Blog Comment Handling
Enabling Blog Commenting
Blogging comments are handled by both the global administrator and individual blog owner, with the latter able to choose more but not less restrictive options.
To enable comments for a particular blog, the global administrator must activate it system-wide on the global settings page and then the individual blogger will have an option to turn it on for his or her blog (via the weblog settings page).
There are three options for allowing blog comments:
- NONE - no comments
- Must moderate, non-publisher - allowed but all comments except from that particular blog's publishers must be approved to appear. (Recommended if commenting is to be allowed).
- Must moderate, non-logged in user - allowed but all comments except from any TightBlog logged-in user must be approved to appear.
In the past, it was more common to allow for blog comments to instantly appear without moderation, but these tighter rules help protect against bad actors posting private information on a blog before the blog owner would have a chance to review it.
Spam Detection and Processing
As TightBlog requires comment approval anyway in most cases as explained above, the need for spam handling is somewhat downgraded but still useful. From least restrictive to most restrictive, TightBlog provides the server administrator and individual blogger these spam-checking options:
- Skip spam checking (most comments again need moderation anyway).
- Mark as spam in Comment Reviewer, still send moderation emails to the blog publishers
- Mark as spam, but don't send moderation emails; publishers will see spam-marked comments on the comment review page when they next log in
- Automatically delete spam without saving or notifying bloggers. This does run the risk of legitimate comments getting deleted without people knowing, so if used, good to configure the spam checking below to make it very restrictive in what it detects to be spam and to run the spam checking for awhile at one of the less restrictive settings above to confirm sufficient accuracy.
Once the administrator picks a level at the global level, the individual blogger can choose a more but not less restrictive option at the weblog level, so it's advisable for the administrator to choose the least restrictive acceptable option.
TightBlog's CommentSpamChecker provides up to three methods for spam checking, configurable in your application-custom.properties file via these settings:
|commentSpamChecker.excessSize.enabled:true||Whether to mark a comment as spam based on its excessive size (as configured below)|
|commentSpamChecker.excessSize.linksLimit:3||If excessSize check enabled, max number of URL links allowed in comment, above which it will be counted as spam.|
|commentSpamChecker.excessSize.sizeLimit:1000||If excessSize enabled, max char count of comment before marked as spam.|
|commentSpamChecker.blacklist.enabled:true||Whether to use the comma-separate list of words defined in Global and Weblog settings for each blog to mark a comment as spam. Commenter name, email, url, and comment are all checked. If you're relying on Akismet below, these lists generally will not need filling out much (just for certain situations that Akismet appears to miss.)|
|commentSpamChecker.akismet.enabled:false||Whether to use Akismet for spam-checking.|
|commentSpamChecker.akismet.apiKey:(none)||The API key Akismet provides you if you're using it|
|commentSpamChecker.akismet.onlyBlatantSpamIsSpam:false||Akismet declares certain spam as "blatant" spam, you might wish to set this to true if you want to auto-delete obvious spam while allowing questionable messages to still be moderated.|
If all three spam methods are enabled, first the excessSize is checked, then the blacklist, and then Akismet. As soon as one method evaluates the comment as spam all subsequent methods are skipped and the comment is marked as such.