redemption in a blog
Rails, Firefox, Anime, Mac – Still working on the blog theme!
Simple anti-comment spam measure
In: Blogging| Web development
5 Nov 2004Thanks to Patrick Strang who pointed me to Steven Geen’s simple anti-comment spam measure for MovableType, I managed to stem the current flow of “Please approve this comment” emails flooding my inbox. This has been happening since last Saturday! Argh! Why are they doing this even when everything goes into the moderation queue?
Anyway, it’s so simple to get this into WordPress – just edit wp-comments.php and wp-comments-post.php to add the field to the comment form (see below) and die() when the correct “letter of the day” isn’t entered. (Though die()ing isn’t the most elegant way, but WordPress does this for the other fields as well.)
Check out the comment form if the picture above is too small. Sorry to have to put you commentors through this, but it’s really for my sanity. At least it isn’t one of those randomly-generated graphical thingies that really ensures you are human (or an equivalent intelligent lifeform).
Categories
Archives
- June 2009
- March 2009
- November 2008
- September 2008
- August 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- July 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
- April 2004
- March 2004
- February 2004
- January 2004
- December 2003
- November 2003
- October 2003
- September 2003
- August 2003
- July 2003
- June 2003
- May 2003
14 Responses to Simple anti-comment spam measure
Tijs
November 5th, 2004 at 6pm
Why not simply rename wp-comments-post.php? solves you problem right away without bothering any of your visitors…
Cheah Chu Yeow
November 5th, 2004 at 6pm
Well, that is a good idea, but I doubt it will solve the problem since spammers seem to be hitting me by actually posting. At least, that’s what my access logs seem to tell me. Or maybe I’m totally off-base. I’ll find out for sure if and when another steady stream of comment spam arrives. I’m pretty sure this is only stop-gap. If it gets worse, I’ll get down to business ;).
Terry Orio
November 5th, 2004 at 7pm
Isn’t this better? http://james.seng.cc/archives/000145.html
nick
November 5th, 2004 at 9pm
I just renamed the file and then edited the one of the other comment files to go along with the renamed file and that solved ALL my problems.
test
November 5th, 2004 at 9pm
test
Bernie Zimmermann
November 5th, 2004 at 10pm
Another thing to keep in mind is that for a popular site like yours, spammers might be willing to do a quick scrape of your source to determine what the “letter of the day” is before they automatically fill out your form and post. I think this is why using a graphic might be more appropriate. A spammer then has to either look at the graphic, or figure out what your naming scheme is for the images you use for the “letters of the day.”
I’ve been thinking about options to use on my site (yes, even though it’s not very popular and I use my own CMS I still get spammed) and have yet to decide on anything definitive. I’m leaning toward creating a bunch of graphics that contain random words (not as predictable as the 26 letters of the alphabet) and having the commenter type the word in a text field. Once a month or so I could then rename the files and update my authentication accordingly so I can always keep the spammers guessing.
Believe it or not, the work involved would be much less time consuming than scouring my blog for spam and then removing it.
minghong
November 6th, 2004 at 12am
If the spammer program is smart enough, it can get the XHTML file, then get the “secret letters” by using something like DOM.
Of course little spammer programs will do so…
Patrick
November 6th, 2004 at 1am
When it was at its worst I got 10-16 spam comments a day from spam robots. But since I installed the extra text field I haven’t received any. So far it’s working – the day it gets defeated I’ll probably enhance it further.
CarLBanks
November 8th, 2004 at 10pm
I like this idea.
CarLBanks
November 8th, 2004 at 10pm
Hmm it’s giving me the wrong letter in the error message. It’s telling me today’s anti-spam letter is R but the error message says please put in C.
CarLBanks
November 8th, 2004 at 10pm
Sorry for triple commenting but what code do I add?
Nathan Wong
November 10th, 2004 at 11am
My goal: Keep my site completely reader-less so that nobody spams it. Yay! :) Working well so far.
CarLBanks
December 17th, 2004 at 5am
What do I add back again? I accidentlly overwrote comments-post.php and now spam is rampant again.
fernando
December 19th, 2004 at 8am
I adore this hack!
However, it’s admiration from a far…
can you write up ecatly what code you added where? i, for one, and definitely too stupid to figure out what to do exactly…
and yet, the solution is exquisite and i would seriously dig having it on my site instead of the fiercer measures which can inadvertantly ban people who are only trying to add something.