Killing Spam Dead

Ok, I finally got rid of all Spam on my site. The Akismet plug-in did nothing. Maybe it slowed down the spam a little bit but I was still getting 10-15 spam comments per day. I think the problem was that they can’t blacklist everything in the universe and the comments were actually mostly-legitimate text that was just so general yet seemingly perfectly valid from a Bayesian filters perspective that there really was no way to actually filter it.

So I decided to create my own hack 🙂

I’m a little reluctant to post the solution here in case some spammers are able to adjust their tools to work around my hack… but the very fact that it works sort of indicates to me that they’re just blindly spamming me anyway so here we go.

The trick is basically to just create a new text box for the comments area. Then, with CSS you set the text box to be collapsed. On the server, if there is any text in the field then you throw away the comment. Spam tools must just blindly fill out everything then submit, or else they know the magic POST Url for BlogEngine.NET which is now slightly altered on my particular site and thus doesn’t work. Either way it seems to fix it.

Here are the relevant snippets:

~\User controls\CommentView.ascx, Line 43

<input type="text" id="txtCompany" style="visibility:collapse" />

~\User controls\CommentView.ascx.cs

public void RaiseCallbackEvent(string eventArgument)
{
    // ...
    string company = args[8];

    if (!string.IsNullOrEmpty(company))
    {
        _Callback = "failedCaptcha";
        return;
    }

~\blog.js

function AddComment(preview) {
    // ...
    var company = $("txtCompany").value;

    // ...
    var argument = 
        author + "-|-" +
        email + "-|-" +
        website + "-|-" +
        country + "-|-" +
        content + "-|-" +
        notify + "-|-" +
        isPreview + "-|-" +
        captcha + "-|-" + 
        company;

    // ...
}
function AppendComment(args, context) {
    if (context == "comment") {
        if (args == "failedCaptcha") {
            $("status").innerHTML = "<span style=\"color: red; font-weight: bold\">" +
            "Please enter the correct word</span>";
            return;
        }

        // ...
    }
}

Where “…” is the code currently inside of these methods, just leave that stuff alone. I have made a few test comments on my own blogs which seems to work but if someone could leave a quick confirmation comment that it is working for them also that would be great!

I seriously hope the spammers don’t see this though :-/

Author: justinmchase

I'm a Software Developer from Minnesota.

Leave a Reply

%d bloggers like this: