Comment Spam Mod?

[scottlindberg]

Is there a mod that can help me stop the deluge of comment spam I've been experiencing over the past few days? Blacklisting IP addresses maybe stops a quarter of one percent of the spam I've been hammered with this week, so I was hoping there would be some way to stop the spam from being posted -- via a forced comment preview or some such method. Any help out there? (I'm using GM v1.3.1).

Thanks!

~Scott

[petefinnigan]

Hi Scott,

I am planning to implement a comment moderation mod. I have some notes on how i would do it on my other PC, I will post them either tomorrow night or Thursday. I am looking into changing gm-rss to support RSS2 and ATOM first. I will then look at implementing the comment moderation mod which is bigger.

The blacklist is only a small part of anti-spam. The problem is that the spammers use different IP addresses each time often spoofed.

A second useful mod in parallel with a comment moderation mod would be to have a unique number that needs to be added to a box before the post can be done - this is common in lots of other software. I might look at that after the comment moderation mod.

watch this space.

cheers

Pete

[coldstone]

A quick fix (though not sure it'll stop spammers) is to modify your templates so that there is no submit button, only a preview button. This would effectively force someone to 'preview first'. Like on perlmonks.org.

Also, I found out that WP has a system where a user must be approved for their first post, then as long as they use the same email address (which isn't publish) their other posts are automatically approved. I was thinking this would be cool to add to GM sometime. Its not the only way, but I thought it was interesting.

There is a mod I saw on one of the YAGMS posts that had a key word that had to be entered before a post was accepted.

[picaman]

That's me--example here:

www.queerspace.com/blog/archives/00000287.php

I'll muck around in my code and see if I can figure out how I did it--it's been a while. But it works absolutely perfectly--no comment spam at all.



Jamie

[picaman]

OK--I'm not much with scripting, but here's what I think I added to gm-comments.cgi:

After:

#modification to prevent problem with search box
if ($IN{'gmsearch'} eq "") {

Add:

# added by James 20050531 for spam control
unless ($IN{'newcommentsecurity'} eq "XYZ") {
       print "Content-type: text/html\n\n";
       &gm_dangermouse("Comment rejected as failed to provide valid security data.");
}

"XYZ" is the word you want entered before the comment is allowed to be posted.

And in {{entrycommentsform}} (Editing Karma & Comments-Related Templates in gm.cgi) after:

<img onclick="commentEmoticon(':satisfied:')" src="{{emoticonspath}}/satisfied.gif" alt="satisfied" width="20" height="20" /></td>
</tr>
</table>
</td>

I put:

<td>
<textarea cols="25" name="newcommentbody" rows="10" class="text"></textarea>
</td>
</tr>
<tr>
<td>|AMP|nbsp;</td>
<td align="center">
<br /><br /><br />
please enter the word "XYZ"<br />(no quotes, no capitals) here. <br/><br />
<input type="text" name="newcommentsecurity" size="25" />
<br /><br />
this is a required security measure<br />to prevent automated spam postings.<br/><br />
<input type="reset" value="reset" class="button" />
<input type="submit" value="submit" class="button" />
</td>

I think that's it...if you test it and it doesn't work, let me know and I'll do some more digging.

All credit to whoever came up with this originally, and that was definitely not me.



Jamie

EDIT: One more thing--I had to disable comment preview by removing the button in gm.cgi. The hack didn't work with comment previewing, and I didn't know how to fix it.

[scottlindberg]

Jaime- Thanks a bunch for the help! Unfortunately, I haven't made this mod to my gm_comments so I am unsure where to add your spam mod in the file:

picaman said:

After:
#modification to prevent problem with search box
if ($IN{'gmsearch'} eq "") {

A couple questions: Is this mod necessary for the spam mod to work, what does it do, and if it is not necessary what should the spam mod come after in my unmodified code?

Thanks again, and sorry if I am being dense. I've done some very minimal modification to my GM installation in the past, but am very much not a programmer.

