February 14, 2006

Added simple comment spam protection

I've added simple comment spam protection to my bblog. Hopefully it will keep the spam bots from getting comments in that I need to moderate. I'll put installation instructions below.

First, we have to determine if your system supports FreeType fonts in GD or not. Do do that, download http://FuguTabetai.com/phptest.txt and put that on the root of your server's html files. Change the name to phptest.php, and go to that URL (change permissions to make it world readable, or at least readable by your apache process.) Check the section about "gd" and see whether you have FreeType support enabled. For example, I have "FreeType support: enabled, FreeType linkage: with freetype, FreeType version: 2.1.4". If you have FreeType, great. If not, you have to use the GD fonts version. Now download either http://fugutabetai.com/randomImage.txt if you have FreeType, or http://FuguTabetai.com/randomImageNoDG.txt if you do not, and put that on your sever. It can go anywhere, but I recommend the root of your html directory. Change the file to randomImage.php (I named it .txt so the server wouldn't interpret it.) In both cases, look through the file, and if you are using GD be sure to change the path to the .ttf file to one that exists on your server.

Now we have to make changes to two bBlog files. Open up

BBLOG/inc/bBlog.class.php
and search for the lines
Code:
if(C_COMMENT_TIME_LIMIT >0) {
                $fromtime = $now - (C_COMMENT_TIME_LIMIT * 60);
                $this->query("select * from ".T_COMMENTS." where ip='$remaddr' and posttime > $fromtime");
                if($this->num_rows >0) {
                        $this->standalone_message("Comment Flood Protection", "Error adding comment. You have tried to make a comment too soon after your last one. Please try again later. This is a bBlog spam prevention mesaure");

                }
        } 
After that, add this code:
Code:
if (md5($_POST['verification']) != $_SESSION['image_random_value']) {
          $this->standalone_message("Spam prevention", "There was an error verifying the characters from the image and the characters you typed in.  Please try again.");
        } 

That is it for that file. Basically, the randomImage.php program generates an image with 8 random characters on it, and sets the session variable "random_image_value" to the md5 hash of the random characters. The bBlog.class.php file checks to make sure that the md5 hashes match on a new comment post, and errors out if not.

Now we have to add the comment fields into our post templates. Find the

post.html
file for your template and a nice place to insert this code:
Code:
<div class="clear">&nbsp;</div>
<div class="formleft"><img src="/randomImage.php" alt="verification image"><br>Image verification:</div>
<div class="formright"><input name="verification" type="text" id="verification" /></div>

I put it after the website, and before the comment. Test things out. You should be golden.

There are some things you can (and should!) change around in the randomImage.php file. You have to give it the location of a good ttf file. I've only got some Japanese fonts installed that I doubt anyone here would have. Also, you can change colors, sizes, etc. Let me know if there are any questions, and I hope that this helps.

If no text shows up and you are using the FreeType version, check to make sure that the path to the font exists on your system. You should also try the GD version and see if that produces any output. If you have any questions, feel free to comment here, or drop me a line. You should also check out the post over on the bblog.com forums, since that is most likely more active: Bblog.com forums discussion of adding image verification to comments.


Comments

Provide your email address when commenting and Gravatar will provide general portable avatars, and if you haven't signed up with them, a cute procedural avatar with their implementation of Shamus Young's Wavatars.

Re: Added simple comment spam protection
I should find a better truetype font that makes the distinction between 0 and O more clear.
Posted 14 years, 6 months ago by Fugu Tabetai • • wwwReply
Re: Added simple comment spam protection
oh wow! what a simple way to implement a catchpa. You are my hero! Thankyou!
Posted 14 years, 6 months ago by titanium • • wwwReply
where to put randomImage.php
You can put randomImage.php wherever you want on your website. I put it at the root of my site, since I also use it for another application. Also, I just realized that the "instrcutions" here don't show up because the code was stripped when posting. :P
Posted 14 years, 6 months ago by Fugu Tabetai • • wwwReply
Re: Added simple comment spam protection
Thanks for this - excellent work!
Posted 14 years, 5 months ago by Keane • • wwwReply
Re: Added simple comment spam protection
If you are running Debian Sarge, the path is different for your fonts. Line 33 in randomImage.php needs to be changed to:

