More on Commenting on Webpages
I've now been running "comments" on a site for a few days and it seems to be working pretty well. I've had only a handful of comments so far and have not yet run into any "Spam Bots" - this is a bit of a concern for the future. I intend to implement some sort of captcha system into my set-up, I believe this should stop 95% of spam in it's tracks.
The problem is that I know absolutely nada about captchas - and after having done a bit of research, they are really complicated! You need to use PHP to create the graphics and insert the value of that graphic into a session. On submit of form, make sure the session value = the graphic value. What a total pain in the hoop.
Does anyone have any ideas for an easier to implement solution? My initial thought was just to have a bunch of simple questions "what is 2+2", "what is 3+4" (as an input box) and so on (as spam bots are not smart enough to know an answer to a random question), but this approach seems a little too simple…
I've also now implemented "names" onto the comments, which now look something like this:
As you can plainly see, it's a very simple set-up, but simple is good! It's very much like a hybrod between a blog and a webpage. As I previously mentioned, I can only see positives from offering such a service (particularly if I can work out a good way to "captcha")…
So, I am on a hunt for a simple to implement procedure for stopping spam-bots! I already have a system in place for users of this service to delete unwanted comments easily simply by clicking a link in their email, so that is 1 step towards a solution. Need to take a few more steps though!
Comment by Oli Allen — September 26, 2006 @ 3:18 pm
A simple solution to cut out a lot of spam may be to ignore anything with strings like "@", "a href" etc in it - what kind of spam bot isn't going to be spamming a link?
Comment by One Dollar A Day — September 26, 2006 @ 4:06 pm
Hey burt, comments are a great way to get your pages to update themselves..I run a comments script on one of my "proper" sites - looks very similar to the job yours does but it's MySQL based.
SPAM is a problem however - the script I have has no kind of protection other than outputting the comment as text i.e. so if someone spams with a link, it just outputs the full html for the link on the page if you see what i mean.
The other feature I could do with apart from some kind of SPAM control is a bad words filter.
Comment by Chance — September 26, 2006 @ 5:14 pm
No captcha discussion would be complete without http://hotcaptcha.com/
By far my favorite silly captcha experiment
Comment by burt — September 26, 2006 @ 5:17 pm
Oli; that's a definite possibility, the problem comes when a "normal person" wants to post up a link though…
ODAD; a bad word filter might do the trick, but it would be hard to maintain (on my mini-system of commenting). Good idea though.
At this moment, what I have is stripped out links and 24 hour suspension of the comment (so that the site owner can review it). The comment placed is sent to the site owner via email, and the email contains a "destroy this comment" link for easy "get rid"…do you think this is enough, considering that the script will be free (as in no cash) when released? As it is now, I am happy (but I am the only user!) - it suits my needs perfectly.
What I'll do is play around with captcha and see how it goes. I suppose even a simple captcha is better than nothing?
Comment by Anonymous Coward — September 27, 2006 @ 10:07 am
Last night I wrote a really simple CAPTCHA (took about 5 minutes) which has thus far completely eliminated spam on a suggestions form which was receiving 10-20 viagra-esque adverts a day.
If it's any use, I've pieced together the various bits into a random pastebin I found:
http://hashphp.org/pastebin.php?pid=8693
Comment by One Dollar A Day — September 27, 2006 @ 11:15 am
A link in the email to reject the comment is a nice feature…at the moment I have to log into an admin panel to delete comments. I also have the option to ban the IP address of the commenter….not sure if you want to include this as an option too?
Comment by burt — September 27, 2006 @ 11:24 am
AC; that's a neat solution. Thank You Very Much. I'm thinking this will only work with PHP that has GD support - do you know if GD is pretty much standardised as a feature these days? I know that I do not have it on my testing environment…
-thinking out loud-
Is there a way to easily determine whether a server has GD installed, and if it has then use this method. If not, use a more "simple" method…I'll hunt through the php site this afternoon & post back.
ODAD; The email feature is pretty sweet and was simple to implement. I also grab their IP, but as my system is really simple, they'd need to lock out IP addresses via their host' control panel.
Comment by burt — September 27, 2006 @ 2:08 pm
OK, captcha is now implemented! Because of the way that my code works, the session method wouldn't work too well. So what I came up with is a mash-up of AC's code, with a hint of my own. And it seems to work very well! Many thanks Mr AC.
Comment by burt — September 27, 2006 @ 2:13 pm
OK, bringing the whole thing back up-to-speed;
1. Captcha now implemented (checks for GD availablity first):
if(function_exists("gd_info")){
2. 24 hour delay on new comments
3. Ability to delete comments immediately via email
I think this is enough for this script, and I am quite pleased with how it has turned out.
I'm going to put the finishing touches on the script today - needs some error messages and some general spit'n'polish, and then I think I might release it. Yippeedeedoodah.
Comment by SarahG — September 27, 2006 @ 9:30 pm
Just to answer your earlier questions. GD is usually fairly standard on shared hosting servers when PHP 4 is installed (can't speak for vs 5). And to check for it simply upload a phpinfo() file and scroll down. You'll see all of the extensions installed just before the environment variables. If GD is there you'll spot it instantly
Comment by SarahG — September 27, 2006 @ 9:31 pm
Oops sorry I just realised you meant use php to check on GD. Ah well, it may help someone!