Comment Spam Quick Fix
Both Sam Ruby and Phil Ringnalda had good advice -- don't spend a lot of time on developing a solution to fixing the comment spam problem. Whatever I can do within the form, it's a relatively simple matter for a spammer to read any form value and duplicate it in his spam blast.
I appreciate both their help in gently pointing out that I was spinning my wheels (but I have to get practice for ice driving).
So, here's a quick fix -- it will keep out the lightweights at least. It's a start as other efforts are underway.
This approach will require you modifying the following MT templates:
Individual data entry
Comment Listing Template
Comment Preview Template
Comment Error Page
You'll be adding the following field, on the line before the </form> tag:
You can change both the name and the value field, as long as you're consistent with the name throughout the templates and the code.
Next, open your mt-comments.cgi (or mt-comments.pl) file and add the following code just after the "use strict;" line:
use CGI qw(:standard);
if ($ENV{'REQUEST_METHOD'} eq "POST") {
my $data = param('snoop');
die unless ($data);
}
Most everyone should have the CGI.pm perl module installed. Make sure to change 'snoop' to whatever your little secret field is (let's all use different fields, make the spammer's job a little tiny bit harder.
That's it.
What happens is that when you post a comment, the code checks for a form field of "snoop". If it doesn't find it, it dies. Nothing fancy at all. This will show in your error log or web log file as a premature end to the script. It doesn't prevent others from using the application, and doesn't crash anything.
Again, this isn't fancy, but it's a start. Holler if you have questions. If you're uncomfortable modifying mt-comments, let me know and I'll help you. If you have a better solution, or see problems with mine, please let me know.
Again -- thanks to Phil and Sam for advice, help, suggestions.
Update:
Mark has put together a nice re-cap on the whole comment spamming thing. What I just created is a 'club'. I'm going in for an interview tomorrow and when they ask me what was the last application I worked on, I'll answer "A club". .
Posted by Bb at October 29, 2002 03:01 PM