Hi folks,

I made a modifiction to the base code of 1.5 RC1 that substantially reduced the number of spams on my site (almost zero!). I want to share it with you but first I want to test it more. If you are using PP 1.5RC1 and suffering from heavy comment spam attacks and you like to test it, please leave a PM and I'll send you the modification to test.

This is a combination of 2 methods, random/hashed comment saving command and use of JavaScript URL changing. The former prevents spammer attacks that have saved index.php?x=save_comment URL and second hides form ture save command from spam bots that don't interpret JScript.

Once you have something that seems stable, I would love to give it a t try. I got over 90 spam yesterday and I am on track for the same today.

Please note that this modification requires users to have JavaScript Enabled. This is a typical requirement but people who may still have fears from JScript and have it disable could not make comments anymore.

0- open the zip file
1- copy content of TO Addon to addons folder
2- use the included index.php instead of original index.php
if you are using a modified version of that file (for AKISMET for example)
add
// hashed comment field
$save_comment_array = "be185c818e,0c732705c6,b59f992ff3,073ab00d00,b7cf1c 28e6,a38b01f211,873bc77669,2c09296992,12540279b0,8 2a3333026,c2b31313fb,2fef3d9ab0,044cae1f62,276d60f 3f1,6df8b3c326,5b7718cf5f,a38b01f211,3c41121df9,a2 f05b2b8a,a85beba152,f7e781e966,14ceaee3f4,6a7d043a e2,778c72120c,ce1a393fe6,8fe0c4320c,5b9fb47340,ef2 594f6cd,fbe1510232,11a5343131,0facb735fd,83830d171 f,728699041e,dbbd2a12c0,94f6c5452c,a38b01f211,14f9 5763a6,497fbbd983,676ae68305,70cddf4c56,b64013e359 ,b7cf1c28e6,efd149c64b,150fb9e8bc,83830d171f,40020 4120c,3538bcb17a,74acc92650,a8f2d70ed5,8d88384730, 36fd538eea,5baa8c5473,0803870868,36f8487b92,981e7c a850,544a32023b,6ebd49cfd3,00184a64ea,c27e6eb2e4,b c9c786ae1,c9080aaf51,4247288d84,5cdfc1807f,12634af 390,46811b799b,544a32023b,55be7ea7a4,dcb107ead4,fd 3e863823,da0722851b,80781e3b86,18338dcd9b,29a107ef 57,b6a06750f5,7918744ef9,29a107ef57,4ef7d307ae,40b 8390554,91a5c9054e,276d60f3f1,c877517703,11a534313 1,0dda7317a7,f7e781e966,c750910429,b8e84043a0,3538 bcb17a,400204120c,05d6397345,c750910429,497fbbd983 ,8a79dd7161,c24dd9b67b,ac1301da96,8b6e2869e2,87196 299f8,2fef3d9ab0,29a107ef57,02e2584ef7,e228765df1, 15de14576e,def55086ef,cd0b91617b,ada07200de,f7e781 e966,46811b799b,13327c12ef,2236bc2514,74225d7b72,3 b9201ed55,1f286013ef,a46abbd989,1119de2c80,3c62058 62f,3c41121df9,f489ca9a1a,5796292fcd,db21bdd61b,c4 70549055,99e0b87357,3b0690f379,23cf2b34ed,83d1e88e 9a,526025f91f,ffd0525739,3538bcb17a,0412a5cf9e,ae9 db879ab,96ba27e997,47a0029852,df98ccce08,fbc5c7ca1 7,94b84758a5,7ad43fe06f,6cf5c1ec9c,a85beba152,1a68 7ab867,66e2ba2d45,25b44d2233,4b6720dad8,254609d6c3 ,dcb107ead4,370f14fc1f,702e5587aa,8691826563,a8799 72343,a18268b66a,5182fde070,6cf69c4d0d,05fa914555, 94ccba9a27,263fa995d7,6b0b16ca4b,6fbdcffa8f,c2af54 2f85,d2b13c17a3,e1e163b0f9,8aa5ea3e9b,278449f11d,a adf3f9016,14ceaee3f4,396852ee5c,77abfe2f35,f489ca9 a1a,b2ec4f9e06,166cbc88d0,b89fb2ec40,5796292fcd,04 c8ceaef9,2167f1a3ba,497fbbd983,db21bdd61b,2be6bec3 2f,997feaf3dc,5796292fcd,0facb735fd,64fbc454c2,91a 5c9054e,b73e4da4fa,c3a335f3ae,7b0ab6bcb8,5ed6a22ce d,f60d5b740c,c11a56d822,db87412606,778c72120c,9a38 0bcb89,d32b37fd63,e8c3c15586,c750910429,c8bc49b610 ,5ae79dbd02,b2e2db54ce,6647f1b68d,40e557916b,0dda7 317a7,5516a3e3b8,2b9267057a,287042798e,f0730c397e, d2b13c17a3,d9d9a9b96e,eae2c93470,7686ffe6a5,7193ae 