My last post about comment spam fighting resulted in a lot of e-mails from readers asking how to create their own spam fighting logic in BlogEngine.NET 1.3. So I decided to show a simple extension that listens for certain bad words and filters on those. If a comment contains one of the predefined words it is considered spam.
The extension
[Extension("Filters comments containing bad words", "1.0", "Mads Kristensen")]
public class BadWordFilter
{
// Constructor
public BadWordFilter()
{
// Add the event handler for the CommentAdded event
Post.AddingComment += new EventHandler<CancelEventArgs>(Post_AddingComment);
}
// The collection of bad words
private static readonly StringCollection BAD_WORDS = AddBadWords();
// Add bad words to the collection
private static StringCollection AddBadWords()
{
StringCollection col = new StringCollection();
col.Add("VIAGRA");
col.Add("CASINO");
col.Add("MORTAGE");
return col;
}
// Handle the AddingComment event
private void Post_AddingComment(object sender, CancelEventArgs e)
{
Comment comment = (Comment)sender;
string body = comment.Content.ToUpperInvariant();
// Search for bad words in the comment body
foreach (string word in BAD_WORDS)
{
if (body.Contains(word))
{
// Cancel the comment and raise the SpamAttack event
e.Cancel = true;
Comment.OnSpamAttack();
break;
}
}
}
}
The problem with an extension that filters based on bad words is that if you have a blog about medicine then Viagra probably isn’t a bad word. Therefore this type of spam fighting is left out of the release, but is offered as a separate download where you are able to define your own bad words.
Download BadWordFilter.zip (743 bytes)
Today I hit the all time record of comment spam with a staggering 367 attacks in just 21 minutes. They were all coming from the same IP address but with various different comments that all had something to do with selling Christmas cards. I don’t mind the occasional comment spam attacks since none get through, but when they hit as hard as they did today I get annoyed because they take up CPU cycles and bandwidth.
I needed a way to block these pesky intruders from leeching on my server and hopefully find a way to keep them from returning.
BlogEngine.NET 1.3 to the rescue
The next version of BlogEngine.NET with the creative title of 1.3, which is due before Christmas, has some new events exposed for extension builders. One of them is called Comment.SpamAttack and gets raised every time a spammer tries to add a comment.
So I wrote a small extension that listens to that event and collects IP addresses from the clients making the spam requests. When the same IP address gets caught spamming comments 3 times, the extension clears the response and sends back a 404 HTTP header. The reason for that is to trick the spammer (which almost always is a dumb robot) to believe that the URL doesn’t exist and therefore it would stop trying and wont come back.
This extension is only a few hours old so I don’t have any statistics on its effect yet, but my spider sense tells me it will have positive effect in fighting the spam attacks right now and in the long term.
You can also create extensions that listens to the Comment.AddingComment which is raised before the comment is saved. That gives you the possibility to do your own spam filtering, because you can then cancel saving the comment and raise the Comment.SpamAttack event by calling the static Comment.OnSpamAttack() method.
I’ll test the extension thoroughly and if it behaves well, it will be included in the 1.3 release. You can also get a sneak peak at the extension by downloading the .cs file below:
BlackLister.zip (886 bytes)