Sunday, June 26, 2005

.Text Comment Spam

I got hit recently with a lot of Comment Spam on my TeamB blog. It was incredibly boring to sit and delete all of the spam comments - which, because of what I would only call laziness, had grown to around 500 in number - since .Text only allows you to delete one comment at a time! And each time it would bring up a confirmation web page from the server, and then, when you select "Yes, I know what I'm doing, just delete the darn message" it throws up another page with "Message Deleted" or something like that. You have to then click once more to get back to the message list. Note: I don't have access to the database.

Obviously this could be rectified by changing some code. The .Text source is available - so maybe it could be modified.

I downloaded the .Text source and then managed to actually get it compiled and running on my laptop. What I started to do was to check how the code worked - and it turns out there's a way to enter "comments" by creating a "trackback" to your page. I'm not going to reveal how - but the source code of the page reveals all.

Solution: Simply remove trackbacks from your page. Let people actually enter the trackback in, as a comment. And introduce a CAPTCHA in the comment entry page.

The CAPTCHA solution is fairly well documented. You can downloadThe Clearscreen CAPTCHA control for .Text by Miguel Jiminez and install/run it.

For removing trackbacks: Go to your web.config on your .Text site and remove the lines starting with <HttpHandler and that contain the text pingback or trackback. Or set enableTrackBacks="false" and enablePingBacks="false" in the <Tracking element.

No trackbacks then? Maybe the comment api can be modified to allow it as a different field - I don't think I'll have time to do this, but if anyone has, please let me know.

1 Comments:

Anonymous Anonymous said...

A test comment.

11:32 AM  

Post a Comment

<< Home