I had one that was worse than what you describe: I expected commenters to type 'bobo' into what I called my bobobox. It worked FANTASTICALLY. After upgrading to phoenix, and therefore losing that hack, I now have to pay attention to comment spammers again.

BTW I've not renamed the htsrv folder. AFAIK renaming that particular folder will foil the efforts of spammers without any other tricks applied.

Also my bobobox hack was cookie-dependent. If a visitor had my cookie then bobo was autofilled for them. If not they had to type it. Therefore once was enough.

http://www.coldheartedtruth.com/

Not sure if there are is any comment spam on the site right now as I just cleaned up about 6 of them from last night.

I keep comments on the sidebar - which is why I started noticing the spam. Usually the offender's comment looks something like

T7hDSI12 writes:

9sSkj82hoOIFFF1209KN:
jlkSK67Kasd4JSDm88SA

with the whole mess set up as a link that obviously goes nowhere:

They usually come in bunches - about 6-8 at a time within a minute or two of each other.

But I am curious if you still have the hack code for the extra comment box? If... of course... you think it is worthwhile.

Sorry, but once I went to phoenix I lost all the old hackage. Besides I think renaming the htsrv folder (and editing one line in one of the files in the conf folder) is a better method. It gets both comment and trackback spam and doesn't ask anything special of the visitor. Search for "rename htsrv", click all words, and "whoo" as the author name to find exactly which file in the conf folder needs editing.

Pre-phoenix hack, but possibly/probably phoenix-compatible.

EdB:
I'm renaming the htsrv folder and the spam is still coming in. Could you ressurect that hack. I think I'm ready to do the bobo thing. Or even a checkbox that says "I'm not a spammer" that must be checked. I would only want to display it for non-registered members.

personman wrote:

EdB:
I'm renaming the htsrv folder and the spam is still coming in. Could you ressurect that hack. I think I'm ready to do the bobo thing. Or even a checkbox that says "I'm not a spammer" that must be checked. I would only want to display it for non-registered members.

A checkbox would be a good idea!

I use cron to rename the htsrv-folder four times a day . In my statistics I see many unsuccessfull hits on htsrv-sites that no longer exist. So it helps surely.

I put together a little hack for a checkbox. I almost hate to make it public because if it gets too common the spammers will start defeating it. It will be easy to defeat, too. But most of them won't bother at this point. Nomad, if you want, pm me and I'll tell you how I did it.

Oh, and I'm sure that renaming the folder does help, but a great many spammers are still getting through.

I don't know jack about how things work behind the curtain with b2e, but I did make some changes that will cut down on comment spam until I figure some things out.

It is ugly, but it stops the spam and users can still comment.

In my comment_post.php file I added the follwoing lines:

Below " if( empty($email) ) $Messages->add( T_('Please fill in the email field'), 'error' );" I put:

( empty($bobo) ) $Messages->add( T_('Please fill in the bobo field or login to comment.'), 'error' );

and below: "param( 'email', 'string' );" I put :

param( 'bobo', 'string' );

The net effect is that b2e looks for the bobo field, but there is not one (I don't know how to add it), so it rejects all comments except people that are logged in.

Anyone know how to add a field to the comment form?

Yep, I've got something like that working on brendoman.com Except I'm using a checkbox instead of a text field. Members see nothing and can comment as usual. Non-members have to tick a box that says "I'm not a spammer." Without that the comment won't post. My #$% webspace is down at the moment, so I can't give you the code. I'll email you later, honzo.

I'm going to remake the bobo box, but someone smart with good old fashioned html has to help. Here's the deal: there should be a couple of options to use so that the spam-bots can't figure out one method and expect success with all of them.

A text field is the easiest to do - that was the bobo box. I just saw a web that said "enter in the fourth character of the word 'gandalf'. That was way cool because the answer isn't right there in front of you. Another method I thought of was to say 'check the third checkbox' OR uncheck this checkbox OR pick a different radio button.

Anyway I'm thinking I'll do it for .9.1 then maybe see about how to upgrade it to 1.6. Anyone interested in playing along? PM me and we'll work it out, but not now as I gotta go to w**k again.

Oh plus a new tab in the back office where the admin can pick and choose what trick they like and change the 'expected behavior' of the human visitor.

And of course once a visitor eats your comment cookie they don't have to do the task anymore.

personman wrote:

Yep, I've got something like that working on brendoman.com Except I'm using a checkbox instead of a text field. Members see nothing and can comment as usual. Non-members have to tick a box that says "I'm not a spammer." Without that the comment won't post. My #$% webspace is down at the moment, so I can't give you the code. I'll email you later, honzo.

I've installed it but received my first comment spam now nevertheless. Doesn't seem to be effective enough :-/

Wow, scumbags are paying attention. You're probably stopping all of the lazy ones. We can change it up, make it a text field or something. Then we can put a question that actually requires a bit of thought. And change it fairly often. I haven't got any spam with this method yet, but it's only been one day.

personman wrote:

We can change it up, make it a text field or something. Then we can put a question that actually requires a bit of thought. And change it fairly often.

Would be a great idea! I hope it doesn't involve too much work for you

It won't be any work for me, because you're going to do it. :D This will be most effective if we all do something different.

