Mod/Hack: Adding Akismet spam-checking to Coppermine commenting Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Mod/Hack: Adding Akismet spam-checking to Coppermine commenting

Started by pharaohweb, July 13, 2006, 07:09:05 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

pharaohweb

Howdy all,

Lately, I've been getting buckets of comment spam on my Coppermine image gallery, and I have no obvious recourse aside from disabling anonymous commenting altogether (which, in my opinion, has a detrimental effect on commenting in general). I did see a captcha plugin for an older version of Coppermine, but haven't invested any time in seeing if I can adapt it or if an updated version exists. So....

I've started some spare-time work on what I hope to one day become an Akismet plugin for Coppermine.  If you're unfamiliar with Akismet, it's a comment-spam management system that's adaptable to almost any application (often used with content management software like Wordpress).  I'm currently using Bret Kuhns' PHP4 library and, right now, the hack is fairly rough - but basically doesn't allow comments which are suspected as spam by the Akismet screening.  The "dis-allowance" is a horridly ungraceful Coppermine "You don't have permission" error, but it works for now. 

The only guidance I give the Akismet server at this point is the comment author and text, which is just scratching the surface of spam-evaluating criterion which may be passed.  Also, I did not bother to modify the Coppermine database to enable tagging comments as spam, nor did I implement a way to submit false positives (ham) back to Akismet for training (although both are relatively easy to implement using the Akismet PHP4 library include).  Since both of these things are essential functionality for "conscientious" Akismet usage, I've still got some work to do.

Eventually, I'd like to make it into a full-fledged Coppermine plugin - but for now it's a complete hack.  It's a hack, however, that works - and that works for me until I can make it a bit more robust.

If you're interested, here's the mods to make this work in its current ugly form (modifying only the 'db_input.php' file):

First, get an Akismet API key here.  Next, download the Akisment PHP4 library and copy it into your Coppermine root folder.  Then, include the actual file at the top of your 'db_input.php' file with the following statement:

include 'Akismet.class.php';

Next, replace the following line:

$insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('$pid', '{$CONFIG['comments_anon_pfx']}$msg_author', '$msg_body', NOW(), '{$USER['ID']}', '0', '$raw_ip', '$hdr_ip')");

With this:


        $WordPressAPIKey =  'your Akismet API key goes here';
$MyBlogURL = 'http://www.example.com/coppermine_root_dir/';
$name = $msg_author;
$comment = $msg_body;

$akismet = new Akismet($MyBlogURL ,$WordPressAPIKey);
$akismet->setCommentAuthor($name);
$akismet->setCommentAuthorEmail($email);
$akismet->setCommentAuthorURL($url);
$akismet->setCommentContent($comment);
$akismet->setPermalink('http://www.example.com/blog/alex/someurl/');

if($akismet->isCommentSpam())
    // store the comment but mark it as spam (in case of a mis-diagnosis)
    cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
else
    // store the comment normally
    $insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('$pid', '{$CONFIG['comments_anon_pfx']}$msg_author', '$msg_body', NOW(), '{$USER['ID']}', '0', '$raw_ip', '$hdr_ip')");


Well, that's it then.  If you like this and could benefit from me cleaning it up, reply here and give me some encouraging words... I'd love to see full Akismet/Coppermine integration via a simple plugin... maybe I can make my own dreams come true.

Take care, enjoy.
-dave
www.pharaohweb.com/blog

Tranz

This is a great idea! I have been using Akismet in my Wordpress blog for a few months and it has stopped thousands of spam comments. I use captcha to curtail spamming for my Coppermine comments and it has worked well. The limitation is that it only works for people who can see the captcha test. I like how Akismet works in the backend and doesn't change anything for the user.

So yes, please keep up the development of this.

Tarique Sani

Good work I was hoping that someone would do this - thanks
SANIsoft PHP applications for E Biz

Prisoner_24601

Works nice, especially as I can't seem to get the catchpa plugin to work for me.

BTB, I have PHP5.  I'm usening the PHP5 class from http://www.achingbrain.net/stuff/akismet/

schalicto

I have absolutley no idea what I'm doing, but I did your hack and it seems to be doing the trick.  Thanks a lot!

jpsloshua

Hey guys, after recieving alot of spam on our coppermine gallery from bots, I installed this hack. But after 5 minutes of releasing the comments for guests, those sneaky bastards still were able to post the spam. How can I verify that the hack is working properly? It makes no sense having the gallery without comments but the spammers are winning the war.

Nibbler

Make sure you replaced the correct line. There are 2 that are similar. Posting a link might be useful.

jpsloshua

sorry very stupid of me. The gallery location is http://www.bangkokrecorder.com/fotos
I am pretty sure I replaced the correct line but will double check.

tmitche2

Quote from: pharaohweb on July 13, 2006, 07:09:05 AM

First, get an Akismet API key here.  Next, download the Akisment PHP4 library and copy it into your Coppermine root folder.  Then, include the actual file at the top of your 'db_input.php' file with the following statement:


Is there anyway of getting the API Key without having a wordpress account?

Peter Palm

Quote from: pharaohweb on July 13, 2006, 07:09:05 AM
$akismet->setPermalink('http://www.example.com/blog/alex/someurl/');

Hi there, should I change above address too or leave it as is ?
Thanks a lot for this, they're spamming like hell :-(
Peter

Joachim Müller

Quote from: tmitche2 on August 07, 2006, 04:29:42 PM
Is there anyway of getting the API Key without having a wordpress account?
No. What's wrong with signing up there, it's free?


soro

Also from here, many thanks for the hack. I'm not getting much spam yet, but I want to close the door before it starts. And my users are unlikely to understand the Captcha thing, so I'd very much prefer to filter behind the scenes. So I'd be very grateful if you would pursue it further.

Anyone has a spam message that's supposed that should get filtered, for testing purposes? The spam I'm mostly getting seems to pass the filter, or at least I can repost it as a comment after having applied the hack. So I'm not quite sure I actually did it right.

Joachim Müller

Spam samples taken from the Akismet spam section of my wordpress page:
In fact, 99% of comment spam is being submit to advertize pharmaceutical products.
You can try to check if the Akismet spam-checker is also blocking a false positive by adding a comment like this "The guy on the photo is looking like he was on viagra. Looks like the bloke on http://foobar.tld/"

soro

Thanks, GauGau, your spam samples seem to be doing the job here. Once I submit one of them, I don't seem to be able to post any more legit comments from the same IP, though. Do you get blacklisted for one single test spam? Temporarily, I would hope.

Quote from: Peter Palm on August 16, 2006, 12:23:34 PM
Hi there, should I change above address too or leave it as is ?
Thanks a lot for this, they're spamming like hell :-(

There're more knowledgable people out there, of course, but it seems to me it started working for me only after I'd changed that permalink thing as well. Mine is now on www.mysite.com/pathtocpg/displayimage.php?album=lastcom&cat=0&pos=0.

pharaohweb

Folks, quick update on my progress here (it's been slow going). 

I've finished the mods needed to the Coppermine database to ID comments as spam.  Now, instead of Coppermine simply barfing when a spam comment is submitted, the comment is instead "poisoned" as spam (i.e. marked in the database) and not shown.  This way, users are given the ability to review comments Akismet determined to be spam, and to reclaim them as non-spam if the ID was false.  This false-positive process also successfully subits the mis-ID'd comment back to the Akismet server as "ham" to help the system get better.

For this review process, I've created a special "review spam comments" page which is similar to the current "review comments" page except it shows only comments ID'd as spam.  On this page is where you can correct Akismet if a comment was mis-ID'd, thus helping the system learn.

I've also added a "Delete selected comments as spam" button to the bottom of the regular "review comments" page.  Clicking this submits a spam comment missed by Akismet to the server and also flips its spam status to positive (i.e. "poisoning" the comment in the database and not displaying it on the picture), again helping the system learn.  Not implemented, but on the to-do list is a regular "flush" of comments ID'd as spam every ~14 days or so.

Unfortunately, I've not been working on plugin-izing all this as of yet.  Right now I'm working right in the source files and database and haven't put everything together into a neat installable/uninstallable plugin.  That's next. 

Within the next few days, I plan to start looking to how to pluing-ize the whole thing.  Before then though, I may post some raw code snippets for those not interested in waiting and more keen on modding their own installation.  I want to do a little more testing of the spam/ham functionality before I rush to get it up though.

Thanks for the support, take care.
-dave
www.pharaohweb.com/blog

fixedeyes

Hi, I'm very excited about getting this to work, but I'm having some troubles. . .
Maybe someone can help me see where I went wrong.
What happens now is there is when anyone posts any comment, nothing happens after that.  You just get a white screen.  http://www.fixedeyes.com/photos/displayimage.php?album=38&pos=2.   
Wondering what I did? Well....
The instructions said to include this code in the 'db_input.php' file:
Quoteinclude 'Akismet.class.php';
This is what it looked like when I was done:
Quotedefine('DB_INPUT_PHP', true);

require('include/Akismet.class.php');
require('include/init.inc.php');
require('include/picmgmt.inc.php');
I know it said to drop the 'Askimet.class.php' file in coppermine root folder, and I think I tried that correctly first, and when that wasn't working, I shifted it to the include folder... still no luck. 

The next piece of instruction was to replace the following line:
Quote$insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg...etc...
with that other chunk of code. 
But, I think that line was in that file twice. It seemed to be the exact same, should I have replaced both occurrances?
Any suggestions would be greatly appreciated.
Thanks all!

Fotomaf

I have exactly the same problem with 1.4.9 version at http://www.fotomaf.com/index.php
  when somebody try to put a comment a White Screen apears and in the bar you can read http://www.fotomaf.com/db_input.php ...

I repeat the process for three time with exactly the same result
What we are doing bad?

Thanks in advance

ckroell

Hi,

I do have also the 'blan screen issue'. 1.4.8 and 1.4.9 shows this as soon as a non registered person enters a comment (I replaced only line 1, not the second one for the registered users).

But anyway - it does not work because the screen wents blank and the comment is not saved...

Why?

Thank you and best regards,
Christian

jasa

same for me - I get only blank screen...

Something is wrong here:  :(
$WordPressAPIKey =  'your Akismet API key goes here';
$MyBlogURL = 'http://www.example.com/coppermine_root_dir/';
$name = $msg_author;
$comment = $msg_body;

$akismet = new Akismet($MyBlogURL ,$WordPressAPIKey);
$akismet->setCommentAuthor($name);
$akismet->setCommentAuthorEmail($email);
$akismet->setCommentAuthorURL($url);
$akismet->setCommentContent($comment);
$akismet->setPermalink('http://www.example.com/blog/alex/someurl/');

if($akismet->isCommentSpam())
    // store the comment but mark it as spam (in case of a mis-diagnosis)
    cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
else