Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PHP Comments Script


  • Please log in to reply
11 replies to this topic

#1 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:27 AM

Posted 01 January 2010 - 03:02 PM

Hi,

Is there any good ready made free comments script in PHP ?

I want to add the ability for users to post the comments at the end of every article/page on my web site. I made one script myself, but some people misused it and posted a lot of spam. I have tried one from GentleSource but it does not work.

Thank you :thumbsup:

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:27 AM

Posted 01 January 2010 - 03:40 PM

By 'good' I assume that you mean employees some sort of spam filtering capability?

#3 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:27 AM

Posted 01 January 2010 - 05:17 PM

Yes, some spam protection, simple captcha, as well as easy to install and use.

#4 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:01:27 AM

Posted 02 January 2010 - 08:12 PM

you could try having a look at these... http://202.45.110.174/examples/guestbook/

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:27 AM

Posted 02 January 2010 - 08:31 PM

"Easy to install and use" sort of depends on level of experience. If you are familiar with PHP (or programming in general) then all PHP is pretty easy. If programming is not one of your strong suits, then finding one that does everything that you want and still be easy to use is a much smaller target. Usually the best defense against spammers is to make them sign up for an account which has to be activated via email, or else make all comments be approved.

#6 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:27 AM

Posted 03 January 2010 - 07:01 AM

KamakaZ Thank you, but I am looking for something like comments in a blog (like Wordpress or blogpost), different comments for different page. Also I just spammed your guestbook with spamcheck.

groovicus By easy to install I meant, I dont have to copy/paste a lot of code. Just a little "include" on top of page and something like "echo" where I have to show comments. I have seen scripts which require lots of changes. Should I say I need smart script?

#7 NameNick

NameNick

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 03 January 2010 - 07:03 AM

I recommend this comment script.

NN

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:27 AM

Posted 03 January 2010 - 10:11 AM

Except that in the very first post Romeo already said he tried that one. :thumbsup:

#9 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:27 AM

Posted 03 January 2010 - 02:05 PM

Thanks NameNick. Though that script is awesome yet somehow it gives alot of errors when I tried it.

I forgot to mention groovicus that in my own script I had 1 comment per 5 minute (based on IP address) rule. So using 1 ip address a user cannot post more than a comment in less than 5 minutes. Also I had all comments approved. I also used a simple captcha. But this spammer person I think used some auto spam program. He changed proxy servers, using different IPs and spammed me 24 hour a day. My sql database became full of garbage. The script sent me email when somebody posted comment, so i had thousands of emails coming every 2-3 minutes. So I got tired and removed the related php files. I thought of banning ips but when looking at the sql database, i found over 300 different ip addresses.

Edited by Romeo29, 03 January 2010 - 02:05 PM.


#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:27 AM

Posted 03 January 2010 - 02:38 PM

My first suggestion is to try a different captcha. There are quite a few that can be solved algorithmically.

The next step is to have a 'bad word' list. If the words are contained anywhere within the message body or subject, delete them and block the IP. My block list has thousands of IPs. If you can automate the process, that will help.

There are tons of things a person needs to do in order to combat spam; I am getting ready to implement comments on a web site I am working on, so your problem is timely in that it is making me think of a few things. My plan contains some of the same elements as yours; ip based logging and blocking, approving comments, etc. I am also going to require that the user be logged in with a valid email address. I will be implementing a bad word list, and spam databases. I have not yet decided if I am going to use something off the shelf, or if I am going to roll my own. I don't mind using other people's libraries, but it seems that every time I do, they update the library and fail to maintain backwards compatibility. Rolling my own means that at least I know what is going on, but it takes time.

#11 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:01:27 AM

Posted 03 January 2010 - 04:43 PM

Romeo29, indeed you did manage to SPAM my guestbook, but if you look closely at the description in () you'll find that the version you SPAMed only checked for blank fields, could i get you to try again on this one?

EDIT: v1.5 and 2.0 are using the same database to host the comments, even so, v3 is the one i was pointing you towards... Wouldn't be to hard to add in ip blocking

Edited by KamakaZ, 03 January 2010 - 04:45 PM.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#12 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:27 AM

Posted 06 January 2010 - 11:08 PM

KamakaZ good improvement :thumbsup:

Finally, I made my own script. As groovicus suggested I have set to auto-ban the ip. I am also thinking set a cookie, so a person cannot change the IP and comment again within 1 minute using the same browser.

I have not used register or sign- in to comment method because it may seem too much for a visitor and drive them away.

Thanks for all the good suggestions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users