BleepingComputer.com: PHP Comments Script

Hi,

Is there any good ready made free comments script in PHP ?

I want to add the ability for users to post the comments at the end of every article/page on my web site. I made one script myself, but some people misused it and posted a lot of spam. I have tried one from GentleSource but it does not work.

Thank you

By 'good' I assume that you mean employees some sort of spam filtering capability?

Yes, some spam protection, simple captcha, as well as easy to install and use.

you could try having a look at these... http://202.45.110.174/examples/guestbook/

"Easy to install and use" sort of depends on level of experience. If you are familiar with PHP (or programming in general) then all PHP is pretty easy. If programming is not one of your strong suits, then finding one that does everything that you want and still be easy to use is a much smaller target. Usually the best defense against spammers is to make them sign up for an account which has to be activated via email, or else make all comments be approved.

KamakaZ Thank you, but I am looking for something like comments in a blog (like Wordpress or blogpost), different comments for different page. Also I just spammed your guestbook with spamcheck.

groovicus By easy to install I meant, I dont have to copy/paste a lot of code. Just a little "include" on top of page and something like "echo" where I have to show comments. I have seen scripts which require lots of changes. Should I say I need smart script?

I recommend this comment script.

NN

Except that in the very first post Romeo already said he tried that one.

Thanks NameNick. Though that script is awesome yet somehow it gives alot of errors when I tried it.

I forgot to mention groovicus that in my own script I had 1 comment per 5 minute (based on IP address) rule. So using 1 ip address a user cannot post more than a comment in less than 5 minutes. Also I had all comments approved. I also used a simple captcha. But this spammer person I think used some auto spam program. He changed proxy servers, using different IPs and spammed me 24 hour a day. My sql database became full of garbage. The script sent me email when somebody posted comment, so i had thousands of emails coming every 2-3 minutes. So I got tired and removed the related php files. I thought of banning ips but when looking at the sql database, i found over 300 different ip addresses.

My first suggestion is to try a different captcha. There are quite a few that can be solved algorithmically.

The next step is to have a 'bad word' list. If the words are contained anywhere within the message body or subject, delete them and block the IP. My block list has thousands of IPs. If you can automate the process, that will help.

There are tons of things a person needs to do in order to combat spam; I am getting ready to implement comments on a web site I am working on, so your problem is timely in that it is making me think of a few things. My plan contains some of the same elements as yours; ip based logging and blocking, approving comments, etc. I am also going to require that the user be logged in with a valid email address. I will be implementing a bad word list, and spam databases. I have not yet decided if I am going to use something off the shelf, or if I am going to roll my own. I don't mind using other people's libraries, but it seems that every time I do, they update the library and fail to maintain backwards compatibility. Rolling my own means that at least I know what is going on, but it takes time.

Romeo29, indeed you did manage to SPAM my guestbook, but if you look closely at the description in () you'll find that the version you SPAMed only checked for blank fields, could i get you to try again on this one?

EDIT: v1.5 and 2.0 are using the same database to host the comments, even so, v3 is the one i was pointing you towards... Wouldn't be to hard to add in ip blocking

KamakaZ good improvement

Finally, I made my own script. As groovicus suggested I have set to auto-ban the ip. I am also thinking set a cookie, so a person cannot change the IP and comment again within 1 minute using the same browser.

I have not used register or sign- in to comment method because it may seem too much for a visitor and drive them away.

Thanks for all the good suggestions.