/usr/share/fonts/truetype/ttf-bitstream-vera/Vera.ttf"

or it won't work. :)
Posted 14 years, 4 months ago by pol • • wwwReply
Re: Added simple comment spam protection
Thanks a lot as well. I almost went crazy with the amount of spam I got.
Posted 14 years, 3 months ago by Tyron • • wwwReply
Re: Added simple comment spam protection
Yup. HAd to put mine on "moderation" because of wedoris trying to advertise their ??? on my poor little blog. You'd think spammers would have better targets than us, wouldn't you?
Posted 7 years, 8 months ago by Israel • @wwwReply
Re: Added simple comment spam protection
Thanks for the Script :) I add it to my MiniChat and my blog
Posted 14 years, 3 months ago by Vecnix • @wwwReply
Re: Added simple comment spam protection
It will not work for me. It always says "There was an error verifying the characters from the image and the characters you typed in. "
Posted 14 years, 1 month ago by Steve Finlay • @wwwReply
Re: Added simple comment spam protection
Nice code !
Posted 12 years, 10 months ago by Jennifer • @wwwReply
Re: Added simple comment spam protection
Thanks, works great
Posted 12 years, 5 months ago by David • • • Reply
Re: Added simple comment spam protection

Posted 12 years, 5 months ago by Anonymous • • • Reply
Re: Added simple comment spam protection
I've made the field values sticky so that if there is an error in matching the image verification picture, the values in the fields are not lost. See the post for more details.

Many thanks to Andy for encouraging me to get off my booty and fix this problem.
Posted 12 years, 3 months ago by FuguTabetai • @wwwReply
Re: Added simple comment spam protection
This is a test of the Emergency Broadcast system. this is only a test.
Posted 12 years, 3 months ago by me • @wwwReply
Re: Added simple comment spam protection
This is a "test."
Posted 12 years, 3 months ago by me • @wwwReply
Re: Added simple comment spam protection
good post..
nice job
kabonfootprint
Posted 11 years, 8 months ago by kabonfootprint • @wwwReply
Re: Added simple comment spam protection
interesting ....post
a lot of info
Posted 11 years, 7 months ago by 100ice Community • @wwwReply
Re: Added simple comment spam protection
would saved to rss list, thanks
Posted 11 years, 2 months ago by Kampanye Damai • @wwwReply
Re: Added simple comment spam protection
thanks for this snipped. I will install it asap on my blog.
Posted 3 weeks, 3 days ago by Discount Golf Clubs • @wwwReply
Re: Added simple comment spam protection
I tried and this is no working fine :(
Posted 10 years, 11 months ago by Intero • @wwwReply
Re: Added simple comment spam protection
vote. It is held in Afghanistan Tiffany Braceletsince the Tiffany Earringstaliban's second presidential Tiffany ringselection.Tiffany jewellers Xinhua/new methodAfghanistan's Tiffany jewelrypresidential election 20.Tiffany jewellery The poll, incumbent PresidentTiffany silver hamid karzai's ghdpopularity than rivals, GHD Darkreelection - ghd straightenersrisk.Besides,ghd hair straighteners this campaign has won ghd hair stylerthree Cheap GHDaspect, a "safeGHD pure", "terrorism", three redquin is GHD kiss"democracyGHD MK4 Black".See first GHD MK4 Pink"safe". The GHD MK4 Goldinternational GHD Purplesociety is concerned don ed hardyand security situationed hardy shoes in Afghanistan elections. Depending ed hardy apparelon the current situationed hardy men of American more for Afghaned hardy women's securityed hardy bag globally vane.Situation ed hardy tshirtis not optimisticugg boots. In the first uggshalf of thiswholesale ugg boots year, the data showedugg sheepskin boots that died in china wholesaleviolence wholesale digital camerasin the numbermp4 watches of AfghanWholesale Mp4 civilians 20% wholesale t shirtsincrease over Wholesale handbagsthe same month wholesale clothinglast year,Wholesale jewelry NATO's international wholesalesecurity assistance forceWholesale Jewelry, July is only 75 soldier diedWholesale fashion jewelry from terrorist attackWholesale costume jewelry, A few days ago, the election of the number of terrorist attacks in Afghanistan since from daily average 48 to 32.
Posted 10 years, 7 months ago by qqq • @wwwReply
Re: Added simple comment spam protection
v louis vuitton

[url=http://www.flashreplica.com]louis vuitton[/url] OK
Posted 10 years, 5 months ago by lv • @wwwReply
Re: Added simple comment spam protection
That's so great! Nice code! thanks a lot!
Posted 10 years, 5 months ago by tattoo ideas • @wwwReply
Re: Added simple comment spam protection
That's so great!Too!
Posted 10 years, 5 months ago by Metin2 Yang • @wwwReply
Re: Added simple comment spam protection
Hello!
Posted 10 years, 5 months ago by avom • • wwwReply
NIKE DUNKS
thanks as well!
Posted 6 days, 15 hours ago by nike dunk sb • @wwwReply
Re: Added simple comment spam protection
Nice one! I been looking for this ages now!!
Posted 8 years, 7 months ago by Cool • @wwwReply

Comments have now been turned off for this post