Spam Spam Spam

No I'm not talking about the tinned porky ham that Monty Python likes to sing about. It's the electronic type. I added the option to add comments to my site a few months ago. Being aware that this could be abused I coded some email notification.

spam.png

Late last night I received over 300 emails notifying me that comments had been added to one of my blog entries. Anything from Obama healthcare to Casio slot machines. All linked to various other sites with 404 errors. I don't believe they were malicious, just simply to increase other sites ratings on Google. Google ranks their sites depending on other sites linking to them. So this is a quick way to trick Google ranking.

With this is mind it's time to add a reCaptcha. Google offer a free service, that has been updated recently to 'I'm not a robot' that's a little more human friendly.

To set it up you need to set-up an account here.
https://www.google.com/recaptcha

Once this is done you need to add some javascript to your site as follows.



Then for the div tag, this is where your reCaptcha will be rendered.

 



Then on the post back (submit) you will need to call a Google service to check it's valid. I did this in php. Code below.

$recaptcha_secret = "Your private key here";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);

// check for successful verification
if($response["success"] === true) {
// It's valid, add valid response code here
} else {
// It's failed, add failed response code here
}

One last thing to mention is that I needed to change some settings on my hosting company to allow the File_Get_Contents() to function correctly. I needed to add/update the following lines to the php.ini.

allow_url_fopen = On
extension=openssl.so

With this done I just needed to enable google.com in the internal firewall at my hosting company.

Hopefully with all these changes done, I won't be getting anymore unwanted comments. But if it still happens I'll need to add a email confirmation process. Let's see.

#coding

Comments

Back to blog