Spam comment protection

Topics: Business Logic Layer
Sep 15, 2009 at 6:41 AM
Edited Sep 15, 2009 at 6:50 AM


I have started to get some serious spam comment issues and since I am a developer and saw some patterns in the comments, I created a simple spam protection extension. It uses a manually updated list of known spam comments, spam sites and senders and so on. It seems to be working fine when I try it out. However, I still get spam comments. Is there any way at all to get spam comments into the system without them being checked by my extension? I assumed that no comments would be created in the system without the Post.AddingComment event would be that an incorrect assumption? I know that assumption is the mother of all f#@%!-ups...but it seemed logical...

But since I still get spam, something is not working as it should. If I copy the comment and try posting a comment, it fails. So the spam robots must be getting the comments in some other way... Any suggestions? I really need to sort this out...

BTW, I have seen the huge thread about this topic. but I'm mostly interested in how the spam post application gets by the code that should raise the event... My code is simple and works, but it seems as if the spam thingy manages to call the blog without the event being raised...

Sep 15, 2009 at 8:43 AM

If your extension subscribes to Post.CommentAdded, then all comments should go through your extension.

You may already be aware of this, but there's two basic forms of comments spam.  There's comment spam left by bots (not humans).  And then as of late, there's a lot of comment spam being left by real people.  These people get paid something like 5 cents or 20 cents or 50 cents, etc. for each piece of comment spam they leave on blogs, news articles, forums, etc.  This may be what you're seeing.

Comments can also come up from trackbacks and pingbacks.  But in these cases too, your extension will be alerted.

Subscribing to a comment spam service may be a good idea.  The next version of BE will have this option built-in (along with several other blacklist and whitelist options).  It can be obtained now from the the Source Code tab above.

You could also consider the Commentor extension by rtur that allows you to subscribe to a spam validation service (Akismet, I believe).

P.S. "assumption is the mother of all f#@%!-ups" ... I first heard that in Under Siege 2  :)

Sep 15, 2009 at 11:33 AM

Thanx for the reply!

I know that there are spam extensions, but mine is simple and should work. And being a developer and having made some modifications to my blog code I would rather not switch at the moment...but maybe I should consider it. I'm running 1.4.5 right now. I guess the next release you are talking about is still in beta? Is it stable? Would upgrading cause any problems for me? Will added extensions still work? I'm a bit scared of just upgrading things... Often ends up being a lot of work... I would much rather figure out why my extension is not called for every comment. Considering that a few comments, that obviously violates the rules in my code, come through tells my that my code isn't called at all times...frankly that scares me a bit...

I have tried one that used Akismet. However, no extension will work if the event isn't raised. My simple little extension does the job, but once again, without having the event raised the extension will not filter. It doesn't matter what extension I use...

Would be interesting to hear if I am the only one that have issues with the event not being raised... Am I sure it isn't raised? Yes. As I said, my code basically has a list of parameters that are illegal to comment with. The code is rought and simple and cannot fail...and still I get spam comments...but if I copy the content of the spam comment and try to post it myself, it fails...ergo, there has to be some circumstance that causes the event not to be raised...


PS: I know! The movie ain't that brilliant, but the saying is good. Impressive that you would know...

Sep 15, 2009 at 11:05 PM

Upgrading from 1.4.5 to 1.5 is pretty easy to do.  You basically just overwrite your files with the 1.5 files.  Extensions are still used in 1.5.  The files you don't want to overwrite are the App_Data files, web.config file, robots.txt.  The rest should be okay to overwrite.  It's a good idea to make a backup first, just in case something goes wrong.

Without upgrading, you can use the Commentor extension.  It works with 1.4.5.