Does nobody from b2evolution monitor these forums? This question has been here for a while now. I am looking for the same. I want to stop spammers. I have read tips elsewhere for changing the spam karma - I've set the relevant variable to zero so if any link is in the comment, it should be treated as spam - but most spam comments put a link in the web address field. Can we get rid of it somehow???

Edit the _item_comment_form.inc.php file in your particular skin's folder (if one doesn't exist for your skin, copy the file from the /skins folder into the /skins/<yourskin> folder.

Comment out the line that looks something like this:

$Form->text( 'o', $comment_author_url, 40, T_('Website'), '<br />'.T_('Your URL will be displayed.'), 100, 'bComment' );

After that you may want to edit /htsrv/comment_post.php and change

// VALIDATION:

to

// VALIDATION:

if( !empty($url) ) die('spammer');

:>>

:lol:

* {@internal Open Source relicensing agreement:
 * }}
 *
 * @package htsrv
 */


/**
 * Initialize everything:
 */
require_once dirname(__FILE__).'/../conf/_config.php';

if( !defined( 'am_antispam' ) )
{
	$SpamHound->WriteLog( 'comment', 'Direct hit '.( empty( $_SERVER['HTTP_REFERER'] ) ? '' : $_SERVER['HTTP_REFERER'] ) );
	die( 'Please, do not access this page directly.' );
}

I'm sooooo paranoid :D

¥

Nice! I'll have to remember that.
Paranoia is vastly under-rated. ;)

BushLeagueCritic wrote:

Edit the _item_comment_form.inc.php file in your particular skin's folder (if one doesn't exist for your skin, copy the file from the /skins folder into the /skins/<yourskin> folder.

Comment out the line that looks something like this:

$Form->text( 'o', $comment_author_url, 40, T_('Website'), '<br />'.T_('Your URL will be displayed.'), 100, 'bComment' );

Thanks. That is all I needed.

Umm... I did the edits from above (first 2) and I am still getting comments with URLs in them.

When I go to the blog both signed in and not signed in the URL input box is not showing. How are they still adding URLs to the comments?

NegativeChaos wrote:

Umm... I did the edits from above (first 2) and I am still getting comments with URLs in them.

When I go to the blog both signed in and not signed in the URL input box is not showing. How are they still adding URLs to the comments?

Late reply, I know, but still...

They post comments directly to /htsrv/comment_post.php file. It's not the case anymore in b2evo 4 though.

Hi Sam,

I've done the same thing, but I also applied the changes to comment_post.php, to prevent them from sending the comment directly via HTTP POST requests. I tested this by hand - the system behaves as I want.

Nevertheless, I still got a spam comment with a URL set to something.

Is there another entry point that can be used for posting comments?

Note that I changed it in a different way:

if( is_logged_in() )
{
	/**
	 * @var User
	 */
	$User = & $current_User;
	$author = null;
	$email = null;
	$url = null;
	$comment_cookies = null;
	$comment_allow_msgform = null;
}
else
{	// User is not logged in (registered users), we need some id info from him:
	$User = NULL;
	// Note: we use funky field names to defeat the most basic guestbook spam bots and/or their most basic authors
	$author = param( 'u', 'string' );
	$email = param( 'i', 'string' );
	$url = param( 'o', 'string' );
	param( 'comment_cookies', 'integer', 0 );
	param( 'comment_allow_msgform', 'integer', 0 ); // checkbox
	

	/*It checks if the string is longer than 8, that's because of
	"http://" and "https://". Normally I'd simply check if the string is empty
	but the thing is that b2evo fills that field with "http://" by default, so
	even if the user leaves it unchanged, it will be non empty*/
	
	if( strlen($url) >= 8 )
	{
		echo "The CAPTCHA is wrong, try again.";
		exit(0);
	}
}

It is not identical to your recommendation, but it should be doing the same thing - the script ends before it reaches the validation part - it should still work.

Based on your code, logged in users can post comments with URLs.

You're right, however - I disabled the feature to register new users and the comment that was posted was an anonymous one.

In either case, I must say that there were no other comments posted, so my guess is that this one was published shortly before I saved the new version of the PHP file. In other words, the issue is resolved, but the timing was a bit unlucky :-)