Open Photography Forums  
HOME FORUMS NEWS FAQ SEARCH

Go Back   Open Photography Forums > Photography Discussions > Sales, Exhibitions and Web Presence

Sales, Exhibitions and Web Presence Discussion of commerce models and processes by which Photography reaches clients and the public.

Reply
 
Thread Tools Display Modes
  #1  
Old August 8th, 2013, 03:44 PM
Robert Watcher Robert Watcher is online now
Senior Member
 
Join Date: Feb 2008
Location: Xela, Guatemala / Ontario, Canada
Posts: 2,119
Default Frustration with Comment Spam on Wordpress

There are plugins - there are all kinds of IP detection, blacklisting, Captcha schemes designed to block bots and other unwelcome visitors from filling up your Comments box and all of the management required to approve comments and delete all of the junk..

And so here is my logic that has worked pretty well so far for me. While I don't use Wordpress, they are both very simple to implement into the Wordpress source code I would think.

First thing is an amazingly simple concept I figured out several years ago. It has to do with preventing "automated" spamming - which I feel is a large percentage of spam. These type of bots fill in every form field to cover all of the bases. So if you introduce a field that is hidden from view using CSS - - - it can easily be checked if there is any content in that field when the form is processed. If there is content in there, then it is an automated spambot because no human can see that field as it is not displayed (it isn't a "hidden" field).

So in the form you may add something like <input type="text" name="special" style="display:none;" />

And then in the processing section, you can check if that field is empty and allow the processing to continue using if ($_POST['special']='') { } - - - in other words if the post variable "special" is empty.

You may be amazed that will get rid of a lot if not most of spam.

However - humans do enter Spam as well. IP blocking doesn't necessarily work that well as they can easily provide a fake IP. As well, you may end up blocking other legitimate viewers who use that IP. I had this issue where Spammers were getting around me blocking the IP that was present when they posted a comment. And so I started to look for a consistent "pattern". The email was always different - the user name was always different. I just about gave up when I got wondering why they are doing this. In most cases they are wanting to post links - - - otherwise, why would they bother just posting plain text right?

And so I already was stripping out HTML tags for links like <a href=""></a> - - -but then I noticed the pattern. This spammer was using the url BB code tags in the message to cover for the html tags being stripped out. Ingenious. And so what I ended up doing was use the PHP function stristr to see if the text "[url" was present in the comment. So the code if (stristr($_POST['comment'], '[url')) { $dontpost = true; } worked perfectly. So if $dontpost = true; then you wouldn't allow the database to be updated or an email sent to you letting you know there was a post. It can just bypass that whole process. They could keep on sending and you wouldn't know the difference.

I am posting this for those that have a basic knowledge of how to change bits of code in Wordpress. It would be quite simple. But for those who don't know, it may be a challenge. But when you think about that logic - it should cover most scenarios where someone is crating havoc with your Comments and where you get frustrated and want to get rid of them. Of course if plugins are working for you, that is great as well.



These modifications will also work with email forms as well.
Reply With Quote
  #2  
Old August 8th, 2013, 10:19 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,077
Default

Bob,

This is an important subject. I have to reread it. I like the idea of hidden fields to catch BOTS. There's more for me to glean. I'll be studying your notes so keep at it.

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #3  
Old August 22nd, 2013, 09:23 AM
Maggie Terlecki Maggie Terlecki is offline
Senior Member
 
Join Date: Jun 2012
Location: Province of Quebec, Canada
Posts: 1,837
Default

Quote:
Originally Posted by Robert Watcher View Post
There are plugins - there are all kinds of IP detection, blacklisting, Captcha schemes designed to block bots and other unwelcome visitors from filling up your Comments box and all of the management required to approve comments and delete all of the junk..

And so here is my logic that has worked pretty well so far for me. While I don't use Wordpress, they are both very simple to implement into the Wordpress source code I would think.

First thing is an amazingly simple concept I figured out several years ago. It has to do with preventing "automated" spamming - which I feel is a large percentage of spam. These type of bots fill in every form field to cover all of the bases. So if you introduce a field that is hidden from view using CSS - - - it can easily be checked if there is any content in that field when the form is processed. If there is content in there, then it is an automated spambot because no human can see that field as it is not displayed (it isn't a "hidden" field).

So in the form you may add something like <input type="text" name="special" style="display:none;" />

And then in the processing section, you can check if that field is empty and allow the processing to continue using if ($_POST['special']='') { } - - - in other words if the post variable "special" is empty.

You may be amazed that will get rid of a lot if not most of spam.

However - humans do enter Spam as well. IP blocking doesn't necessarily work that well as they can easily provide a fake IP. As well, you may end up blocking other legitimate viewers who use that IP. I had this issue where Spammers were getting around me blocking the IP that was present when they posted a comment. And so I started to look for a consistent "pattern". The email was always different - the user name was always different. I just about gave up when I got wondering why they are doing this. In most cases they are wanting to post links - - - otherwise, why would they bother just posting plain text right?

And so I already was stripping out HTML tags for links like <a href=""></a> - - -but then I noticed the pattern. This spammer was using the url BB code tags in the message to cover for the html tags being stripped out. Ingenious. And so what I ended up doing was use the PHP function stristr to see if the text "[url" was present in the comment. So the code if (stristr($_POST['comment'], '[url')) { $dontpost = true; } worked perfectly. So if $dontpost = true; then you wouldn't allow the database to be updated or an email sent to you letting you know there was a post. It can just bypass that whole process. They could keep on sending and you wouldn't know the difference.

I am posting this for those that have a basic knowledge of how to change bits of code in Wordpress. It would be quite simple. But for those who don't know, it may be a challenge. But when you think about that logic - it should cover most scenarios where someone is crating havoc with your Comments and where you get frustrated and want to get rid of them. Of course if plugins are working for you, that is great as well.



These modifications will also work with email forms as well.
Thank you, Robert. this new work-around sounds great as I've been getting so many spam comments in the last week, it is ridiculous. Sometimes there is a legitimate comment between them, so couldn't just chuck them all out, and comments can be important interactive feature on a website so didn't want to cut them out. This should really help. Thanks
Maggie
__________________
there's a crack in everything; that's how the light gets in ~Leonard Cohen
my personal website
my website with articles,interviews etc.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Comment & Critique 101 Cem_Usakligil Layback Cafe 29 March 27th, 2016 11:10 AM
Wordpress help please Maggie Terlecki Layback Cafe 5 June 20th, 2013 08:39 PM


All times are GMT -7. The time now is 07:25 AM.


Posting images or text grants license to OPF, yet of such remain with its creator. Still, all assembled discussion 2006-2017 Asher Kelman (all rights reserved) Posts with new theme or unusual image might be moved/copied to a new thread!