Jump to content

How to prevent spamming from a custom blog


svgmx5

Recommended Posts

Hey everyone i have a custom blog on my site that i developed and i'm trying to figure out how to prevent random spammers from inserting spam comments into it. Right now i don't require anyone to be a member to comment on it, but i'm thinking about it.

 

I was just wondering if anyone knew any way so i could prevent this, aside from having a captcha added to it.

 

Thanks!

Link to comment
Share on other sites

hmm....you made a custom blog all by yourself and you don't know how to add moderation to it?  Or by "custom" do you mean like changing the styling of a 3rd party blog...

 

Add a column in your db, simple boolean column.  All posts start out with a 0.  When displaying the comments, only select where column != 0.  Then periodically check your db for 0's and review the posts, change it to 1 or something if it's not spam.  Or write a script to display all posts where column = 0 and a checkbox next to ones to check for approve.  update table to change the ones you selected to 1. 

 

You could also add captcha and/or honey pots to your comment form to help kill off the spambots. 

Link to comment
Share on other sites

no i didn't customize or tweek a 3rd party blog, i made it custom, i just wan't sure how to exactly do the moderation.

 

What you said was what i kinda had in mind, but wasn't completely sure if that was the best way to do it. Thanks though

Link to comment
Share on other sites

What I do to stop it is:

 

1. Add a captcha to the page

2. Then parse $_SERVER['HTTP_ACCEPT'] and deny anyone with the wrong information.

 

This has worked for me, I used to get about 150 spam comments a day, and now I don't get any spam, only comments from real people!

 

Another thing to do is to make a time stamp. For example:

 

the form

<?php
session_start();
$_SESSION['stamp'] = time();
?>
<form action="somepage.php" method="post">
<input type="hidden" name="stamp" value="<?php echo $_SESSION['stamp'];?>" />
<textarea name="comment"></textarea>
<input type="submit" value="Save!" />
</form>

 

the processing page

<?php
session_start();
if($_SESSION['stamp'] == $_POST['stamp']){
   // They probably came from the form
}else{
   // The probably didn't come from the form
}
?>

 

That has also helped stop spam!

Link to comment
Share on other sites

It think some Bots send POST to your website,  without even actually visiting your site.

Put a Nonce in your comment form too, save the nonce in a hidden field, and also  the browser session.

That forces the bot to least visit your page. Its also good practice for pretty much everything to prevent Cross Site Request Forgery.

 

When you get a post do,

if($_POST['nonce'] != $_SESSION['nonce']){

   $error['nonce'] = "Oops your nonce did not match";
}

 

Link to comment
Share on other sites

Obviously (well hopefully) nonce has a differnt meaning in your corner of the world  :wtf:

 

:wtf: Well it stands for number used once

http://en.wikipedia.org/wiki/Cryptographic_nonce

 

Most web application software use these extensivly in once or another to prevent CSRF.

A very simple CRSF example would be if I put  on this forum in a img tag, the logout url.. You view the page, the img tags loads the logout url.. Now your logged out. Request forgery in its most simple form. But you'll see the logout link on the forum has a nonce, but at one time, on forums, they didn't and people abused this as a joke. Or put links like Click here i will hack you!.  :D

Link to comment
Share on other sites

[ot]Oh I'm well aware what you meant, just never heard it called a nonce before. I've always just called it a form hash value or similer.

 

I remember back when I used to play Counter-Strike, people used to say "Press F12 for free money". Ten seconds later the servers half empty because a bunch of new players didn't realise F12 was the shortcut for quit and actually believed they'd get free money. *sigh*[/ot]

Link to comment
Share on other sites

Compare and contrast:

 

Add a column in your db, simple boolean column.  All posts start out with a 0.  When displaying the comments, only select where column != 0.  Then periodically check your db for 0's and review the posts, change it to 1 or something if it's not spam.  Or write a script to display all posts where column = 0 and a checkbox next to ones to check for approve.  update table to change the ones you selected to 1. 

 

You could also add captcha and/or honey pots to your comment form to help kill off the spambots. 

 

Just have a column in your comment table called is_approved. Set the default to 0, and only select comments where is_approved = 1. Then give admin access the ability to set comments as approved. You could use a captcha too.

Link to comment
Share on other sites

Just thought of something. You could have a field in the database that says whether or not the post has been manually verified by an admin. Then you can just check the unverified posts regularly.

 

Oh you!

 

Seriously, I was too drunk to read the replies so I just posted it thinking "why not, surely the admins and mods won't get too annoyed if I post a solution that has already been brought up by somebody else".

Link to comment
Share on other sites

I was just thinking. If you could somehow create an image (images can't be read easily by bots) that shows random characters. Then save those same characters in a session variable and ask the end user to input what he or she seen in the image?

 

That's a clever idea! We could call it Completely Automated Public Turing test to tell Computers and Humans Apart!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.