Staticman fighting spam

Help
1

I guess a few of us here use staticman ?

What are you all doing to fight spam ?
I’m getting two or three each week, and it looks like someone actually typing stuff in, and completing the captcha :open_mouth:

What are other doing ?

2

spam is so boring :frowning:

Here’s another:

the visit to the page:
136.169.197.73 - - [05/Dec/2018:14:43:31 +1300] "GET /development/2018/11/06/Comments-on-blogs-vs-Social-Media.html HTTP/1.0" 200 167824 "https://terminaladdict.com/development/2018/11/06/Comments-on-blogs-vs-Social-Media.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"

and then post to staticman:
136.169.197.73 - - [05/Dec/2018:14:43:41 +1300] "POST /v2/entry/TerminalAddict/ta.com-website/master/comments HTTP/1.0" 200 724 "https://terminaladdict.com/development/2018/11/06/Comments-on-blogs-vs-Social-Media.html" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"

anyone got any brilliant ideas?
will trade ideas for links to porn sites :laughing:

3

update:
this seems to be working (for now)

<fieldset>
    <div class="g-recaptcha" data-sitekey="xxx" data-callback="verifyCaptcha"></div>
</fieldset>
<fieldset>
  <button type="button" id="comment-form-submit" class="btn" disabled="disabled" aria-disabled="true" >Submit Comment</button>
  <noscript>Your browser does not support JavaScript! You can't submit a comment.</noscript>
</fieldset>

then some JS

var verifyCaptcha = function(response) {
    if(response.length == 0) {
    } else {
    	var _el=$('#comment-form-submit');
        _el.removeAttr("disabled");
        _el.addClass('button-primary dark-blue-bg');
        _el.attr('aria-disabled', 'false');
        _el.attr('type', 'submit');
    }
};
4

Why don’t you activate moderation in your staticman config file?

5

I do have moderation.
It’s just super boring dealing with spam :slight_smile:

So I’m trying to stop it before it turns into a pull request

6

From what I can tell Staticman has support for Akismet… which should help filter out spam. That said I’ve never had any luck or confirmation if it’s actually turned on after enabling it in the config or that it’s doing anything.

7

I don’t think Akismet in staticman actually does anything ?

Anyway … I spoke too soon :frowning:

185.234.219.246 - - [11/Dec/2018:15:15:03 +1300] "GET /development/2018/11/06/Comments-on-blogs-vs-Social-Media.html HTTP/1.0" 200 167948 "https://terminaladdict.com/development/2018/11/06/Comments-on-blogs-vs-Social-Media.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
185.234.219.246 - - [11/Dec/2018:15:15:13 +1300] "POST /v2/entry/TerminalAddict/ta.com-website/master/comments HTTP/1.0" 200 1275 "https://terminaladdict.com/development/2018/11/06/Comments-on-blogs-vs-Social-Media.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
8

I know this is an old thread, but I came looking for answers, then found some, so…

akismet support is only available with self-hosted or on heroku

you need to set up environment variables with your site name and akismet api key wherever staticman is hosted.

9

well after nearly two years I can report that that html/js change fixed my spam problem.

Specifically, changing the html to button type=“button”, then dynamically changing to type=“submit” takes care of 99.999%
This JS function seems to be the bizzo!

var verifyCaptcha = function(response) {
    if(response.length == 0) {
    } else {
    	var _el=$('#comment-form-submit');
        _el.removeAttr("disabled");
        _el.addClass('button-primary dark-blue-bg');
        _el.attr('aria-disabled', 'false');
        _el.attr('type', 'submit');
    }
};
10

Sounds promising. Can you say a bit more about this. What file is this code in? How/From where is it called? (I wrote the “Staticman at Heroku” post mentioned above. I’ve never figured out how to get Staticman to trigger an Akismet spam check.)

1 Like
11

I have recaptcha … in my _includes/post_comments.html I have:

<div class="g-recaptcha" data-sitekey="yoursitekeyhere" data-callback="verifyCaptcha"></div>
<script src='https://www.google.com/recaptcha/api.js'></script>
<button type="button" id="comment-form-submit" class="btn btn-secondary" disabled="disabled">Submit Comment</button>
<noscript>Your browser does not support JavaScript! You can't submit a comment.</noscript>

the data-callback runs a Js function called verifyCaptcha … which I posted above.

That Js function changes the “button type” from button to type=submit which allows the form to be submitted.
Plus it removes the disabled attribute.

Here is the working example: