Added simple comment spam protection

I’ve added simple comment spam protection to my bblog. Hopefully it will keep the spam bots from getting comments in that I need to moderate. I’ll put installation instructions below.

First, we have to determine if your system supports FreeType fonts in GD or not. Do do that, download and put that on the root of your server’s html files. Change the name to phptest.php, and go to that URL (change permissions to make it world readable, or at least readable by your apache process.) Check the section about “gd” and see whether you have FreeType support enabled. For example, I have “FreeType support: enabled, FreeType linkage: with freetype, FreeType version: 2.1.4”. If you have FreeType, great. If not, you have to use the GD fonts version.

Now download either
if you have FreeType, or if you do not, and put that on your sever. It can go anywhere, but I recommend the root of your html directory. Change the file to randomImage.php (I named it .txt so the server wouldn’t interpret it.) In both cases, look through the file, and if you are using GD be sure to change the path to the .ttf file to one that exists on your server.

Now we have to make changes to two bBlog files. Open up


and search for the lines

                $fromtime = $now - (C_COMMENT_TIME_LIMIT * 60);
                $this->query("select * from ".T_COMMENTS." where ip='$remaddr' and posttime > $fromtime");
                if($this->num_rows >0) {
                        $this->standalone_message("Comment Flood Protection", "Error adding comment. You have tried to make a comment too soon after your last one. Please try again later. This is a bBlog spam prevention mesaure");


After that, add this code:


if (md5($_POST['verification']) != $_SESSION['image_random_value']) {
          $this->standalone_message("Spam prevention", "There was an error verifying the characters from the image and the characters you typed in.  Please try again.");

That is it for that file. Basically, the randomImage.php program generates an image with 8 random characters on it, and sets the session variable “random_image_value” to the md5 hash of the random characters. The bBlog.class.php file checks to make sure that the md5 hashes match on a new comment post, and errors out if not.

Now we have to add the comment fields into our post templates. Find the


file for your template and a nice place to insert this code:


<div class="clear">&nbsp;</div>
<div class="formleft"><img src="/randomImage.php" alt="verification image"><br>Image verification:</div>
<div class="formright"><input name="verification" type="text" id="verification" /></div>

I put it after the website, and before the comment. Test things out. You should be golden.

There are some things you can (and should!) change around in the randomImage.php file. You have to give it the location of a good ttf file. I’ve only got some Japanese fonts installed that I doubt anyone here would have. Also, you can change colors, sizes, etc. Let me know if there are any questions, and I hope that this helps.

If no text shows up and you are using the FreeType version, check to make sure that the path to the font exists on your system. You should also try the GD version and see if that produces any output. If you have any questions, feel free to comment here, or drop me a line. You should also check out the post over on the forums, since that is most likely more active: forums discussion of adding image verification to comments.







23 responses to “Added simple comment spam protection”

  1. Fugu Tabetai Avatar

    I should find a better truetype font that makes the distinction between 0 and O more clear.

  2. titanium Avatar

    oh wow! what a simple way to implement a catchpa. You are my hero! Thankyou!

  3. Fugu Tabetai Avatar

    You can put randomImage.php wherever you want on your website. I put it at the root of my site, since I also use it for another application. Also, I just realized that the “instrcutions” here don’t show up because the code was stripped when posting. ๐Ÿ˜›

  4. Keane Avatar

    Thanks for this – excellent work!

  5. pol Avatar

    If you are running Debian Sarge, the path is different for your fonts. Line 33 in randomImage.php needs to be changed to:


    or it won’t work. ๐Ÿ™‚

  6. Tyron Avatar

    Thanks a lot as well. I almost went crazy with the amount of spam I got.

  7. Vecnix Avatar

    Thanks for the Script ๐Ÿ™‚ I add it to my MiniChat and my blog

  8. Steve Finlay Avatar

    It will not work for me. It always says “There was an error verifying the characters from the image and the characters you typed in. “

  9. Jennifer Avatar

    Nice code !

  10. David Avatar

    Thanks, works great

  11. FuguTabetai Avatar

    I’ve made the field values sticky so that if there is an error in matching the image verification picture, the values in the fields are not lost. See the post for more details.

    Many thanks to Andy for encouraging me to get off my booty and fix this problem.

  12. me Avatar

    This is a test of the Emergency Broadcast system. this is only a test.

  13. 100ice Community Avatar

    interesting ….post
    a lot of info

  14. Kampanye Damai Avatar

    would saved to rss list, thanks

  15. Discount Golf Clubs Avatar

    thanks for this snipped. I will install it asap on my blog.

  16. Intero Avatar

    I tried and this is no working fine ๐Ÿ™

  17. tattoo ideas Avatar

    That’s so great! Nice code! thanks a lot!

  18. Metin2 Yang Avatar

    That’s so great!Too!

  19. nike dunk sb Avatar

    thanks as well!

  20. Cool Avatar

    Nice one! I been looking for this ages now!!

  21. Israel Avatar

    Yup. HAd to put mine on “moderation” because of wedoris trying to advertise their ??? on my poor little blog. You’d think spammers would have better targets than us, wouldn’t you?

Leave a Reply

Your email address will not be published. Required fields are marked *