PHP comments script?
October 26, 2005 9:58 AM Subscribe
PHP comment script -- any recommendations? I want users to be able to add comments to the bottom of an existing static HTML, non-blog page. I'd also like something that won't let the comments get loaded with gambling and Viagra spam.
I'll cook you up a simple php comment form if you want. I already have all the parts in various other projects and it should just take a couple minutes to clump it all together, particularly if you have mysql. If you want I could even throw in my completely retarded animal picture based captcha, although I'd have to retain the copyright to such an exciting technology. Email's in the profile.
posted by moift at 11:27 AM on October 26, 2005
posted by moift at 11:27 AM on October 26, 2005
I wish, thanotopsis. I wrote my own blogging software a few years ago. I still get hit with comment spam. At first it enraged me that somebody took the time to engineer a script just to spam my little blog (and the, like, two other people that use my code). What jerks. In the end my solutions were to flag any new comments on posts over two weeks old as "pending" until I reviewed them - because that's where they were mostly putting them, hoping I'd never notice - and automatically rejecting any comment that contained more than five links. You'd be surprised how many of these idiots put, like, fifteen links to their phentermine site in the same comment. I haven't had any complaints from legitimate commenters yet, so I don't think it really restricts them. The system works pretty good now. Every now and then I'll see a couple in the pending area of my admin tool and just blast them. It's actually therapeutic.
(Don't look at the downloadable code on my site though. It's old, out-of-date, and seriously crap!)
posted by web-goddess at 2:33 PM on October 26, 2005
(Don't look at the downloadable code on my site though. It's old, out-of-date, and seriously crap!)
posted by web-goddess at 2:33 PM on October 26, 2005
I'll second the "custom script will NOT deter them" comment. All the scripts on my site are custom brewed, and the comment spammers began targetting them a few months ago. They even target forms that have big disclaimers like "every comment reviewed before posted to the site".
The only thing that cut it down to almost nil, is to just flag anything with an HTML link in them as spam. Most of the comment spammers want a hot linked url on the site, a non-linked reference to their site isn't as useful.
Captchas will work (for now) for most comment spammers, but also help to prevent people with bad (or no) eyesight, and also tend to be annoying. I've got perfect (corrected) eyesight, and half the time I enter those captcha codes, they still get rejected, because they're not formed properly, or have too much noise in them to fool OCR attempts.
posted by inthe80s at 9:06 AM on October 27, 2005
The only thing that cut it down to almost nil, is to just flag anything with an HTML link in them as spam. Most of the comment spammers want a hot linked url on the site, a non-linked reference to their site isn't as useful.
Captchas will work (for now) for most comment spammers, but also help to prevent people with bad (or no) eyesight, and also tend to be annoying. I've got perfect (corrected) eyesight, and half the time I enter those captcha codes, they still get rejected, because they're not formed properly, or have too much noise in them to fool OCR attempts.
posted by inthe80s at 9:06 AM on October 27, 2005
There's a good free Captcha class from neoprogrammers. Captcha's aren't foolproof - I've seen some demos which can decode them with 60-70% accuracy - but should keep you clean for the next 12 months.
posted by blag at 2:24 PM on October 27, 2005
posted by blag at 2:24 PM on October 27, 2005
The thing about captchas is that even 1% accuracy in a hostile script is sufficient to pwn a site. It's nothing to a spammer to hit a site 100 times to get a link in, scripts can hit thousands of times per second, with a different ip each time. Captchas that are even mariginally breakable only serve as deterrents and are not real protection. The best way to prevent spam is and always will be to default deny display of comments until they are specifically approved by the site admin.
posted by moift at 1:34 AM on October 29, 2005
posted by moift at 1:34 AM on October 29, 2005
I'm a big fan of dotcomments. Plus, it was written by a Mefi member.
posted by esch at 8:06 PM on November 1, 2005
posted by esch at 8:06 PM on November 1, 2005
This thread is closed to new comments.
To build this sort of script, you could avoid PHP altogether and use an Ajax solution and store all of your comments in a simple XML file. Comments have very in the little of variable information, so you should be fine. You're basically looking for Poster, Date/time stamp, Subject, and Body, right?
Either way, the solution is pretty straightforward: Your main concerns are data storage (do you have access to mySQL or something similar, or are you interested in just keeping a running XML file?) and control of content (limiting html tags to a specified few, or using a custom set of tags to represent common formatting elements).
posted by thanotopsis at 10:36 AM on October 26, 2005