Loading...
 
Features / Usability

Features / Usability


"Captcha" for comments?

posts: 13

Hi,

before I poke deeper into the code, has anyone written something to use the "Captcha" challenge feature that the registration module uses? Basically, I'd want the (anonymous) user to answer the image challenge before she/he can submit a Comment to a blog, article etc.

This is becoming a serious issue for me, I've been bombarded by comment-spam, and had to turn off anonymous comments completely.

Thanks,

-- Leif

posts: 13
Well, decided to poke around afterall, came up with this little hack. Comments are welcome.
posts: 4642 Japan

I just got hit by a rash of comments advertising on-line gambling, so I was looking for this kind of protection. I made the changes as you describe and they're working fine so far, with Tiki 1.8.5 and 1.9rc3. I think a good further modification would be to do a user check so that the random number confirmation would only show to anonymous users, and logged-in users wouldn't have to bother. This should be simple to do, but I haven't had time yet.

-- Gary

posts: 13

Must be the same spammers that hit my server! :-) As much as I like poker, it gets annoying seeing it posted 10-20 times on each of my article/blog posting...

I updated the patch go check if $user is set or not, it will now only ask for the captcha challenge if you have turned it on for account creation AND the poster is not logged in ($user == ''). The link to the diff is the same as above.

Ideal would be to have this feature controlled by a different configuration setting, but I did this quick hack as a proof of concept.

Cheers,

-- Leif

posts: 4642 Japan

> Well, decided to poke around afterall, came up with this little hack. Comments are welcome.

The comment files have been changed in Tiki 1.9.0. I tried to adapt the anti-spam modifications, but couldn't get it to work. If you 're still following this, could you have a look and try to update the hack? It was great to have the protection against spamming with the earlier file versions; probably coincidence, but just after I upgraded to 1.9.0, our page comments got hit by online gambling spam again.

-- Gary

posts: 4 Japan

Hello Gary, had some bad time with Viagra.... evil

The "little hack" works, if you replace
label for="editpost"
with
label for="editpost2"
in the comments.tpl file

At least that was the only change necessary for me to get it working in 1.9.3(CVS). biggrin
Markus


posts: 13

Must be the same spammers that hit my server! :-) As much as I like poker, it gets annoying seeing it posted 10-20 times on each of my article/blog posting...

I updated the patch go check if $user is set or not, it will now only ask for the captcha challenge if you have turned it on for account creation AND the poster is not logged in ($user == ''). The link to the diff is the same as above.

Ideal would be to have this feature controlled by a different configuration setting, but I did this quick hack as a proof of concept.

Cheers,

-- Leif


posts: 9
Thanks a lot for the patch. Works great for me, even on Windows/IIS, though of course I had to edit the files manually.