This site still isn't all that big or popular in the grand scheme of things, but I've been spending wasting too much time deleting spam comments and accounts recently. I was tired of deleting 20 comments each day and the spam accounts were more irritating because I couldn't be certain which ones they were. A few days ago I decided it was time to take action and hack my Community Server skins to add a little bot catcher. It was surprisingly easy, taking just half an hour changing only two files.
Trying to be quick, easy and effective, I started with Jeff Atwood's advice on CAPTCHA and decided to just require a standard value to be entered each time. I didn't even use a picture or challenging font like he did. Those are bridges I'll cross if and when they are needed. All I wanted to do was stop bots targeting the Community Server platform from plaguing me. Here's how I did it. The code looks ugly, but it copies and pastes fine.
I edited the Skin-CreateUser.ascx file found in the Themes\default\Skins folder by adding the following code just before the table row containing the time zone information.
<tr>
<td align="right">Type NWMC here:</td>
<td>
<div class="CommonFormField">
<asp:TextBox ID="botTest" runat="server" onKeyUp="validateForm(this);"></asp:TextBox>
<asp:CompareValidator ID="botTestVal" runat="server" ControlToValidate="botTest" ValueToCompare="NWMC" ErrorMessage="Please type NWMC in the specified box."></asp:CompareValidator>
<asp:RequiredFieldValidator runat="server" ErrorMessage="*" ControlToValidate="botTest" ID="botTestReq" />
</div>
</td>
</tr>
I also added the following line to validateForm javascript function near the end of the file. I placed it at the end of the group of "if(state)" lines.
if(state){ state = ($('<%= botTest.ClientID %>').value == 'NWMC');}
The second step was to add the following two lines to the Skin-CommentForm.ascx file in the Themes\Blogs\default\Skins folder. I chose to add it just after the line with the url textbox.
<dt>
<label for="<%=botTest.ClientID %>">Please Type the words 'Web Mission' in the box below:</label>
<em>(<CS:ResourceControl ID="ResourceControl2" runat="server" ResourceName="Required" /></em>)
<asp:CompareValidator runat="server" ErrorMessage="*" ControlToValidate="botTest" ID="botTestValueVal" Type="string" ValueToCompare="Web Mission" />
<asp:RequiredFieldValidator runat="server" ErrorMessage="*" ControlToValidate="botTest" ID="botTestReq" />
</dt>
<dd><asp:TextBox id="botTest" runat="server" CssClass="smallbox" /></dd>
That's it. I'm pleased to say my decisions have been effective since I immediately stopped getting all comments and account registrations. A new account was registered today, so I'm pleased to see typing NWMC isn't too much of a deterrent. Now I just need someone to post a comment . . .