67b3,3529ccde96,05f5eac99f,1323193a8a,f95bd2cfca,9 585490a12,7bcff9822c,7ad43fe06f,e3b7ae015a,a8f2d70 ed5,4f6eed83bf,5ae79dbd02,a8d3dc2601,94a4b1b15b,0f 8acb7970,c339c4b564,8e05f8acf5,b7cf1c28e6,392c8dca ef,1f286013ef,1ba2aaba59,ea8d855d21,a25302547b,23c f2b34ed,b703ea4444,dcd88b6168,ada07200de,5920744da 4,67b0fd6190,8fe0c4320c,26a093d487,18338dcd9b,d1ea 34141a,369240df30,555ae5671b,913afec5be,d9d9a9b96e ,38e82ece61,a9b6559287,bdb88e5891,e22a052fa2,94f6c 5452c,ecb825eb07,8d88384730,b990900a3c,e24eddf4fd, 6c3e33729c,bed9fbcdc5,99be2a5102,1fa127f885,f31a3d 8bf4,497fbbd983,91dab6ea27,51cf2b5077,efd149c64b,e 42e788edb,54ea751b40,fb8e296e50,a89183b68b,a9b6559 287,64fbc454c2,5478922908,2236bc2514,f5a165b11d,77 8c72120c,981e7ca850,01e77e73bc,fd3e863823,87196299 f8,351902d15d,ecb825eb07,c1970b4126,22f29fee1c,5ae 79dbd02,83d1e88e9a,1aa2ebe9fc,02e2584ef7,531650e38 b,ece8b85c82,5b9fb47340,5796292fcd,74b83cf69b,f270 25cc6d,a1d3fdc3e0,b64013e359,c339c4b564,a879972343 ,bdb88e5891,301b69e345,5cdfc1807f,9e25981f02,d9d9a 9b96e,150fb9e8bc,9fbdb80787,c146799fb6,dce8d82289, c146799fb6,828e4c597d,5b9fb47340,67b0fd6190,497fbb d983,e1e163b0f9,6ebd49cfd3,1219677b92,92f8df5b53,d 1ea34141a,2b9267057a,c146799fb6,b624160b10,eae7d94 5c0,f7e781e966,152a29029e,244281c406,4a2ca91fc8,f2 b298e89b,7f85cb5b17,f3c806dcc0,2167f1a3ba,5796292f cd,94ccba9a27,111bf8a169,b990900a3c,00184a64ea,1f7 707a098,6fbf843ba9,5516a3e3b8,df36f2da14,a7a33872e a,a46abbd989,317b6429b4,dbbd2a12c0,bdb88e5891,5ddd 8293f5,6876836d0d,b7cf1c28e6,87196299f8,be185c818e ,20aeb4fa97,5b9fb47340,091a36a2be,bdb88e5891,95882 020f8,f542943224,2198c16888,b10c27d1f0,942103fa03, 369bf130c1,1ff7ca0b0d,18d0846360,728699041e,24a558 fc7e,14ceaee3f4,c9cf2b2cf5,c27e6eb2e4,9642c2d273,4 c992ad22e,244281c406,ecb825eb07,5516a3e3b8,5516a3e 3b8,72e82f53c1,24a558fc7e,6e0a6d00c4,d6b9f97ba9,92 117680e7,4b6720dad8,d6b9f97ba9,a8f2d70ed5,5516a3e3 b8,9c3fa62253,89ed33a135,b2e2db54ce,0a8736e9dc,cbf ef8acc3,dc2130ffd0,ea8d855d21,390636a7b0,e22a052fa 2,7f85cb5b17,050a6be134,94ccba9a27,271f318404,5aa4 1a2539,6cd647ce4d,ada07200de,27995e29f2,828e4c597d ,ac1301da96,5aa41a2539,32a95ea49e,18d0846360,85182 b0f16,a8f2d70ed5,571eeccaa3,6647f1b68d,70126bf083, 15de14576e,12634af390,702e5587aa,c11a56d822,7f85cb 5b17,841a622cb6,a783c73b50,79f971913e,6549bdf944,1 8338dcd9b,2167f1a3ba,676ae68305,677a7b21ec,02e2584 ef7,8e82760e04,9fbdb80787,8b6e2869e2,b719d84270,31 bae6dd69,a8f2d70ed5,a879972343,95882020f8,dcc19523 9f,71f4223780,48e3bcb44f,caf14edff8,07f8cadf70,f60 d5b740c,9f8b8fcc03,c816b502ec,110aaaedf7,8aa5ea3e9 b,e7559c2aa8,776087c82e,050a6be134,ad1e79e42c,3fef 712200,d8679af5c5,4725975214,43854bc248,0facb735fd ,8b808f3ce0,11a5343131,00184a64ea,74b83cf69b,34ab8 dc0b0,981e7ca850,9063787c79,36f8487b92,c750910429, c3a335f3ae,20a8ef3340,eda9c8d1e7,04504f201c,fb8e29 6e50,244281c406,8dc9095959,fc80411e9a,e7559c2aa8,3 4c6b28811,776087c82e,8aa5ea3e9b,18338dcd9b,87162d3 7ae,7686ffe6a5,9e665f471c,acaf8d863a,2bc26f7ed9,76 86ffe6a5,fb18cd9776,34c6b28811,9063787c79,72febbc5 f4,7ec279aa37,fc950445b2,89ce254a4e,9562db1b12,287 c133ecc,48e3bcb44f,afc5db2673,ec9c5fe741,71f422378 0,f12fd5f172,fbc3a1369d,79f971913e,cca1e87d53,c583 3c5a0a,4f18a7f1be,ff318d98d8,e9b05bd389,c894268ca5 ,9585490a12,5eb3ae7588,8417c67c58,dea711518a,71f42 23780,1219677b92,3054ba9200,21654bad68,7d593e9447";
$save_comment_array = explode(',',$save_comment_array);
for ($k=0;$k<count($save_comment_array);$k++){
$save_comment_array[$k] .= base64_encode($pixelpost_site_title);}
//$valid_savecomment = FALSE;
if (isset($_GET['x'])){

