing like disabling comments for everyone is only done on a post-by-post basis.

I decided to check out the code myself and luckily enough the changes I wanted were fairly easy to make. So for any other frustrated souls out there, hopefully the following is useful.

The first step was to foil the comment-posting bots. You may have already tried renaming your htsrv directory and some other steps to prevent them from posting directly to the post-handling programs, but even that only works for so long. But either way, make this change to your comment_post.php

if( is_logged_in() )
{ // User is logged in, we'll use his ID
$author_ID = $current_User->ID;
$author = NULL;
$email = NULL;
$url = NULL;
}
else
{	// User is not logged in, we need some id info from him:
// NEW - add error message if not logged in
errors_add( T_('Only registered users may post comments') );
// NEW - comment out everything else if not logged in
/*	$author_ID = NULL;
if ($require_name_email)
{ // Blog wants Name and EMail with comments
if( empty($author) )
errors_add( T_('Please fill in the name field') );
if( empty($email) )
errors_add( T_('Please fill in the email field') );
}
if( (!empty($email)) && (!is_email($email)) )
{
errors_add( T_('Supplied email address is invalid') );
}
 add 'http:' if no protocol defined for URL
$url = ((!stristr($url, '://'))
&& ($url != '')) ? 'http://' . $url : $url;
if( strlen($url) < 7 ){
$url = '';
}
if( $error =
validate_url( $url, $comments_allowed_uri_scheme ) )
{
errors_add( T_('Supplied URL is invalid: ') . $error );
}
*/
}

Really simple! If the user is not logged in, add the error message and comment out the rest (or delete, but it’s nice leaving in the original code for later reference if need be). By flagging the error, this will prevent code later in the file from adding the comment to the database.

It’s been the better part of a week since I made this change, and the spam-free existence has been wonderful!

Now, if you want to be real user-friendly about things, recall that on the default comment page if the person is not logged in they can leave a comment as a ‘Visitor’. If they go to the trouble of typing up a nice long message for you and hit submit, the above change will present them with the new error message. It might be nice to warn them beforehand and not waste their time.

So in this next bit, I’ll describe (the code is too long to copy, paste, & format properly, so just read carefully) a few changes to make to your skins/_feedback.php file. Find the section that begins with

<!-- form to add a comment -->

Move the following

<form action=...
<input type= ....
<input type= ....

a few lines below, to within and above the existing contents of the block that starts with

if( is_logged_in() )
{ // User is logged in:

Then, after this IF-ELSE block is the rest of the HTML for the comment form. Cut everything form form_textarea( ... all the way down to where you find the </form> tag and paste it within the if( is_logged_in() ) block, below what was already there. Finally, within the ELSE portion of the block, comment out or delete what was already there and do something like

else
{ // User is not loggued in:
?>
<div class="bComment"><p>Only registered users may submit comments.
</p></div>
<?php
}

If you still want to allow anonymous comments in some fashion, this is what I did: I created another, dummy, user account and put the login and password info in my message above. It’s a bit more work for the user, but if they’re really against registering then this still gives them the option to post. And if this setup gets abused, it’s easy enough to just delete the dummy account.

Hopefully I’ve described everything clear enough, but if you have any questions then feel free to contact me. I’d be happy to help in your fight against spam.

January 22nd, 2006 | Category: Rants, Tech, Updates

View CommentsUnhappy Blogger

You must be logged in to post a comment.

blog comments powered by Disqus