Blosxom, Comments, and Spam DATE: 2012/12/4 I am continuing with customization of Blosxom to run my blog. Comments is one of the big reasons I'm even loking at blog engines programmed by someone else. I can and have written a script that generates a list of links to files in reverse chronological order, a bare-bones blog. I'm sure I could program a comments system myself, too, but comment functionality has big enoug security implications (accepting arbitrary text from any user with an Internet connection, running through your script, storing it on your server, and later regurgitating it) that I don't trust myself not to miss something crucial. If I can find something that works well enough, I'd prefer to use something programmed by hopefully a better programmer than myself, and then tested by the user community. Hence a reason for my interest in Blosxom, and motivation for the days I've spent fiddling to add a comment form to my blog. Blosxom's age and fading popularity have been a problem. There is a comment module written by Blosxom's original programmer, but it has a reputation for being a spambot[*] magnet (which I've experienced first-hand on another blog years ago) and for a number of other problems hinted at in online forum archives. Many programmers have published improved versions of the original comments module to address thse and other issues. Unfortunately, it seems that a number of Blosxom module repositories have been taken off-line. Even where the main module script has been preserved, necessary supporting files are missing. In the end, the original comment module was the only version that seemed to be complete. I added the comment module to the blog engine and it seemed to work well enough. However, in less than twenty-four hours spam comments were showing up. I quickly deleted them, but obviously some kind of defense against the spambots is essential. Fortunately, there are also a number of Blosxom modules designed to defeat spambots, and in general the software is better-preserved than that of the enhanced comment modules. After trying an image-recogniton based antispam module (this is a popular approach, but this module interfered with the normal working of the comments module), I installed a simpler module named "nospam". It has the great advantage that it validates that subitted comments are from human beings and not from spambots without the commenter taking any additional action, or even being aware of the check. It's shortcoming is that it depends on javascript, so users connecting with browsers that don't run javascript will be prevented from submitting comments. I found an antispam system on another blog that was programmed by the blog's proprietor himself. It's not a Blosxom module, or even written in Perl (it's writen mainly in PHP), but it's simple enough that I think I will adapt it for my blog. It works by having the user enter a special password when submitting a comment. The password is so simple that even a (human) child can figure it out from a hint which is displayed next to the password input box. But not simple enough for spambots to figure out, at least not with the lvel of artificial intelligence technology currently available. The program's author reports that his simple test blocked all spam comments to his blog for two years. When spam posts started showing up again (he suspects the some spambots got human assistance to guess his password), setting another simple password was all that was needed to once again block the spambots. Although this antispam module requires commenters to do the extra work of entering the validation password, the hint is in plain text so it should pose no problem for the vision-impaired acessing the site with a screen reader (unlike the popular image-recognition systems). It does have a javascript component, but it implements an optional function and doesn't prevent posting comments from clients without javascript support. For the timr being, comments are up and running with antispam validation, and I have noticed no futher spam comments since the first batch. Feel free to add your comments to this or any other blog entry! [*]"Spam" is unwanted e-mail or other network communication, especially when it is commercial, scam, or otherwise useless in nature, and especially when it is received in distractingly large volumes. A "spambot" is a program (a "robot") that automatically launches spam attacks against e-mail addresses and WWW page input forms.