Blocking comment spam postbacks

30. April 2011 12:37

 

I was previously trying to prevent comment spam by blocking access by ip address. However it does appear that this really isn't very suitable. The amount of comment spam did drop from around 500-600 items per day to around 40 - 60. So it just is not effective enough and you also run the risk of blocking valid users from accessing the content on the site.

 

I have now come up with a new method which is a much safer and does not require the overhead of using a database. I decided to look into the web server logs and noticed that the clients are bots and not really web browsers they only request then postback a valid page in an attempt to get the comments to appear on the site. So this new approach uses this to an big advantage.

 

The goal for the following code is simple. We block all postback requests until certain files are requested from the web server which is the css and image files. It is also much safer as we are not actually going to be blocking any requests for content in the same way the IP blocker was operating. We are only blocking the ability to do postbacks. This is what I managed to put together in a reasonable period of time (around 20 minutes).

 

 

public class BlogAntiSpam : IHttpModule
{
    private static Dictionary<string, CachedIP> IPCache = new Dictionary<string, CachedIP>();

    public void Init(HttpApplication App)
    {
        App.BeginRequest += new EventHandler(App_BeginRequest);
    }

    private void App_BeginRequest(object sender, EventArgs e)
    {
        HttpRequest Request = HttpContext.Current.Request;
        HttpResponse Response = HttpContext.Current.Response;

        if (Request.HttpMethod == "POST")
        {
            if (CheckAddress(Request.UserHostAddress) == true)
            {
                Response.Clear();
                Response.Write("Sorry, You Are Banned From This Site!");
                Response.End();
            }
        }

        if (Request.HttpMethod == "GET")
        {
            if (Request.Url.PathAndQuery.ToLower().StartsWith("/themes/"))
            {
                EnableIP(Request.UserHostAddress);
            }
        }
    }

    private bool CheckAddress(string CurrentIP)
    {
        if (IPCache.ContainsKey(CurrentIP) == false)
            IPCache[CurrentIP] = new CachedIP(CurrentIP, true);
        
        return IPCache[CurrentIP].Block;
    }

    private void EnableIP(string CurrentIP)
    {
        if (IPCache.ContainsKey(CurrentIP) == false)
            IPCache[CurrentIP] = new CachedIP(CurrentIP, true);

        IPCache[CurrentIP].Block = false;
    }

    public void Dispose()
    {

    }

    internal class CachedIP
    {
        public string IP = null;
        public bool Block = false;

        public CachedIP(string IP, bool Block)
        {
            this.IP = IP;
            this.Block = Block;
        }
    }
}

 

 

A short note for the above I have hard coded this to see any requests from the /themes/ directory in the website. This could of course be narrowed down to certain files which may only be referenced inside the css files or use random images loaded from javascript or some such. Making it so much harder for the spammers to operate.

E-mail Kick it! DZone it! del.icio.us Permalink


Comments (5) -

4/30/2011 2:14:06 PM #

hmm, look kind of nice. I don't have enough info on this but does this effect search engine crawlers to see the blocked content?

tugberk Turkey |

4/30/2011 2:16:40 PM #


No it won't since it will only ever block on a postback. As in when a form is submitted so it should not effect search engines unless they are attempting to submit forms all the major ones will not do this.

James United Kingdom |

4/30/2011 3:32:31 PM #

this looks good. one more question. what if I have restful service on my website which gets the data with http POST request. would those ones be effected?

tugberk Turkey |

4/30/2011 3:38:36 PM #


I am not sure about that. Though it would be easy enough to modify the module to permit the service or ignore it from the blocking action.

James United Kingdom |

4/30/2011 3:44:15 PM #

I see. thanks for the info. that would be also helpful to put how you register this module to IIS. but overall, this is a perfect post.

tugberk Turkey |