Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Spam protection in comments module #85

Closed
arjan opened this Issue · 3 comments

2 participants

@arjan
Owner

From http://code.google.com/p/zotonic/issues/detail?id=80

The comments module does not have any form of spam protection currently.
This is no longer a nice to have feature but an absolute must.

@arjan
Owner

Currently comments are posted through an api, the post is done using javascript.

There are three possible protection scenarios:
1. make sure that the form is submitted from the current page/session.
2. add simple captcha/tripwires/etc to make sure that a human is posting it
3. filter submitted messages through a spam filter

Not all three strategies need to be deployed. For example, I don't like to fill in captchas, as they get in the
way of adding content to a site. So I prefer other means of protection against machines.

For (1) we can make a crsf protection by mixing some id into the postback message.

For (2) we can have a combined strategy of tripwires (for example false non-user-viewable input elements
that mimic a wordpress comment form) and maye a simple captcha implementation (note that quite a lot of
captchas are already broken, so this only gives limited protection).

For (3) we can add rules and maybe a hook to a service like Akismet.

See also http://codex.wordpress.org/Combating_Comment_Spam

Commented on Google Code by *profile.url***

@arjan
Owner

Arjan, my vote is for a non-captcha implementation. Something with CSRF and Akismet would probably work
well. But I would also like to have the option to moderate comments via the admin.

Regards,
Daniel

Commented on Google Code by *d...@mac.com***

@mworrell mworrell closed this
@mworrell
Owner

See also #967

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.