for ($k=0;$k<count($save_comment_array);$k++){
if (isset($_POST['parent_id'])&&is_numeric($_POST['parent_id'])&&
$_GET['x']==$save_comment_array[$k].$_POST['parent_id']){
//$valid_savecomment = TRUE;
$save_comment_str = $save_comment_array[$k].$_POST['parent_id'];
break;
} // end if
}// end for k
}
just right below the line reads
} // end refererlog

replace every instance of 'save_comment' and "save_comment" with $save_comment_str inside index.php

3- in your template (where comment form exists) add these lines after </form>
<script type="text/javascript">
trueAction = "index.php?x=<SAVE_COMMENT_COMMAND>"+"<IMAGE_ID>";
document.forms.commentform.action = trueAction;
</script>

sample comment_template.html for simple template is included

4- it's all done.

Thanks for the mod. It is up and running now. I was going to put it in tomorrow and then I got 50+ spam in the last hour! I figured no better time than now. I'll let you know how it goes! Thanks!!!!!!!

I am getting a 404 reply....

The site and comment field work just fine. On clicking to send comment I get this message...

Not Found
The requested URL /index.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Thoughts?

<ignore>
hmm take a look at line 157
if (isset($_GET['x'])&& $_GET['x']!='atom' && $_GET['x']!='rss' && $_GET['x']!='save_comment' ){

add your $save_comment variable name / $_GET value when saving comments.
(as far as i saw at quick review you're not using 'save_comment' as GET[x] value)
</ignore>

//edit: duh sorry.. just checked the index.php in the .zip .. $save_comment_str is included in the check there.. sry .. i'll get another coffee now i think

I am getting a 404 reply....

The site and comment field work just fine. On clicking to send comment I get this message...

Not Found
The requested URL /index.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Thoughts?

give me a link to your photoblog an I'll figure out what's the problem.

<ignore>
hmm take a look at line 157
if (isset($_GET['x'])&& $_GET['x']!='atom' && $_GET['x']!='rss' && $_GET['x']!='save_comment' ){

add your $save_comment variable name / $_GET value when saving comments.
(as far as i saw at quick review you're not using 'save_comment' as GET[x] value)
</ignore>

//edit: duh sorry.. just checked the index.php in the .zip .. $save_comment_str is included in the check there.. sry .. i'll get another coffee now i think

Thanks for the note, I forgot to mention that you should
replace every instance of 'save_comment' and "save_comment" with $save_comment_str inside index.php if you are going to change your index.php manually.

Thanks so much for the help. My blog is www.pixperiment.com. I will try the changes you suggested this afternoon, unfortunately I must go to work now :-)

pennyjack, your photos are just beautiful!

I agree, you've got some wonderful images on your site!

Thanks for the complitments, the spammers like my stuff too ;)

@PennyJack,
I cannot reach your photoblog. it gives me timeout error every time. I think there is a problem with my ISP. That's why I didn't respond to help you. Could please tell me what did you do? did you copy the index.php file or modified it by hand? do you use simple template or your own designed template?

