BlogEngine.NET, SimpleCaptcha, and Spam

by Ryan 22. January 2012 10:59

I use BlogEngine.NET for this blog. I've loved it so far. It suits me perfectly because I also love .NET and C#.

BlogEngine.NET comes with a few "extensions" out of the box, and one of those extensions is called SimpleCaptcha. You simply configure it with a question and an answer. Visitors who supply the correct answer get to post comments. This wards off most of the spammers. But from what I'm seeing, is that whatever spammers use to automatically crawl the web, leaving little spam-filled coprolites in their wake, seems to be able to solve simple mathematical equations like 5+5, 3+7, and even (5+2)-1. I changed my captcha challenge to that latter equation and received a spam comment not five seconds later.

Maybe this will stop them...

So I figured the next best thing to do, without annoying and frustrating my visitors too much with those really bizarre graphical captchas that you can't even read half the time, was to change my SimpleCaptcha to something that was still simple, but required slightly more human-like thinking than what I suspect most spambots are capable of. Questions such as "what is the opposite of cold" or "a shape with four equal sides." These sorts of questions have brought my comment spam to a screeching halt. But there's one last problem: SimpleCaptcha is case sensitive and there's no immediately apparent way to turn it off. I don't want a visitor to type "Square" and not get their comment posted because they needed to have typed "square" instead.

So, to remedy this problem, simply access your web server and browse to wherever you have IIS/BlogEngine.NET installed. Then drill down to where SimpleCaptcha is. For me, it's C:\inetpub\wwwroot\App_Code\Extensions\SimpleCaptcha\. Open up the file SimpleCaptchaControl.cs in a text editor (or Visual Studio if you'd rather,) and find this method:

public void Validate(string simpleCaptchaChallenge)
{
   this.valid = this.skipSimpleCaptcha || this.simpleCaptchaAnswer.Equals(simpleCaptchaChallenge);
}

Simply change that one line to this:

public void Validate(string simpleCaptchaChallenge)
{
   this.valid = this.skipSimpleCaptcha || this.simpleCaptchaAnswer.Equals(simpleCaptchaChallenge,StringComparison.OrdinalIgnoreCase);
}

And you've just made your SimpleCaptcha not case-sensitive. The change takes effect as soon as you save the file; no restarts of anything are required.

Tags:

Site Maintenance | Software

Permalink | Comments (2)

Comments (2) -

Social Networking Development
Social Networking Development United States
1/23/2012 6:38:40 AM #

BlogEngine is doing really good and I think it is growing day by day, got ability to beat WP and Blogger as well.

Reply

Ryan
Ryan United States
1/23/2012 7:48:20 AM #

Well I think the appeal of Blogger is that it's free and requires basically zero effort to set up.  The downside being there is no configurability or customizability or extensibility. Being able to "pick from our 5 different themes" is not exactly a good way to make your blog stand out.

Now Wordpress on the other hand I think is going to be king for a while yet, for a few reasons. 1) Huge community that are constantly feeding it new and original themes and plugins, 2) It runs on Linux/Apache, which is unfortunately still by far the more popular web server.

However I am not missing anything with BlogEngine. I can dig around in the code every bit as much as I could with WP. It''s every bit as capable. The only thing BlogEngine needs to really get itself on the map is a large community of theme-makers and plugin-makers and modders.

Reply

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

About Me

Name: Ryan Ries
Location: Texas, USA
Occupation: Systems Engineer 

I am primarily a Windows engineer/architect and Microsoft advocate, but I can run with pretty much any system that uses electricity.  I'm all about getting closer to the cutting edge of technology, and using the right tool for the job.

This blog is about exploring IT and documenting the journey.

 

MCITP: Enterprise Administrator

Profile for Ryan Ries at Server Fault, Q&A for system administrators

LOPSA