Fighting Comment Spam - Here is the Code

Published 24 September 04 12:24 PM | chris 

A few weeks ago I blogged about efforts we have been taking here at OfficeZealot.com to fight comment spam. I've received many request for information about how we modified .TEXT to provide this capability.

My brother Jesse who actually modified .TEXT has been kind enough to do a write up and provide sample code that explains the technique. It is unsupported and may not work in your situation, but if you like to play with code here it is (DOWLOAD LINK).

Again, let me repeat this is unsupported. It works for us, but you use at your own risk :-).

Here is Jesse's write up on how to use the source code:

About a month ago OfficeZealot.com went to a new blogging engine written in .NET called .TEXT. .TEXT is an impressive open source blogging engine. We like it because it performs very well, has many nice features and best of all you get the source code.

To fight comment spam OfficeZealot.com added a simple challenge/response in the commenting process. When a reader wants to post a comment they have to type in a 3 digit number (that is randomly changed) to verify that a human and not a machine is indeed writing a comment.

Here is what we did to create the challenge/response system.

The first thing we decided we needed is a way to generate a random code as an image that the user would have to enter before they can post a comment. I’m sure you’ve seen this on many other sites. Using the image is important because it adds a level of difficulty for the spammer, it is much more difficult to dynamically pull the code from an image as opposed to text on a page. We found a free ASP.NET control that did everything we needed. It’s called CAPTCHA Image, you can download CAPTCHA Image here:

http://www.codeproject.com/aspnet/CaptchaImage.asp

 

The contol is very simple, it consists of CaptchaImage.cs which contains all the methods for the control and JpegImage.aspx which is actually a page that generates an image.

 

You will want to add these files to your DottextWeb project in your DotText Solution. I added CaptchaImage.cs to the modules directory and put JpegImage.aspx in the skins directory.

 

The next step is to add the challenge/response system to the PostComment.ascx usercontrol which is the usercontrol .Text uses to post comments. But first a little bit about how .Text Skins work.

 

In the DottextWeb project there is a directory called skins. In each skin directory there is a controls directory and a pagetemplate.ascx. pagetemplate.ascx is exactly as it sounds, it is a template that controls the layout of all the controls. So for each skin .Text uses there are separate controls. This could be a major pain because you would need to add the challenge/response system to each skins PostComment.ascx usercontrol. But one thing I discovered is that for each skin we had, the PostComment.ascx usercontrol was the exact same. It was just a copy. So I created my own PostComment.ascx usercontrol that I point all the skins to. I put that file into the skins directory in my DottextWeb project. You can find that file in the code.zip included with this document.

 

To point all the skins to my customized PostComment.ascx usercontrol I made a few simple changes to the Web.Config. In the Web.Config file there is a custom section called <HttpHandlers>, these entries tell .Text what controls to use to display the blogs. If you look in this section you will see four lines with PostComment.ascx in them. .Text assumes these files are in the Skins/[SelectedSkin]/Controls directory for the skin seleceted for the blog. So all I did is change “PostComment.ascx” to “../../PostComment.ascx”. Now .Text will look for the PostComment.ascx usercontrol in the root level of the skins directory.

 

My custom PostComment.ascx file simply contains the visual elements needed to add the challenge/response system, all the code is contained in the PostComment.cs file found in the DottextWeb project under UI/Controls. The modified version of PostComment.cs can also be found in the code.zip file included with this document.

 

The System Works Very Simply

When the user goes to post a comment I use the “CaptchaImage.CaptchaImage.GenerateRandomCode()” method to generate a new code and image, I then write the value of that code to a cookie. When the user tries to submit the comment I check to see if the value they entered in the text code text box is the same code that is now stored in the cookie, if it is I let them post the comment, if not I generate a new code and image and ask them to re-enter the code.

 

That is all it took to add the very useful feature.

Comments

No Comments
Anonymous comments are disabled