November 20th, 2008 . by polygeek
I frakking hate comment spam on my blog. I’ve tried all sorts of tricks and plugins to help alleviate the amount I get. Akismet does a great job. And I have that Hot/Cold plugin on my site. I even changed the name of my comments.php file. But still, it comes.
What’s a blogger to do? Well, you could just remove all of the form code in the comments.php file so that there is simply no pipe for a spamBot to crawl down. But then users wouldn’t be able to comment either.
But wait, how about turning the comments form into a Flash form? That would do the trick. SpamBots would never be able to crawl over a SWF and figure out how to submit a comment.
What would we have to do to make this work?
- someone would have to figure out the MySQL code for inserting a comment into the database
- they would have to set up AMFPHP for the SWF to Database communication
- then create the Flash form – probably in Flex
- and use FlashVars to get a few bits of data from the PHP code into the SWF
- and with Flex we have the RichTextEditor. Cool, we can let users change fonts, font colors, underline, bold, italics, links. Man, that would be sweet!
- Oh, and use SharedObjects to store user info so they only have to type in their name, email, website once
- and since it’s Flash we should do something, you know, Flashy, that you can’t do with regular forms. Like, maybe make typewriter sounds when people type – with the obligatory Mute button of course
It would be so cool if some ultra-talented Flex developer would create something like that and give it away for others to use. Maybe even write a few tutorials on how it all works. And maybe the source code would look something like this.
Okay, seriously, I’ve commented the code pretty well. The comments are mainly for me because my code sucks and if I don’t comment I won’t be able to figure out what the hell I was doing when I try and update it later. So you won’t hurt my feelings if you find improvements.
The PHP file is in the source files but for some reason you can’t see the code in the source viewer. You’ll have to download the zip file to see it.
The only thing I can think of that’s missing is the code that triggers WordPress to notify the admin that a comment was submitted is missing. So the comments RSS isn’t being update, and I don’t think CommentLuv is working either. Hopefully someone can help me sort that out.
Take it for a spin, leave a comment.
If something here has proved valuable to you then feel free to drop a couple of bucks in the tip-jar.
Posted in Tags: Actionscript 3, Flex, RichTextEditor, Wordpress
|
25 Comments »
similar posts
25 Responses to “RIP : Spam Comments [ 2003?- November 20, 2008 ]”
The sound effects are super annoying. Other than that, it looks great, maybe have astericks for items that are required as well.
Nice :) I dont thing the sound are needed though, but hey, you included the mute button.. and also when you focus on the comment text area make the "disclaimer@ text go away on the CLICK, some people are lazy, just like mee :)
oohhh by the way, I entered my mail wrong on purpose and it did not validate it, I omit the "dot" befor the com :)
Nice form. What's with the typewriter sounds though!? My keyboard makes plety of noise as it is thanks ;-)
Not sure what happened then, all the text below on my last post got cut off!
Ummm, I keep entering multiline comments and they're being truncated.
Wow, no line breaks at all seem to work! Think you've got some issues with the new comment form…
What a great idea! I wonder how well this will work in the long run.
Very interesting approach – here is hoping it doesn't become too popular ;) otherwise the spammers will quickly adapt!
Here's my 2 cents then:
- Honestly, get rid of that typewriter sound, you can't even justify it with flashyness, since sound isn't specific to Flash, last time I checked! (someone recently made a 909 using JavaScript, even if it doesn't come close to Hobnox)
Surely, we can think of something more appropriate than that "effect for the sake of itself, just because we can". That's how we, the flash platform ™ get a bad name, mister ;) Hey, I know: add a superduper intro animation!
- May I suggest you replace that sound with Grant Skinner's spell checker? (If you ask nicely, he might just donate it for such a good cause :) That's another standard feature (for some browser at least) that we have to compensate for in Flash.
OK, looks like I'm generous today, I'm going to tip more than 2 cents ;)
- woops, my frenchie keyboard layout is all mixed up for anything but the standard A-Z which is probably the good old WMODE bug which Firefox still hasn't fixed yet. So unless you have a real good reason for so.addParam("wmode", "transparent") may I suggest you leave it at the default setting? That'll do wonders for the mental health of every commenter using a non-QWERTY keyboard who also happens to use Firefox.
- I don't think it's the best idea to pass details like the IP via FlashVars (or even submit it with the form data at all) > too easily spoofed. Why not just detect the IP in your PHP?
As far as I know, logging the IP is necessary evil for a lot of potential legal trouble.
I won't go into into gory details, but basically YOU are the publisher of this site, yet you allow others to post content… which you are responsible for.
ok, here is one example (that really happened) to make my point: a sports forum thread had someone state in a comment that a particular world champion was on steroids. Comment was moderated and taken offline within a day. The champion wasn't happy, court made forum owner reveal IP and ISP reveal commenter's identity. Champion attacked commenter AND forum. Commenter lost case, forum successfully defended but still had lawyer to pay.
Now I hear you think that you would rather protect your commenters. Think again, because you will then be the sole target of pissed-off world champion's wrath ;)
Long story short: making sure you log the right IP may just be worth a couple of cents in attorney's fees ;)
Oh, you're welcome for the WMODE bug… If it's worth so much to you, I'll be sending you my invoice then ^^
I might even toss in a "Parts of Flex 3 are incompatible with FP 9.0.16" invoice (once I run it past the Flash Switcher tomorrow) … seeing as your SWFObject checks for major version only.
I confirm that Flash Player 9.0.16 fails to initialize your Flex 3 form.
The fix is easy: ask SWF Object to require FP9.0.28 or later :)
cf.: http://icanhaz.com/Flex3FP916
Did you find a workaround for your date issues?
If not, why not do it in a simpler way: just use the current server date at submission time in your PHP!
Although I'm a frontend developer, I am still convinced that backend logic is more secure – so if the same data (postID, currentTime, IP) is available on the server, then just use that.
Wow, very nice Dan. Hey I tried turning off the alpha on RTE bg and it didnt work.
You should put this in in the WP Codex. Im sure it will get great acceptance.
Very nice! I've often thought about doing the same thing. Sounds are… not fun when you've got headphones plugged in and the volume turned up…
Nice work, I am about to start delving into your code! '
gabriel