~Scott

[picaman]

The additional gm-comments.cgi code is inserted toward the top of the file. Here's the entire beginning of my version of gm-comments.cgi, including the added code:


#!/usr/bin/perl

###############################################
# Greymatter 1.3                              #
# comments module                             #
# Copyright (c)2000-2003, The Greymatter team #
# http://www.greymatterforums.com/            #
###############################################

# ***  Your possession of this software indicates that you agree to the terms   ***
# *** specified under the "Copyright & Usage" heading in the "manual.htm" file. ***

use CGI::Carp qw(fatalsToBrowser);

require "gm-library.cgi";

read(STDIN, $input, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $input);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$IN{$name} = $value;
}

$userip = $ENV{'REMOTE_ADDR'};

&gm_readconfig;
&gm_readtemplates;
&gm_readcounter;

if (($IN{'newcommentbody'} eq "") && ($IN{'newcommentauthor'} eq "") && ($IN{'gmsearch'} eq "")) {
print "Content-type: text/html\n\n";
&gm_dangermouse("No valid information was given.");
}

#modification to prevent problem with search box
if ($IN{'gmsearch'} eq "") {

# added by James 20050531 for spam control
unless ($IN{'newcommentsecurity'} eq "XYZ") {
       print "Content-type: text/html\n\n";
       &gm_dangermouse("Comment rejected as failed to provide valid security data.");
}

}

Honestly I'm not sure if the "#modification to prevent problem with search box" bit is part of it or not, but I don't think it is.

Hope that helps.



Jamie

[scottlindberg]

I think I see the problem ... I am using v1.3.1 and you are using v1.3. The gm_comments script looks like it has been at least moderately altered between versions. I'm going to give it a shot to see if I can make it work. Thanks!

~Scott

[scottlindberg]

Works like a charm (or at least I didn't break anything)! We'll see if it stops the barrage of SPAM I've been getting now.

For future reference, I added the 5 lines of code you suggested after:

if (($IN{'newcommentbody'} eq "") && ($IN{'newcommentauthor'} eq "") && ($IN{'gmsearch'} eq "")) {
print "Content-type: text/html\n\n";
&gm_dangermouse("No valid information was given.");
}

if ($IN{'gmsearch'} ne "") { &gm_searchresults; }


Thanks again for your suggestions and help! I truly appreciate it.

~Scott

[picaman]

scottlindberg said:

I think I see the problem ... I am using v1.3.1 and you are using v1.3.

Oh this is all coming back to me now

The gm-comments.cgi I'm using is a modded 1.3 version (I think) with added code for comment throttling. Basically it checks for the number of links included in a comment, and bans people on that basis. The modded version uses gm-throttle.cgi in your cgi-bin/scgi-bin.

The other captcha hack renders this redundant, I suppose. If anyone wants the (what I think is) modded gm-comments.cgi I could forward it to post for download...too big to paste into a post.

Thanks for your attention to detail--I backed up the old version and updated this file to 1.3.1 (my other .cgi files were already 1.3.1).



Jamie

[scottlindberg]

I don't think the throttling is necessary using this method. I've had no spam at all since I installed the mod a few hours ago, where I'd have expected at least a couple dozen spam comments based on the rate I was getting them before I added the fix. Thanks again!

~Scott

[coldstone]

Did gm-throttle.cgi used to ship with GreyMatter?

scottlindberg said:

picaman said:

After:
#modification to prevent problem with search box
if ($IN{'gmsearch'} eq "") {

A couple questions: Is this mod necessary for the spam mod to work, what does it do, and if it is not necessary ...

If anyone is interested, that bit is just the begining of a block of code that deals with commenting. The script is assuming that if there isn't any search input, that you were commenting. Its because the gm-comments.cgi deals with both commenting and searching.

[scottlindberg]

OK ... now after a little while having this mod inplace I'm noticing a strange bug -- all of my comments are being published to a single blog entry, and not the entry intended. For example, if someone comments on entry 225, it is entered on 292. If they comment on 256, it is entered on 292. No matter where they comment, their note is published on entry 292.

Any insight as to why or how I might go about fixing it without reverting to the non-modded gm-comments.cgi?

[coldstone]

Do you mind if I ask for your webpage? I am guessing that gm-comment.cgi is not getting the correct number of the entry its supposed ot modify. I would guess its either wrong on the comment page (should be a hidden variable) or its the code above is changing the value.

I will try to look closer soon.

[scottlindberg]

The blog in question is www.sllab.net/arslonga ... let me know if you need more info, as I'm completely stuck!