I tried to manual install because I have askismet and its stopping A LOT of spam. I made the mods as you described and I made them with the new changes for show_comment, etc. as you described. I did that this morning and when I tried the site I got a parse error at line 186 upon opening the site home page. I dont have the changes in now, i am on original files.

tell me about you template as well.

I was using the greycard template that has the comment form post under this file name image_template.html, I was having the same 404 errors until I added the javascript code in there.
BTW Raminia, 6 hours and no single spam, all I see in my access log is a bunch of 404 errors when spammer is trying to leave message. Nice job.

All I can say is that this hack worked for me.. I use to get 300+ spam messages everyday, but now I get NONE!

I do so a lot of 404 errors, but I wonder why hehe ;)

Thanks a ton Ramina, you are the best!

Now get that future posting bug out of the way in 1.5 and it's golden!!

glad to see this finally implimented :)

however, with the hack, upon posting i get a 404 when the comment should submit, this is with the latest cvs from this morning. It was working before for me...very likely i broke something though

hey raminia,

this addon rocks! i haven't gotten spam in awhile now. :)

thanks for making it!

go raminia! ;)

heyhey,

i just upgraded to the final version of pixelpost 1.5. i was wondering if this really useful feature was incorporated into the final version or not.. or is it modified?

thanks!

well... i guess not, because now i get a 404 when i post a comment :(

i guess i have to change my comment_template.html page back to the old style...

any workaround for this?

For me it works fine. Youve got new comment :P

pfft, at least leave an interesting comment :P

i fixed it, that's why it works for you :P i had to restore my old template pages. the 1.5 final release will NOT work with the template pages modified by this hack (at least it didn't for me)

can we PLEASE get this hack implemented in v1.5? i had NO spam till i upgraded to 1.5 final... now look :(

http://www.pixelopera.com/index.php?showimage=210

this was a great feature and it worked very well. if someone can figure out how to get this to work with 1.5 final, i would appreciate it.

actually, i deleted the 31 extra spam comments. but give it some time... they'll come back within an hour or a day or so...

pretty please... can someone include how this can be supported by the new index.php?

edit: well, i did it.. i think... no 404 page not found error, and it seems to post comments well, so maybe i won't have spammers after all. i'll post the index.php somewhere provided that i can get proven results from it in the coming days.

I finally decided to add this to my blog... let's see if it will cut the fat off that fekkin' spam galore i'm getting everyday.

Thank you very much for this.. I am going to assume I've done it properly.. but will wait and see how it all goes over the next day or so :)

Well.. since implementing this I have received 0 spam. Thank you very much!

MM, i've got a problem. I installed it, it worked. But i've been working on my comment form and now it's broken, when I hit the add comment button I get an Page not found 404 /index.php error. :confused:

http://www.dikkieburger.nl

This sounds fantastic except for the 404 errors. I got 164 spam overnight last night. I might wait a day or two to see if I get more before implementing this, did those errors get flushed out in custom templates?

OH NO..spammer did it again.

same with kristarella.. last night i got over 100+ spam comment in my pixelpost (1.5) . i just update my htacess with spammer ip but did't working because the spammer changing the ip after we block in htacess.then i mark for moderate comment.. this look teribble .

here some sceenshot from my admin panel :

http://www.digitaldome.org/spamshit.gif

My spam is exactly the same... did you have this hack implemented?

I got over 60 more spam in a few hours so I decided to implement this and it trashed the site. I'm using v1.5 is that why?
I used the included index.php as I hadn't previously changed my index.php and I added the script to my image_template file where I had the comments. I already had the comments enclosed by javascript so it could expand, would that cause problems?
The error message I got was

Warning: Unknown(/nfsn/content/kristarella/htdocs/photoblog/index.php): failed to open stream: Permission denied in Unknown on line 0

Warning: Unknown(/nfsn/content/kristarella/htdocs/photoblog/index.php): failed to open stream: Permission denied in Unknown on line 0

Warning: (null)(): Failed opening '/nfsn/content/kristarella/htdocs/photoblog/index.php' for inclusion (include_path='.:/nfsn/apps/php/lib/php/') in Unknown on line 0

This shows up on all pages so presumably it's something in the index file.

I'm changing the file back so my site functions in the meantime.

If you have SPAM problems other with installation of it then maybe try my solution:
http://forum.pixelpost.org/showthread.php?t=5074

I finally decided to add this to my blog... let's see if it will cut the fat off that fekkin' spam galore i'm getting everyday.
I have also decided to do it for my site and I’m expecting results in the next few days if not hours… spamers are merciless.

This is essentially the same thing as but I found the following version much more simple to set up and that's the reason why I posted it! Check it out here...http://forum.pixelpost.org/showthread.php?t=6011

This is my personal preference as I like to keep coding as clean and simple as possible. And so far I have not received a single SPAM in my comments box.

I should let some pros take care of this issue. I’m just a human being.