B10[mg]

Yes, it's official, this will be the last blog entry from me ...

... using NanoBlogger. I've made the switch to Blosxom for a couple of reasons. Mainly, NB is just too slow for my liking. I don't even have many entries, yet updating everything takes a long time and editing a post too...

Blosxom provides an easy way to hack up posts too, just like nb, yet it's not static. And hey, Blosxom is in Perl :-)

Anyways, update your RSS feeds.

Links:

• Blog
• RSS Feed

Since I've started blocking comment spam, I am surprised by the effect of just a few "block words". Apparently, I am only targeted by a handful of spammers.

But, since it happens rather often for a blog like mine (in my opinion), I have decided to present you with some statistics and eye-candy (updated hourly).

... you have lies, damned lies, and statistics

comment spam

Lately, my blog has been suffering from comment spam and taking it out isn't too user friendly (you have to do quite some deleting work).

So I had two options. Make deleting spam easier, or stop spammers. And yes, the second options seems easier and more preferable.

After glancing at the code of CGIComment, I realized it was fairly easy to stop. All of the spam-comments so far were casino related, so all I had to do was add a little snippet of code to the SaveComment sub.

 # Spam protection
 if($CommentInfo{'text'} =~ /(casino|poker)/i) { 
    print "<h1>Nuh uh ... can't use the word: $1</h1>";
    warn($ENV{'REMOTE_ADDR'}, " abused $0 with '$1'");
    return; 
 }

The first line is a comment, so let's look at the second one. It checks whether the $CommentInfo{'text'} (the comment users post) contains either the word "casino" or "poker" (case insensitive).

If that is the case, the user will see the banned word, a warning will be printed to the error log showing the users' IP address and banned word. And of course, the entry will not be saved.

Easy hack, although I fear the banned list to grow soon (I bet the word "blogspot" will follow soon ;-)

A year ago, I wrote my First Post.

Happy Birthday, B10[m|g]!

For a while now, you can use NBCom (NanoBlogger Comments) on your blog, to handle comments on posts.

While my (slightly altered) CGIComments way of handling comments does not prevents bots from posting, NBCom gives you the impression that it does, by providing a shiny CAPTCHA image.

This, of course, is tempting to break. And yes, it's really, really easy to bypass. Let's look at some code:

#!/usr/bin/perl

use strict;             # Always use strict
use WWW::Mechanize;     # magic module ;-)

# Setup WWW::Mechanize
my $m = new WWW::Mechanize(
   agent => "B10m Anti-Bot Bot",
);

# Retrieve the first page
$m->get('http://nhw.pl/blg/cmt.php?article=/2005/11/22/T01_13_46/index.html');

# Find, download and store the image
my $img = $m->find_image(url_regex => qr/img.php/);
$m->get($img->url, ":content_file"=>'image.png');

# Go back to the form
$m->back;

# Use `gocr` to find the very secret code
my $secret = `/usr/local/bin/gocr image.png`;
chomp($secret);

# Get rid of the image
unlink 'image.png';

# Submit the form
$m->submit_form(
   form_number  => 1,
   fields       => {
      body      => 'Ugh, bots can still post :-( See '.
                   'http://menno.b10m.net/blog/archives/2005/12/15/T16_20_20/index.html',
      txt       => $secret,
   },
);

All set. The script almost contains more comments (to make it readable for everyone) than code and sure as heck, it seems to work.

I guess the author needs to rethink his CAPTCHA strategy here. It's too easy!

(NOTE: Of course, a script like jcwren's A little fun with merlyn is way nicer, but hey, I'm just lazy ;-)