Subsribe to our RSS

latest reactions

Tjarko
@Gary, thanks!! I had hoped it would be…
Gary Fenton
I asked Adobe and they said "We wil …
Cougar
simple quotes, I'm amazed.CF continues …
Tjarko
@Gary, do you know where to find this up …
Gary Fenton
Here's an update... Bad news: It's a bug …

mxna feeds

ColdFusion 8.0.1 Cumulative Hotfix (chf8010001): cftooltip Fixed!!ColdFusion Weekly InterviewColdFusion Weekly InterviewColdFusion Weekly Podcast 3.08: Andy Powell on Enterprise MVC with CF and JavaDid you know a hot fix for ColdFusion was released this week?ColdFusion 8.0.1 Hot FixFree ColdFusion TrainingThe other returnFormat - plainAsk a Jedi: Add an edit button to a ColdFusion 8 Ajax GridThe Philosophy Of Undocumented ColdFusion FeaturesBuilding SlideSix Part 2.5 - Increase Your Applications PerformanceColdFusion 301 RedirectColdFusion - what's in the name?ColdFusion-Talk Roundup#6Hiring a Coldfusion Software Engineer North of Baltimore, MD

All files are strictly confidential: all information is classified.
© Copyright 2002 - 2008 mximize.com.
All right reserved.

MXNA webfeed

Visit Carlos GallupaPowered by ColdFusion MX 7.01

Fighting comment spam with project honeypot

For a project that i am working on at the moment I needed some commentspam protection. Project Honeypot is an project (really?!!) that collects IP addresses of harvesters, spammers and other people/computers you don't want on your website.

You can register with them and use the code below to protect your comments with there Reverse DNS tools. The function returns the threat value, type value and how many days ago the IP address was recognized as a spammer/harvester. Based on those return values you can for yourself create a system that blocks the IP address.

I give back an 404 page to all IP addresses with a type of 4 and more. See code below.


<!--- Check Project HoneyPot --->
<cfinvoke returnvariable="stCheck" method="honeypotcheck" component="cfc.dns">
 <cfinvokeargument name="ip" value="#cgi.remote_host#" />
</cfinvoke>

<!--- Don't display the personal information --->
<cfif isDefined("stCheck") AND (stCheck.type GTE 4 AND stCheck.type LTE 7)>
  <!--- Send 404 message --->
  <cfheader statuscode="404" statustext="Not Found">
  404 Not Found
  <cfabort>
</cfif>


Below the code of the component i've written. Just copy paste and it should work just fine.


<cfcomponent displayname="DNS functions">

 <cffunction name="gethostaddress" returntype="string">
  <cfargument name="host" required="Yes" type="string" />
  <cfset var obj = "">

  <!--- Init class --->
  <cfset obj = CreateObject("java", "java.net.InetAddress")>
  
  <!--- Return result --->
  <cfreturn obj.getByName(host).getHostAddress()>
 </cffunction>
 

 <cffunction name="reverseip" returntype="string">
  <cfargument name="ip" required="Yes" type="string" />
  <cfset var aIp = listToArray(arguments.ip,".")>
  
  <!--- Return IP reversed --->
  <cfreturn aIp[4] & "." & aIp[3] & "." & aIp[2] & "." & aIp[1]>
 </cffunction>


 <cffunction name="honeypotcheck" returntype="struct" hint="Check Project HoneyPot http:BL">
  <cfargument name="ip" required="yes" type="string">
  <cfset var aVal = "">
  <cfset var hpkey = "-- your honepot key --">
  <cfset var stRet = structNew()>

  <!--- Get the different IP values --->
  <cfset aVal = listToArray(gethostaddress("#hpkey#.#reverseip(arguments.ip)#.dnsbl.httpbl.org"),".")>
  
  <!--- Set the return values --->
  <cfset stRet.days = aVal[2]>
  <cfset stRet.threat = aVal[3]>
  <cfset stRet.type = aVal[4]>
  
  <!--- Get the HP info message --->
  <cfswitch expression="#aVal[4]#">
   <cfcase value="0">
    <cfset stRet.message = "Search Engine (0)">
   </cfcase>
   <cfcase value="1">
    <cfset stRet.message = "Suspicious (1)">
   </cfcase>
   <cfcase value="2">
    <cfset stRet.message = "Harvester (2)">
   </cfcase>
   <cfcase value="3">
    <cfset stRet.message = "Suspicious & Harvester (1+2)">
   </cfcase>
   <cfcase value="4">
    <cfset stRet.message = "Comment Spammer (4)">
   </cfcase>
   <cfcase value="5">
    <cfset stRet.message = "Suspicious & Comment Spammer (1+4)">
   </cfcase>
   <cfcase value="6">
    <cfset stRet.message = "Harvester & Comment Spammer (2+4)">
   </cfcase>
   <cfcase value="7">
    <cfset stRet.message = "Suspicious & Harvester & Comment Spammer (1+2+4)">
   </cfcase>
   <cfdefaultcase>
    <cfset stRet.message = "IP-Address not known">
   </cfdefaultcase>
  </cfswitch> 
  
  <cfreturn stRet>
 </cffunction>
</cfcomponent>

8414 viewed | 6 opinion(s)  | del.icio.us | Digg it | Tjarko @ 07/06/07 12:38 cet


Reactions:

Holly Wild wrote.... (site)

Help me prevent spam Im a beginner web master what can I do?Code wise any suggesstion?

16 June 2007 19:16 cet  

Tjarko wrote....

Start by using a captcha or just a simple question asked as in this form (below). This will prevent most of your spam in an instance!!

17 June 2007 15:12 cet  

Micic wrote.... (site)

The best way to fight spam is to disable people entering html code in comments or in some other kind of posting elements such as forums or blogs.

21 June 2007 17:53 cet  

Tjarko wrote....

Unfortunately you will get tons of SPAM on a high volume site even with HTML disabled in your comments. A friend of mine has developed a blog tool and gets between all the installations on average 70.000 spam posts a day. And I'm talking about roughly 110 websites.

With that kind of traffic you want to add some more security to your comments form i'm afraid. Like a captcha or a simple question that need's to be filled in. like on this form.

21 June 2007 20:15 cet  

wrote....

17 September 2007 20:22 cet  

Dark wrote....

I saw more of this staff at http://loadingvault.com

10 May 2008 14:47 cet  

Leave your comment

Your name


Your url/website/link/email....


Some room for your reaction is placed here..



A dozen apples are how many?? (12 would be a good answer for this)




URL en mail addresses are translated for you... life sometimes is that simple!!
profile-manuscript