<< IIS 7 – Who is running the show? | Syntax Highlighter extension for BlogEngine >>

Blacklist added to Commentor

7. November 2009 18:04 by rtur.net in Commentor // Tags: commentor, spam, akismet // Comments (15)

Some people complain about Akismet not killing spam as effectively as they would like or hope. I think Akismet doing fine job identifying spam bots, but recently a lot of it coming from real people trying to make a little extra money, and those are challenging to deal with. Sometimes I get totally valid comment and the only odd thing about it is that guy’s name is “buy cheap watches” or something like it. It is tough to filter out programmatically. Probably, the best solution for a moment is similar counter-move when people tired of spam come together and create list of known spammers so that spam blocking applications can use it.

One of such sites is stopforumspam.com and updated version of Commentor (1.3.2) uses its API to check if person trying to add comment to the blog listed in the stopforumspam’s database. If it is, comment will be marked as spam without passing it to Akismet for validation.

New users can install Commentor using instructions from this post. All download links are pointing to the same file. If you already have Commentor installed, you only need to replace extension file – unzip and move “App_Code/Extensions/Commentor.cs” to the corresponding location at your blog.

The change itself is very simple and comes down to this function:

static bool IsBlackListed(string ip)
{
    try
    {
        string url = string.Format("http://www.stopforumspam.com/api?ip={0}", ip);
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        StreamReader reader = new StreamReader(response.GetResponseStream());

        string value = reader.ReadToEnd();
        reader.Close();

        return value.ToLowerInvariant().Contains("yes") ? true : false;
    }
    catch (Exception)
    {
        return false;
    }
}

Got to love .NET!

Commentor.zip (30.961 kb)

Commentor – new versionAfter using Commentor for almost three month now, I’m refreshing it with new version based on ...Commentor - new extension for BlogEngineCommentor is a new BlogEngine extension that should make your life a little easier when you have pro...How to switch Commentor from Waegis to AkismetIf you are using Commentor with Waegis like I do, you probably got email about Waegis suspending ser...

Comments (15) -

Benny Michielsen
11/8/2009 2:54:39 AM #

Installing it right now! Really like Commentor but that "Buy fake watches" guy (amongst other) also spams me ;)

Klaus Graefensteiner
11/9/2009 12:26:19 PM #

I will upgrade the Commentor extension on my blog as well. I like the approach to use a shared black list.

Klaus

Dave Burke
11/12/2009 10:21:23 PM #

I really appreciate the great work you've done with Commentor and how you've shared it with the BlogEngine.NET Community. You're so right, the SEO Linkers are very tough to stop. I got so many that I decided to require site registration to comment on my blog. I'm sure that reduced the number of comments, but it certainly made my life easier.
As part of the next BlogEngine.NET upgrade I want to give Commentor a try. I'm sure it will do the job, especially with you staying on top of it and the ongoing improvements you provide.
Thanks, Dave

Good Will
11/23/2009 8:38:55 AM #

Thanks for sharing this information. I will definitely upgrade the Com mentor extension on my blog. Thank you for another great article. Where else could anyone get this kind of information in such a perfect way. I truly enjoyed reading it.

Nicholas
12/5/2009 9:58:36 AM #

Just wanted to also say thanks for the extension, it has saved my blog! I might be making some changes/improvements to it, I'll be sure to send along the code if I do.

Leo
12/9/2009 10:34:10 PM #

How can we edit Author or website info from comment? sometimes people are trying to do spamming through name.

Are you planning to add changes to let admin edit author name and website info similar to post text area?

Thanks

erica az
12/30/2009 9:16:39 PM #

I will upgrade the Commentor extension on my blog as well. I like the approach to use a shared black list. http://www.ericaaz.co.cc/2009/12/dukung-ridwan-yazid-jadi-bupati.html

CRM Guy
1/8/2010 12:59:04 PM #

Somehow I could not get the commentor to work. I used the filter to block IP addresses but all the comments seeps through even though the ip address match ( I tried both Exact match and Contains). I have version 1.3.2, is that too old?

ksuvalk
1/13/2010 5:35:07 PM #

Seeing something strange and need some advice. Put Commentor on one blog site no problem. Put it on another site with same config and same blogengine version, and get the following problem.

When ever the Commentor Settings page is posted, like when selecting and deleting bad posts, instead of the post happening and the page refreshing I get redirected to a page not found as follows:

http://www.SITE.com/error404.aspx?aspxerrorpath=/User%20controls/Commentor/Admin.aspx

However I can access this page and the configuration page just fine.

What am I missing?

Thx for great add-on !

rtur.net
1/13/2010 7:06:48 PM #

If both instances running in the same domain, try to change machine key for one of them as described here: http://rtur.net/blog/post/2009/03/30/Using-machineKey-with-ASPNET-Membership.aspx (or set separate cookie for authentication as suggested in the comment).

ksuvalk
1/14/2010 8:38:38 AM #

Good thought. However they are different domains. Let me try changing the cookie and see if that makes a difference.

ksuvalk
1/14/2010 8:46:20 AM #

Tried the cookie change but no go. Interesting though, I noticed that every time the site restarts (like after a web.config change) even when it tries to hit default.aspx the first time it redirects to not found page, but then after that first time can hit the home page just fine. Man this is weird. I will try removing and re-adding the commentor files and see if I see any difference.

ksuvalk
1/14/2010 9:09:32 AM #

FOUND IT! Was a security issue preventing access to the xml file :)

Steve Trefethen
2/1/2010 11:47:13 AM #

It looks like I'm having a similar problem as you're having here where lots of comment spam seems to be making it through Akismet. Check the comments on this post of your's as of the time of this comment:

http://rtur.net/blog/post/2009/12/05/How-to-email-posts-to-BlogEngine.aspx

All of the comments appear to be spam of the same type I'm seeing. I've since added an additional input field to the comments form which I'm hiding via CSS and I check to see if there is a value in that field and simply reject those comments. That stops any bots that are just filling out any/all fields they find on the form for posting a comment.

rtur.net
2/1/2010 11:38:45 PM #

Hi Steve, thanks for suggestion, it looks like a good simple trick. The reason I'm letting bots through actually because I'm working on few ideas for spam filtering and these gives me a good testing ground. Those are just guinea pigs - I don't have to come up with my own tests ;)

Comments are closed