Anti-spam trick for Pixelpost

Version Française ici

I think I’m not the only one who have been bombarded by spambots with my pixelpost, I used to have up to 200 per day!

So I looked for a simple and efficient solution, and I think I found one because since I set up it half and a year ago, spams are just a bad souvenir…

Here is the idea:

Most of the spammers don’t go on you website (or perhaps just one time), usually they use automated systems which post malicious comments directly to the script that record them. Conclusion: they never use the comments form and so, they never click on the “Add comment” button.

The trick is to check if the button was “physically” clicked or not before recording.

There are two steps to set it up, you need to:

  • Modify the form so that it is able to detect if the button was clicked or not.
  • Modify the recording script so that it receives the result of the form and decide to record or not.

1. Edit your form:

First, what you need to do is to find where your comments form is located.
Most of the time it is in your template directory in image_template.html or in comment_template.html.

  • Here is the change to do with the “simple” template of pixelpost 1.5:
    The Pixelpost 1.5 “simple” template uses a popup, so the comments form is located in comment_template.html

    ORIGINAL CODE (must be replaced by the modified code below):

    MODIFIED CODE:

  • For pixelpost 1.6 :
    This is exactly the same thing as for 1.5 version except that, for the “horizon” template, the form to edit is located in image_template.html.

1. Edit the recording script:

  • For Pixelpost 1.5 :
    Open index.php and go to line 933 located at the beginning of the section “SAVE COMMENT”

    ORIGINAL CODE (must be replaced by the modified code below):

    MODIFIED CODE:

    Thus, comments will be recorded only if the value “ahuman” is received, so, if the button was clicked.

    Do the same thing at line 1025 located at the beginning of the section “EMAIL NOTE ON COMMENTS”. Thus, comments will be sent by email only if the value “ahuman” is received, so, if the button was clicked.

  • For Pixelpost 1.6 :
    This is exactly the same thing as for 1.5 version except that the 2 lines to edit are located in includes/functions_comments.php at line 15 and 225.

Voilà !
Of course it doesn’t stop “manual spams”, but this kinds of spams are quite unusual. If spams suddenly start again, it is because they understood the trick and they are injecting the expected value “ahuman” with their scripts, so in this case, try to change the variable name “you_are” and its ideal value “ahuman” by something else.

This entry was posted on October 5, 2007 and is filed under Frequently Asked Questions. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Comments »

  1. Hello Julien,

    This is a great patch, thanks. I’m using it for two days now and no more spam! To make it XHTML compliant I had to modify the “onClick” attribute in “onclick”.

    Best regards,
    Piet

    Julien : Thanks for your observation Piet, I corrected the code.

    Comment by Piet Osefius — October 7, 2007 @ 2:04 pm

  2. That’s very cleaver ! I do a little bit of javascript myself and I never thought of such a simple and elegant solution ! I will try it at once ;)
    About the “manual spam” I read once that it might soon become cost-effective for the spammers to hire people of poor countries in order to bypass protections against spambots such as captcha… or yours. If it turns true, we bloggers we’ll be in deep trouble :(

    Julien : Ouch yes you are right, if spammers become humans we would need moderation everywhere.

    Comment by XtoF — October 13, 2007 @ 12:05 pm

  3. AH!!! Finallement! :D

    Et moi qui cherchait la solution si loin, sur le net, alors qu’elle etait si “proche”!

    Un gros merci! Tu viens de me sauver un 15 minutes de SPAM par jour!

    Merci Julien! J’t'en dois une!

    Alain

    p.s. Instructions d’installation pas valides pour pixelpost 1.7.

    Julien : Exact pour la V1.7 de pixelpost, mais je vais attendre la release finale avant celà. Il est d’ailleurs même probable qu’il ne soit plus nécessaire de hacker pixelpost vu le nouveau système de plugin … à étudier.

    Comment by Alain Franco — November 18, 2007 @ 10:30 pm

  4. Not necessarly but first solution in my mind is quite awfull :
    we’ll need a per IP/country automatic moderation :/
    For example a comment from UK could be considered as ok, one from Angola submitted to moderation with an option to bann a country. yep that’s not ideal but …
    Another method could be to check how much comment from a ‘poor’ country, if it occur from a real ‘usefull’ user it’s probably not twice a day ? It could be combined with IP range ban, … endless battle isn’t it :)

    If a country doesn’t have nor respect legislation to punish spammers what other choice ?
    Oh! still the content check, spamming without adress nor brand is quite useless (but that’s a definition for spam anyway, useless and dumb).

    Julien : 8O

    Comment by Seb — December 4, 2007 @ 1:40 am

  5. Best solution regarding spam, in my experience, is www.akismet.com. This was originally meant for wordpress, but has been used in pixelpost. I think there’s an add-on of some sort unless the feature is built right into pixelpost.

    Julien : Hum, Askimet wasn’t the best solution for me, some of the spams were stopped but not 100%, but I admit my solution has a drawback : you must imperatively click on the “submit comment button” but this is not really a problem with pixelpost. For those who are interested in the Askimet solution, read this

    Comment by Tin — December 28, 2007 @ 5:35 am

Leave a comment

Please don't leave a comment to say 'thank you' but only if you have something interesting to add or to ask, ;) .


» Close
E-mail It