Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Spam protection in comments module #85

arjan opened this Issue · 3 comments

2 participants



The comments module does not have any form of spam protection currently.
This is no longer a nice to have feature but an absolute must.


Currently comments are posted through an api, the post is done using javascript.

There are three possible protection scenarios:
1. make sure that the form is submitted from the current page/session.
2. add simple captcha/tripwires/etc to make sure that a human is posting it
3. filter submitted messages through a spam filter

Not all three strategies need to be deployed. For example, I don't like to fill in captchas, as they get in the
way of adding content to a site. So I prefer other means of protection against machines.

For (1) we can make a crsf protection by mixing some id into the postback message.

For (2) we can have a combined strategy of tripwires (for example false non-user-viewable input elements
that mimic a wordpress comment form) and maye a simple captcha implementation (note that quite a lot of
captchas are already broken, so this only gives limited protection).

For (3) we can add rules and maybe a hook to a service like Akismet.

See also

Commented on Google Code by *profile.url***


Arjan, my vote is for a non-captcha implementation. Something with CSRF and Akismet would probably work
well. But I would also like to have the option to moderate comments via the admin.


Commented on Google Code by ****

@mworrell mworrell closed this

See also #967

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.