Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Sep 09, 2011 05:18 AM by saverman
Sep 08, 2011 12:45 PM|LINK
Perhaps this is not a subject for the security section but here it goes: I've got a problem with spamming in the comment sections of our blogs. We're using a captcha that comes with the Demo templates in EPiServer and when I try it out there is no way to
post without entering the right chain of letters.
The behavior of the comments are almost like they are made by hand, but in a really strange way. They are posted in different blogs with a few minutes between them and even though the languages of the sites are swedish, finnish, norwgian and danish the comments
are in english and always with one letter swapped in one of the words, e.g. "I bow down hmbuly in the presence of such greatness.". Sometimes they are not words but instead url's in html-tags but the url's make no sense, e.g. http://qzmxmbisvson.com/]qzmxmbisvson.
They are not done all the time, but come with during a few days every 4-5 week or so and they switch between the different languages of the site every time.
Any ideas on what to do about this? How I can prevent it from going on? I've googled some of the phrases that are being posted and they appear in a lot of other blogs as well so it's no doubt this is a spam bot of some kind.
Sep 08, 2011 02:19 PM|LINK
First off, I know nothing about EPiServer, so I may not be any help, but is it, or the templates in particular, ASP.NET pages that you can edit? In general the Captcha components have a property that identifies whether it's been matched OK and you check
that at the same time as your validation (ig Page.IsValid). That's the first thing I'd look at.
I had this on an app a few years ago and I edited the SQL procedure that inserted blog comments, so if certain phrases were picked up it just existed without actualling inserting. It was easy to do at the time because like yours, it was clearly bot based
and there were phrases I could check.
Sep 09, 2011 05:18 AM|LINK
I've got control of the entire code so checking the captcha is no problem. However it's working as it should and if it's not filled out correctly you can't post. Somehow it fills in the correct letters.
I just checked the site right now and it seems to be free of new spam for the last 15 hours compared to almost 90 posts the day before. Perhaps I should just take your advice on comparing phrases. It's mostly the same couple of phrases over and over so I
guess I can just start storing them as they are being registered to see how that goes.