Comment Spam - Solved!

Here's what I did to stop the evil bots from spamming me via the comments form.

Step #1
Add a hidden field into your template's comment form (usually found in image.php), for example;

``

Step #2
At the top of your main index page (not the templates index page), add the following line at the top before anything else;

`<?php if(@$_POST['comment'] && @!$_POST['matt_spamkiller']) die(); ?>`

Done!
This has stopped all comment spam on my website.

Cheers,
Matt

Comments

  • I would have modified addComment function to reject the comment using "normal" way.
  • trisweb Administrator
    This is only a temporary fix - spambots may check for such things as hidden fields, it adds only a minor roadblock. But a roadblock nonetheless! If you can figure out an algorithm and pass-between and somehow detect that the comment originator is in fact a human (test typing speed maybe?) perhaps that would work.

    Ooh, I like some of these ideas... perhaps I'll try implementing them myself...
  • Speed is not a good idea. I can be very fast to write something :) (300 char/min + 10% of defects lol)

    With a special number of <tab> characters, we could use autoit to spam a database... Too easy to perform...

    Nevertheless, you can generate random fields...
    Fields' names are stored in the database, a key is created in a session's array ($key, $image_name). After usage, database and session are cleaned up.

    Random fields can be used only one time by one client...

    But that would not block a bot which submits correctly the form... (just use autoit to discover how easy it is to do it)
  • titou Member
    There are aanother interresting solution against Spam.
    the idea is to put an empty input fields and hide him in CSS.

    When you register the comment, if this field is not empty then it's a spam bot...

    You can find an article on this page :
    http://www.rustylime.com/show_article.php?id=338

    Sorry for my bad english, i need to improve it !
  • It would need two parts:
    - ensure that the field has been submitted
    - ensure that the field is empty
    More over, it won't be efficient against automation tools that would simulate normal viewing and submitting actions...
  • trisweb Administrator
    It is still a decent idea though, and could be used in combination with a randomized field and Akismet content filtering (the only real solution, in my opinion).
  • The "hidden" field can be the first thing to check, yes, of course.
    If the field is OK, then an heavy way to check if everything is ok...

    I'd rather use my spamassassin method to check comments :p Ackismet never worked as expected on my gallerry... with spamassassin, 2 things:
    - No spams are inserted at all
    - No spammer try to do it anymore !!! I think they stop trying after several errors...
  • How about designing a system so that no two installation (or almost none) will behave the same way, and to go further even the same installation would behave differently at different time of the day (or each time you access it). So to be able to get the spam through one installation would do nothing against the rest of the installations, and to go further would not even work the next time the spammer tries to submit.

    Though as things stands now, several scripts already works well: Akismet, Spam Karma, Spam Assassin... etc, the only problem is to port and integrate them into Zenphoto - I'm thinking of the long proposed plug-in system.
  • The Akismet hack from GamedudeX is working fine for me. I just tested it by adding code in the class-image.php to mail me each time a spam is caught. I was getting a few comments come through with spam, and about 1/2 day later, it was catching them (which means akismet was catching up with them from their service.)

    This proves the hack works well for me. May not catch everything, but I have yet to find a solution that does. Akismet is the best I've found though so far.

    It will eventually have moderation capabilities, but this assumes edits to core zenphoto code, and database modifications.
  • a good start to stopping the spam is to change the 'name' and 'id' attributes of the email input field to something less obvious than 'email'.

    I wonder if a flash form would stop spam 100%?
  • A flash form would assume that everyone has flash, which some do not (or cannot due to policy restrictions at work), so it may not be in the best interest to put reliance on flash for spam control, as that may make it difficult for some people to fill out forms.
  • You can generate random fields name... Random z-index (it will confuse users !)
    Robots will improve the way they spam. So it's just a temp fix...
Sign In or Register to comment.