Junior Member
Junior Member
matthendrix   2007-07-03, 15:08
#1

Here's what I did to stop the evil bots from spamming me via the comments form.

[b]Step #1[/b]
Add a hidden field into your template's comment form (usually found in image.php), for example;

``

[b]Step #2[/b]
At the top of your main index page (not the templates index page), add the following line at the top before anything else;

``

[b]Done![/b]
This has stopped all comment spam on my website.

Cheers,
Matt

Member
Member
TheBLIONCorp   2007-07-08, 16:41
#2

I would have modified addComment function to reject the comment using "normal" way.

Developer
Developer
trisweb   2007-07-16, 05:41
#3

This is only a temporary fix - spambots may check for such things as hidden fields, it adds only a minor roadblock. But a roadblock nonetheless! If you can figure out an algorithm and pass-between and somehow detect that the comment originator is in fact a human (test typing speed maybe?) perhaps that would work.

Ooh, I like some of these ideas... perhaps I'll try implementing them myself...

Member
Member
TheBLIONCorp   2007-07-16, 17:43
#4

Speed is not a good idea. I can be very fast to write something (300 char/min + 10% of defects lol)

With a special number of characters, we could use autoit to spam a database... Too easy to perform...

Nevertheless, you can generate random fields...
Fields' names are stored in the database, a key is created in a session's array ($key, $image_name). After usage, database and session are cleaned up.

Random fields can be used only one time by one client...

But that would not block a bot which submits correctly the form... (just use autoit to discover how easy it is to do it)

Member
Member
titou   2007-07-17, 09:18
#5

There are aanother interresting solution against Spam.
the idea is to put an empty input fields and hide him in CSS.

When you register the comment, if this field is not empty then it's a spam bot...

You can find an article on this page :
http://www.rustylime.com/show_article.php?id=338

Sorry for my bad english, i need to improve it !

Member
Member
TheBLIONCorp   2007-07-17, 14:56
#6

It would need two parts:

  • ensure that the field has been submitted
  • ensure that the field is empty
    More over, it won't be efficient against automation tools that would simulate normal viewing and submitting actions...
Developer
Developer
trisweb   2007-07-17, 22:25
#7

It is still a decent idea though, and could be used in combination with a randomized field and Akismet content filtering (the only real solution, in my opinion).

Member
Member
TheBLIONCorp   2007-07-21, 18:21
#8

The "hidden" field can be the first thing to check, yes, of course.
If the field is OK, then an heavy way to check if everything is ok...

I'd rather use my spamassassin method to check comments :p Ackismet never worked as expected on my gallerry... with spamassassin, 2 things:

  • No spams are inserted at all
  • No spammer try to do it anymore !!! I think they stop trying after several errors...
Member
Member
xiaozj   2007-08-02, 16:11
#9

How about designing a system so that no two installation (or almost none) will behave the same way, and to go further even the same installation would behave differently at different time of the day (or each time you access it). So to be able to get the spam through one installation would do nothing against the rest of the installations, and to go further would not even work the next time the spammer tries to submit.

Though as things stands now, several scripts already works well: Akismet, Spam Karma, Spam Assassin... etc, the only problem is to port and integrate them into Zenphoto - I'm thinking of the long proposed plug-in system.

Member
Member
thinkdreams   2007-08-16, 12:16
#10

The Akismet hack from GamedudeX is working fine for me. I just tested it by adding code in the class-image.php to mail me each time a spam is caught. I was getting a few comments come through with spam, and about 1/2 day later, it was catching them (which means akismet was catching up with them from their service.)

This proves the hack works well for me. May not catch everything, but I have yet to find a solution that does. Akismet is the best I've found though so far.

It will eventually have moderation capabilities, but this assumes edits to core zenphoto code, and database modifications.

Member
Member
penzoto   2007-08-16, 15:12
#11

a good start to stopping the spam is to change the 'name' and 'id' attributes of the email input field to something less obvious than 'email'.

I wonder if a flash form would stop spam 100%?

Member
Member
thinkdreams   2007-08-16, 15:23
#12

A flash form would assume that everyone has flash, which some do not (or cannot due to policy restrictions at work), so it may not be in the best interest to put reliance on flash for spam control, as that may make it difficult for some people to fill out forms.

Member
Member
TheBLIONCorp   2007-08-16, 23:13
#13

You can generate random fields name... Random z-index (it will confuse users !)
Robots will improve the way they spam. So it's just a temp fix...

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.