Lately, I've been getting a lot of spam in my blog comments. Some people are getting a handful, but I've gotten at least a hundred, including a blitzkreig a week ago.
I hate spam in my email inbox, but I really loathe spam in my blog comments, and now I've done something about it.
The October issue of the eminent hacker magazine Dr. Dobb's Journal had an article by Paul Tremblett which outlined a way to use the Java 2D API in a servlet to render dynamically created images of a sequence of letters and numbers for use in web form validation. This has been gaining popularity as a method to deter bots from submitting information to webforms.
Unfortunately the magazine did not include the proper source code either in the article or in its online resource center, but Mr. Tremblett was kind enough to dig up some mostly working source code for his application and email it to me. I was able to use it to get working a rough version of the application described in his article. I then added an XMLRPC wrapper to it, obtained his permission to release it as open source under the BSD license, and dubbed it Sapience.
Next I started in on a hack for Moveable Type comments to use Sapience for comment form validation. The hack I came up with works like this.
Place Sapience.pm file in
In the MT admin interface, edit the comment templates to include <!--SAPIENCE--> within your comment form html.
Edit the file
I've set up a project home for Sapience on sourceforge.
Note there are other methods for stopping spambots from posting to your Moveable Type blog, such as MT Blacklist which does not require so much hacking of your MT source.
There are a few things that need to be done in order for it to go 1.0. I need to figure out how to more exactly crop the image and I need to institute a clean up mechanism for the images on the server. I also need to tweak the random code string generation to ensure there is always a letter present, since perl's XMLRPC::Lite will transport the code in <int></int> instead of <string></string> if the code is all numbers.
There are also a few things I'd like to do, such as add color and new validation methods to further thwart bot usage. There could be instructions such as 'Enter only the blue characters.' Also there could be animation or audio vailidation methods I suppose.
I'm getting ready to leave on a 2.5 week business trip though, so I may not be able to finish it up quickly. At least in the meantime I can rest assured that the spambot will cease posting to my blog.