Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: Preventing Comment Spam

  1. #1
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469

    Preventing Comment Spam

    As you regulars know I love to write code and I do alot of it. I am however stumped on a SIMPLE and effective method to stop comment spam. I have been looking all over the internet for about the last 2 hours doing reading on it and dont see any really good and EASY to implement solution for comment spam. Keep in mind im not using wordpress or any other prebuilt blogging system. I am just looking for some simple way to obfuscate or block those lame-o spammers.

    Feedback with links? Thanks Guys and Gals!

  2. #2
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    ok so i have come up with a solution and am testing it. I will also post the results when im done.

  3. #3
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    Ok so I have my new comment system setup. Took 15minutes. You can see it in action here http://www.ultimate-fighter.ca/ufc-fighter.php?id=1 on my new "quickie" site.

    Basically what I have done is REMOVED the part of the form that processes the comment. Normally to process a post in php you assign it an action. Would look like this.

    PHP Code:
      <form id="add_post" name="add_post" method="POST" action="<? ACTION HERE ?>">
    In my case I left the action portion blank. Which means you cant submit the form. THEN I added a jscript function that will add in the action if you are using a browser. The concept? If you are using a scrapper or those idiot bots that dont run jscript, you can not spam my site, but users can post comments with no headaches.

    So basically if your a scraper you have no ability to submit my form, if your a user in a browser you can submit the form no problem. Will let you know in a few days how well it works

  4. #4
    Going strong! Kings's Avatar
    Join Date
    Aug 2003
    Posts
    61
    That won't work. It's possible to leave the action attribute empty (like you have), but any browser and probably any spider/bot will automatically default to the current page. Your form handler script needs to be a different script then.

    Another problem is that those who don't have JS enabled won't be able to use your form. Minor problem, but it could still lead to frustration among certain visitors.

    The easiest solution is probably to simply use blacklists, e.g. a moderation blacklist (any comments that match it will be held back for moderation) and a delete blacklist (any comments that match it will be immediately deleted).

    Have a look at WordPress to see how they handle it.
    Dennis Pallett

  5. #5
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    The blacklist fix is not a good fix, its only as good as how often you update it. I started with wordpress in my research.

    You sure that the programs that do the spamming can read jscript? I did alot of reading and the consensus is they can not. Good idea on including the jscript in an external file that is an easy update. You think that would work?

    The small portion of people using browsers that dont support javascript I am willing to bear Thanks for the response.

  6. #6
    Future AstonMartin driver r2d2's Avatar
    Join Date
    Dec 2003
    Location
    UK
    Posts
    1,608
    What about using one of those image things where you have to type in the letters in the (slightly obscured) image?

  7. #7
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    absolutely i was just looking for the simplest method. This implementation took me about 1min.

  8. #8
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    Hopefully somebody can followup on the javascript option. Its a great option just looking for feedback on if anyone is doing it annd more importantly if it works.

    I just updated my comment system and turned it into a full blown forum system. For those looking at the link getting confused Never wrote a forum before so decided to do a simple one.

  9. #9
    Senior Member AndyH's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    553
    Simple for you or for the visitor?

    I think you should just add a captcha.
    New website released. ya rly!

  10. #10
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    Both, easy for me and easy for my readers. Captcha is fun and all but its an added annoyance for readers and it would seem you can do what needs to be done with jscript. surely some of the sharper minds here have done it and more

    Jscript is a very seemless and non-obtrusive method and it would seem it does work from my research but KINGS has hit on a good point and if hes right jscript is useless in this application as i described it.
    Last edited by Emancipator; 04-24-2006 at 07:04 PM.

  11. #11
    Chronic Entrepreneur
    Join Date
    Nov 2003
    Location
    Tulsa, Oklahoma, USA
    Posts
    1,112
    If it's useless in your application because your form is submitting the form to the same page the form is on then just change your approach a little. Instead of using JS to hide your form action, add an extra form element and use JS to hide that:

    Code:
    <input type=hidden name=submitCheck value=1 />
    Then have your php code that processes the form check if isset($_POST['submitCheck']).

    I don't think that most crawlers and bots can process javascript, but I think that more and more will begin to have the ability to process at least simple document.write statements to get around things like this. If you want to be extra careful take the javascript you use to output the hidden form element and obfuscate it a little to confuse any bots that look for document.write outputs:

    Code:
    third='k value=1'
    second='n name=submitChec'
    other='klaslkdfas'
    first='<input type=hidde'
    out=first + second + third
    document.write(out + '>')
    Last edited by Westech; 04-25-2006 at 10:39 AM. Reason: fixed missing quote in the JS code

  12. #12
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    thanks westech jump on MSN so I can harass you with a couple questions. You have taken my idea and made it so it works! I just wanna pick your astute javascripting brain!

  13. #13
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    Thanks Kings nad Westech I now got it all sorted out in my muddled head and we will see how well it works.

  14. #14
    mastermind michael_gersitz's Avatar
    Join Date
    Aug 2003
    Location
    Buffalo
    Posts
    749
    Your way people can still automatically submit spam. I have done a few to try and stop it. I ended up having to approve all comments by hand.

    1. is to disallow http://www. in my comments boxes with javascript.
    2. Only allow a certain amount of characthers
    3. Since you have got the bots out of the way, use the php function to just print the code, and not allow html in the comments. This will deter people from posting spam manually.
    4. If all else false, add a hidden field to throw the comment into a queue and manually approve each one.
    5. Do what westech said..

  15. #15
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    Michael we will see if bots still spam but I stand by the method. With the changes that westech and king have pointed out and I have implemented I feel very confident that I wont be seeing the mass spam. You can never 100% eliminate spam but Westech and Kings methodology is sound and I think will work. We will see in about 30days how much spam I get from it. Westechs variation on my implementation is ingenius and from what I have been reading will work wonders.. but the proof is in the pudding and in about 30days we will see.

    At the end of the day you will still have some idiot who comes by to manually spam. That is not something I am concerned about. Its the bots that hit my sites and submit hundreds of daily comment spam I am contending with.

    Kudos again to Westech and Kings for helping out on this.
    Last edited by Emancipator; 04-26-2006 at 06:11 AM.

Similar Threads

  1. Using a SIMPLE match equation Eliminated Comment Spam
    By ! search-engines- in forum General Management Issues
    Replies: 0
    Last Post: 02-13-2006, 07:53 PM
  2. Email Spam Protection
    By Blue Cat Buxton in forum Web Hosting & Servers
    Replies: 0
    Last Post: 06-24-2005, 03:47 AM
  3. How to remove SPAM in my website?
    By minutesloaded in forum General Management Issues
    Replies: 6
    Last Post: 02-09-2005, 03:14 PM
  4. Lots of Spam
    By Dan in forum General Chat
    Replies: 5
    Last Post: 10-19-2004, 10:00 AM
  5. Over 100 Arrested in U.S. Spam Crackdown
    By mobilebadboy in forum Internet Industry News
    Replies: 23
    Last Post: 10-09-2004, 12:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •