February 14, 2006

Added simple comment spam protection

I've added simple comment spam protection to my bblog. Hopefully it will keep the spam bots from getting comments in that I need to moderate. I'll put installation instructions below.

First, we have to determine if your system supports FreeType fonts in GD or not. Do do that, download http://FuguTabetai.com/phptest.txt and put that on the root of your server's html files. Change the name to phptest.php, and go to that URL (change permissions to make it world readable, or at least readable by your apache process.) Check the section about "gd" and see whether you have FreeType support enabled. For example, I have "FreeType support: enabled, FreeType linkage: with freetype, FreeType version: 2.1.4". If you have FreeType, great. If not, you have to use the GD fonts version. Now download either http://fugutabetai.com/randomImage.txt if you have FreeType, or http://FuguTabetai.com/randomImageNoDG.txt if you do not, and put that on your sever. It can go anywhere, but I recommend the root of your html directory. Change the file to randomImage.php (I named it .txt so the server wouldn't interpret it.) In both cases, look through the file, and if you are using GD be sure to change the path to the .ttf file to one that exists on your server.

Now we have to make changes to two bBlog files. Open up

and search for the lines
                $fromtime = $now - (C_COMMENT_TIME_LIMIT * 60);
                $this->query("select * from ".T_COMMENTS." where ip='$remaddr' and posttime > $fromtime");
                if($this->num_rows >0) {
                        $this->standalone_message("Comment Flood Protection", "Error adding comment. You have tried to make a comment too soon after your last one. Please try again later. This is a bBlog spam prevention mesaure");

After that, add this code:
if (md5($_POST['verification']) != $_SESSION['image_random_value']) {
          $this->standalone_message("Spam prevention", "There was an error verifying the characters from the image and the characters you typed in.  Please try again.");

That is it for that file. Basically, the randomImage.php program generates an image with 8 random characters on it, and sets the session variable "random_image_value" to the md5 hash of the random characters. The bBlog.class.php file checks to make sure that the md5 hashes match on a new comment post, and errors out if not.

Now we have to add the comment fields into our post templates. Find the

file for your template and a nice place to insert this code:
<div class="clear">&nbsp;</div>
<div class="formleft"><img src="/randomImage.php" alt="verification image"><br>Image verification:</div>
<div class="formright"><input name="verification" type="text" id="verification" /></div>

I put it after the website, and before the comment. Test things out. You should be golden.

There are some things you can (and should!) change around in the randomImage.php file. You have to give it the location of a good ttf file. I've only got some Japanese fonts installed that I doubt anyone here would have. Also, you can change colors, sizes, etc. Let me know if there are any questions, and I hope that this helps.

If no text shows up and you are using the FreeType version, check to make sure that the path to the font exists on your system. You should also try the GD version and see if that produces any output. If you have any questions, feel free to comment here, or drop me a line. You should also check out the post over on the bblog.com forums, since that is most likely more active: Bblog.com forums discussion of adding image verification to comments.


Provide your email address when commenting and Gravatar will provide general portable avatars, and if you haven't signed up with them, a cute procedural avatar with their implementation of Shamus Young's Wavatars.

Re: Added simple comment spam protection
It will not work for me. It always says "There was an error verifying the characters from the image and the characters you typed in. "
Posted 18 years, 9 months ago by Steve Finlay • @wwwReply

Comments have now been turned off for this post