Safe Web Comments: A Web Page Comment Form Protected from Spam Robots by Captcha & other Spam Traps

This software is at stage: Released Version 1.0. Please report bugs etc by email or in the comment form at bottom of page.

Introduction: SafeWebComments is utterly simple. Comment data are gathered through a Web Form, parsed into html and posted into an HTML Data file that is in fact just a text file. The comments are displayed by "including" the HTML Data via Server Side Includes into the originating web page. Protection from spamming web robots is effected by guarding access to the Web Form with the random image generator known as Captcha as well as a couple of anti spam tricks that make spam from robots almost impossible.

These general features have been incorporated:

  • No complex databases - data are maintained in a flat text file.
  • The web page and the comment data are independent so the web page can be edited independent of the separately-stored comments.
  • The styles for the displayed commentary are customisable.
  • Styles are set in a browser-based GUI, requiring no knowledge of CSS or HTML.
  • The commentator can preview and edit before posting.
  • Webmaster can choose oldest first or newest first for the date-ordered display of comments.
  • Webmaster may limit the number of posts to any number, autoerasing the oldest first.
  • Protection against accidental multiple re-posting using redirects
  • Webmaster receives email of each comment posted (option to turn on/off).

These anti spam features have also been incorporated:

  • Reverse Turing test using Captcha guards a gate to the comment form.
  • Spam trap: There are two text-box spam traps on the posting form.
  • Active hyperlinks are banned in the comments.
  • All HTML and other scripting tags are allowed but are deactivated before being displayed.
  • Commentator may supply home page as an active link. It's displayed with the anti-spam rel="nofollow" property.

These features will be addressed:

  • Javascript toggle button allows to view/hide comments; webmaster chooses the default.
  • Protection against accidental multiple re-posting using cookies.
  • Use file locking to prevent corruption of stored comments.

Copyright: Swerdna's Open Source Software: GNU General Public License (GPL).

Download the Files: Download the package swc_r.1.0.tar.gz. Extract (untar) it anywhere. Use e.g. R-click and select "Extract here" in Konqueror or Nautilus or execute tar -xf swc_r.1.0.tar.gz. Installation instructions are in the contained file install.html and the files for SafeWebComments are in the folder named "swc_files".

Placing the files: For illustration, suppose you have a web page yourpage.html where you want to install SafeWebComments. SafeWebComments works on pages with extensions .html and .php, I haven't tried others. Create a folder called comments.php in the document root of your web server and inside comments.php create a folder named yourpage. Note that it must be named for the page yourpage.html. Copy all the contents from inside the download folder swc_files over into folder yourpage.

Permissions: One directory and four files need to be made writeable to allow PHP scripts to store comments and other dynamic data. They are the directory /comments.php/yourpage/b2evo_captcha_tmp and the four files with .html extensions in directory /comments.php/yourpage. To be precise: make b2evo_captcha_tmp to drwxrwxrwx and make buffer.html, config.html, data.html and includefile.html to -rw-rw-rw. These shell commands will do that:

chmod 777 b2evo_captcha_tmp
chmod 666 *.html

Clean Out Old Data: Only copy unused download files. Even so, sometimes this advice is ignored and old files and directories are copied into directory /comments.php/yourpage/ instead of the unused download files. So make sure that directory /comments.php/yourpage/b2evo_captcha_tmp is empty and that old text data aren't copied across into "path.dat" or into "*.html".

Path Information: Create the file path.dat at /comments.php/yourpage/path.dat, open it in a text editor and insert the following line of path information:

/yourpage.html,html,

This is a one-line comma separated list of the path to the web page (e.g. /yourpage.html) followed by the page's file extension (e.g. html or php; NB no spaces on the line & last character is a comma). This information is used in various ways to link back and forth between the web page and the utilities in the folder /comments.php/yourpage.

