« Back in 2k5
photo friday: silhouette »

Comment Spam Solution, for now…

at 10:25 ... ob: meta

I've added a simple addition problem as an attempt to thwart comment spammers. Initial code from jeff barr, mods by agrippa_cash at nuke tibet, final code with additional minor mods, below. You will likely have to edit this code to fix quotes (") and possibly other characters mangled in rendering. It boggles my mind that posting code to the web is such a royal pain in the ass [ edit: It is wordpress’s default texturize feature that was causing me trouble with the quotes. Apparently toggled in wp-includes/vars.php or using remove_filter() in myhacks.php . ]

Add to wp-comments.php, wp-comments-popup.php. Modify tabindex fields accordingly:

<input type="hidden" name="factor1" value="<?php srand((double)microtime()*1000); $factor1 = rand(1,9); echo $factor1;?>"/>
<input type="hidden" name="factor2" value="<?php $factor2 = rand(0,9); echo $factor2;?>"/>
<label for="spam"><?php _e("Add 'em up: <b>"); echo $factor1 . " + " . $factor2 ."= ";?></></label>
<input type="text" name="spam" id="spam" value="<?php echo $comment_spam; ?>" tabindex="5">

Add to wp-comments-post.php:

if ($_POST['factor2'] != $_POST['spam'])
die( __('<h1>Sorry, you must correctly answer the problem to post a comment.</h1><h2>Please take off your shoes and try again.</h2>(This is a SPAM elimination measure)'));

19 Responses to “Comment Spam Solution, for now…”

  1. null Says:
    January 6th, 2005 at 10:38

    Brings back memories of the old “stealth bomber” game on the Apple ][.
    You had to do some quick additions to get fuel and guns, and quick multiplications to upgrade.. then you got to fly and play.

  2. Anonymous Says:
    January 6th, 2005 at 10:40


    This is a test piece of html code.

  3. null Says:
    January 6th, 2005 at 11:38

    This is a “quoted” string
    And so is "this"
    And this is “whack”

  4. null Says:
    January 6th, 2005 at 13:13

    it’s wordpress that ‘fancy-quoted’ the above strings..
    the first line used the ascii char: ”
    the next line used &quot;
    the last line used the ascii char: ” and some other char: ”

  5. me Says:
    January 6th, 2005 at 17:08

    Yeah, it is all this engine ‘texturize’ one of a few that can be used, but the one that is default — and is not obviously disabled… working on it though ;).. i want what i type. let the browser on the other end ‘texturize’ it if it is so important.

  6. Jeff Barr Says:
    January 7th, 2005 at 07:04

    This is cool, but your second chunk of code was mangled in the post. You want something like:

    if ($_POST[’factor2′] != $_POST[’spam’])

  7. mike Says:
    January 7th, 2005 at 08:01

    Thanks jeff, should be fixed.

  8. Ampersand Says:
    January 10th, 2005 at 04:12

    I cut-and-pasted just as described, but couldn’t get it to work… even when I put in the correct answer, it wouldn’t accept comments. Very frustrating!

    Your spamblocker is elegant as heck, so if you have any idea what I’m doing wrong, I’d love to know.

  9. Ampersand Says:
    January 10th, 2005 at 23:35

    Got it working now - thanks to the person who sent me instructions!

  10. wolfangel Says:
    January 11th, 2005 at 20:37

    It seems to not be working (or, specifically, I seem to have screwed up). Initially I couldn’t post any comments. Then I switched to if ($_POST[’factor2’] != $_POST[’spam’]) in my comments-post file, and now it lets me post ignoring the add em up box altogether. Incidentally, you’ve got an open bold starting right at “add ‘em up”.

  11. Moebius Stripper Says:
    January 11th, 2005 at 21:01

    I love this idea, but alas, I too cannot get it to work. I copy-pasted the first block right before the code for the “say it button”; the code for wp-comments-post.php, I pasted right before the “simple flood protection” part. Any suggestions? I am sorry for not being more specific, but I am no php expert by any means.

  12. Moebius Stripper Says:
    January 11th, 2005 at 21:03

    Sorry - the error is that it won’t let me post anything, even if I add the numbers correctly.

  13. wolfangel Says:
    January 11th, 2005 at 21:12

    You can fix it so that it ignores the add ‘em up box by changing the line as in comment 6.

  14. herext Says:
    January 11th, 2005 at 21:33

    Here are links to my functioning wp-comments.php and wp-comments-post.php. Hope this helps.

  15. Moebius Stripper Says:
    January 11th, 2005 at 21:49

    It works - thank you!

  16. Tall, Dark, and Mysterious Says:
    January 11th, 2005 at 21:56

    Now with 99% less spam.
    Via Alas, a blog, I’ve installed a new comment spam blocking feature. Comments are still moderated - for some reason I can’t turn comment moderation off - but hopefully, now I won’t have to clear dozens of spam comments from the moderation queue ev…

  17. wolfangel Says:
    January 12th, 2005 at 15:23

    I even compared my php to yours, and the moderation is totally non-functional now. I have no idea why — I’m sure it’s something obvious, but I know zero PHP.

  18. mike Says:
    February 6th, 2006 at 20:52

    anyone reading this old thread should check out the recently released askimet (included in wordpress 2.0) best of luck.

  19. blah Says:
    March 7th, 2006 at 12:26

    blahblah

Leave a Reply