dasBlog and Comments

March 1st, 2009 | Tags:

When I decided to start this blog, I thought to myself that I’d celebrate when and if the blog ever got a total of one thousand hits. This weekend I decided to have a look and see how far toward that goal the blog had gotten. Imagine my surprise when I learned that the blog had not only reached one thousand hits, but had actually surpassed that by a large amount!

So far, the blog has received a total of 5 109 hits(!)

That includes the Google bot and Feedburner, which constitute almost 100 hits combined.

An interesting note is that the single most popular article on blog is AVG Antivirus – “General Error” when updating (fixed), with my blog being in the top 10 search results on Google when searching for AVG free antivirus general error.  Yay!  So many thousand hits, and not a single comment though? Then again, I don’t make a habit of leaving comments on blogs unless I want something.  I think I’ll be a bit more generous with the comments in the future, to encourage the authors!

The problem with the blog becoming more popular, is all the spam. Today I have filtered out somewhere between ten and fifteen spam comments for each and every post on the blog.

The reason for this can be found in CommentViewBox.ascx.cs:

// Why isn't Page.Valiate("Normal") working? It returns false. Hm.
if (name.Text.Trim() != String.Empty)
{
   SaveCookies();
   AddNewComment(...);
}

Oops…?

dasBlog does not correctly validate the comment form. It merely checks to see that the name field isn’t empty. Aside from that, it basically accepts anything. It doesn’t even validate the CAPTCHA.

Uh oh…  No wonder I was receiving so much automated spam on my blog!

First I added this work item over at the dasBlog project on CodePlex.

While I wait for something to happen with the work item, I updated the code like this:

if (name.Text.Trim() != String.Empty &&
    comment.Text.Trim() != string.Empty &&
    CaptchaControl1.UserValidated)
{
   SaveCookies();
   AddNewComment(name.Text, email.Text, homepage.Text,
    comment.Text, ViewState["entryId"].ToString().ToUpper(),
    /* openid */ false);
}

It’s not a very good fix, since it requires a full post back to validate (meaning that the whole page will refresh). Also, it doesn’t honor the validation controls on the form. But as far as an emergency fix is considered, it’ll have to do – until the dasBlog team can sort it out.

Technorati Tags: ,,
Leave a comment | Trackback
No comments yet.