Server Side Includes: Now you enable Server Side Includes for the page yourpage.html and for the document root of your web server. To enable a page you set its execute bit by executing this shell command in a terminal:

chmod a+x yourpage.html

To enable Includes in the document root you EITHER turn on the Directive Options Includes OR you add these two lines into the .htaccess file for the document root:

Options Includes
XBitHack on

Next you add this line of code near the end of your html page yourpage.html:

<!--#include virtual="/comments.php/yourpage/includefile.html" -->

But of course if using php, and yourpage.php then insert this into the html code instead:

<?php include("comments.php/yourpage/includefile.html") ?>

The recommended location is above the </body> tag and preferably just above the final closing </div> tag defining the overall page container. You may need to experiment to find the best location. It will be very close to the closing </div> and </body> tags. NOTE that the path contains part of the filename of yourpage.html.

Run Setup Scripts: Before you run setup scripts you must have placed the files, set the folder permissions, cleaned out old files and set the path information in path.dat, as detailed above. Then: To install this software automatically you run the script "zerofiles.php" by entering the following address into your web browser (adjust for yourdomain.com and for yourpage):

http://www.yourdomain.com/comments.php/yourpage/zerofiles.php

This script will display a dialogue in your browser that confirms to you that it has executed and after a pause for you to register that fact, your browser will forward you to a Web Form that is a GUI configurator for personalising the styles for the commentary that appears in yourpage.html. The configurator is self explanatory, including an illustrative screenshot. You post the new configuration with a "Submit" button and can view the changed appearance on your web page. You might need to refresh the page in your browser to see the new styles.

You can now add comments to the page yourpage.html by addressing it in your web server at http://www.yourdomain.com/yourpage.html and clicking on the button to "add comments". You can change the styles at will by addressing the GUI configurator directly at:

http://www.yourdomain.com/comments.php/yourpage/guiconfig.php

The GUI configurator changes the styles for the comments while preserving them (comments and styles are kept in separate data files and blended magically, so you can change them separately)

You can get rid of your experiments in making comments by re-addressing the install script zerofiles.php in your browser. That script automatically deletes all comments and re-zeroes the installation. It re-installs the default styles too which is useful if you can't remember how to get them back.

Security NB: After you are satisfied with the setup and the styles, move or remove the files guiconfig.php and zerofiles.php or password protect them, for obvious reasons. If you remove them you can temporarily restore them from the source package for occasional maintenance. You should also prohibit directory listings in browsers for /comments.php and its subdirectories. Setting the appropriate directive in Apache config files is preferred, but alternatively create an .htaccess file in /comments.php and add this line:

Options -Indexes

Errors -- Possible Causes

When you click to Add Comments on the web page, you don't see the Captcha graphic on the page you're taken to: the folder b2evo_captcha_tmp is not world writeable drwxrwxrwx.

The 10-second delayed redirect from the script zerofiles.php doesn't work and produces the error "object not found": The path data in the file path.dat are wrong.

"Existing Values" on the GUI configurator are not filled OR "New Values" contain no suggested values OR "New Values" that you post do not get recorded: Check the the file config.html has permissions -rw-rw-rw. And check the other three .html files are world writeable as well.

E-mail alerts to the webmaster do not arrive: These use the PHP function mail() which requires to be initialised correctly in php.ini and also requires sendmail to be installed. If you can't setup your server correctly, you can turn the E-mail function off in the GUI configurator.

You get no image on the Captcha form, just this error message:

There is no GD-Library-Support enabled. The b2evo captcha class cannot be used!

PHP uses a GD library to create the image you normally see on the Captcha form. The software isn't installed. In openSUSE Linux 11.0, for ecample, it's the RPM php5-gd-5.2.5-66.1

Remember to be consistent with file extensions. In the example/s above I used .html. If you're using .php, you must make appropriate modifications to my examples.

Report any bugs, difficulties, ideas in the comment form.

Swerdna: 27 December 2007


Open Source Apps

Safe Web Comments

A web page comment form protected from spam robots by Captcha & heuristic spam traps
Web Hit Counter

A system for recording and displaying web page hits in an Apache web server
Preview

A graph plotting utility for visualising two dimensional serial numerical data