So, here are some general instructions. Find this part of the hack:

form_checkbox( 'notspam', 0, 'Not spam','Check this box if you are
not a spammer.');

and change it to something like this:

form_text( 'quiz', '', 40, T_('Antispam'), T_('Question/Instructions go here') );

Then find this part:

param( 'notspam', 'boolean' );
if ((!$notspam) and (!is_logged_in()) ) {
       errors_add( T_('Are you man or machine?') );
}

And change it to something like this:

param( 'quiz', 'string' );
if (($quiz != 'youranswer') and (!is_logged_in()) ) {
       errors_add( T_('Are you man or machine?') );  
}

Of course, you'll want to actually put instructions in and actually set your own answer. You should also change the 'quiz' value in all three instances. Try some different things, be creative. You can even combine multiple rules. Just keep track of what you do so that if you break anything you can fix it.

personman wrote:

It won't be any work for me, because you're going to do it. :D

Thanks! :D I'm impressed, php seems to be your native language... a new code within a few seconds. I'll try it! Let's wait and see how intelligent spammers are :D

Ha, don't be too impressed, I'm just looking at other parts of the b2evolution code and replacing values.

Here's the question of the moment: I have a hack for this that uses plain text that the admin can select on the settings tab. My problem is that when I pick a question using non-letters it gets a back-slash in front of the non-letters before delivering to the visitor. The back-slash also shows up in the back office when the admin wants to change his or her "turing test" question and answer and rejection text.

For example if I ask "What's the point of all this" the visitor will see "What\'s the point of all this?" Which sucks horribly.

The function I'm playing with is form_text(). Clues, hints, and mechanisms by which I can correct my rectal-cranial inversion will be appreciated in song and dance for centuries to come by all who experience life on our planet.

EdB, use param() to catch the param out of your form. It checks if stripslashes() is needed, which is in your case (magic_quotes seem to be on in your installation).

Dude you got this b2evo thing nailed! You should be on the dev team!!! (one of my copy/paste/alter bits was copied and pasted and altered but not altered enough to do the job properly...)

Anyway now all I got to do is wrap it up in pretty paper and put a bow on it for delivery to the great and glorious audience known as 'the b2evolution user group'.

SideNote: magic quotes shmagic quotes! I woudn't know a magic quote from a Norwegian cartoon!!!

Can someone put the "i am not a spammer"-hack into one post with all the things that have to be changed? That would be great! =)

Can't you make a plugin out of it?

And what about a plugin that lists all trackbacks and all comments in the backend for easy deleting like in wordpress 2?

Yeah probably. Oh uh... nice linkback to b2evolution you got there :-/

Ups, there it is again. Changed the microbanners a while ago and forgot to put the b2evo-banner back in. =)

What about the instructions. It would help me and others a lot. =)

http://plugins.b2evolution.net/index.php/2006/03/23/simple_turing_test

personman wrote:

It won't be any work for me, because you're going to do it. :D This will be most effective if we all do something different.

So, here are some general instructions. Find this part of the hack:

form_checkbox( 'notspam', 0, 'Not spam','Check this box if you are
not a spammer.');

and change it to something like this:

form_text( 'quiz', '', 40, T_('Antispam'), T_('Question/Instructions go here') );

Then find this part:

param( 'notspam', 'boolean' );
if ((!$notspam) and (!is_logged_in()) ) {
       errors_add( T_('Are you man or machine?') );
}

And change it to something like this:

param( 'quiz', 'string' );
if (($quiz != 'youranswer') and (!is_logged_in()) ) {
       errors_add( T_('Are you man or machine?') );  
}

Of course, you'll want to actually put instructions in and actually set your own answer. You should also change the 'quiz' value in all three instances. Try some different things, be creative. You can even combine multiple rules. Just keep track of what you do so that if you break anything you can fix it.

This extra-field is brilliant. :D Haven't received a similar spam post since then (*knockonwood*). I wonder if I can use this hack in other scripts. My newsletter-script is being attacked by spambots that register fake email-addresses. An extra-field would be useful there too. Thanks!

email form :-

<p><label for="the_answer"><!-- your question --><input type="text" name="the_answer" /></label></p>

newsletter-script :-

$the_answer = @$_GET['the_answer'].@$_POST['the_answer'];
if( $the_answer != 'the real answer' ) 
{
  // do "error" stuff
}
else
{
  // do "ok" stuff
}

¥

Thanks alot. I'm trying to find out where to put the newsletter part. I suppose you cannot help me here as you don't know the script.

But concerning where to write the correct answer... you wrote "the_answer" and "the real answer" - I guess I have to write the answer where you typed "the real answer"?

$the_answer = @$_GET['the_answer'].@$_POST['the_answer'];
if( $the_answer != 'the real answer' ) 

Thanks!

If you paste your newsletter script here (or pm me with it) I'll show you where to put it.

Yep, replace 'the real answer' and <!-- your question -->

¥

Thanks for your help! The script is quite complex:

http://phpcodeur.net/wascripts/wanewsletter/releases/latest/wanewsletter.zip

ok, add the red bits to newsletter.php

$the_answer = @$_GET['the_answer'].@$_POST['the_answer'];
if( $the_answer != 'the real answer' )
{
// do "error" stuff

}
else
{
$vararray = array('action', 'email', 'code', 'format', 'liste');

}

if( defined('IN_WA_FORM') )
{
//
// On réactive le gestionnaire d'erreur précédent

¥

Thanks! Seems to work. But can I write an error message as well? The site is blank if you don't type in any answer. The form is on the sidebar http://www.antropologi.info

Hm, when clicking on the link in the subscription email, I only get a blank page. Maybe this script is too complex... Thanks anyway, was worth a try!

As spam is still a hot topic here and in case this hack has disappeard from memory...

Three month ago, I've started using a very simple hack and haven't received a single comment spam (*knockonwood*) since then. Non-registered visitors have to answer an anti-spam-question, (f.ex. a year has how many months?).

All you have to do is changing comment_post.php

Look here: http://forums.b2evolution.net/viewtopic.php?t=6571&start=15