In order to try and prevent the spamming issues, I finally had to do something I didn't want to do—and that's implement a Captcha process to the comments.
When you wish to post a comment, you'll now be required to fill in the text you see in the image right below the comment box. This is to help ensure that it's a real person entering in the comment and not just a spam bot. If this doesn't help with the problem, the next step will be either to require a valid e-mail (in which you'll have to go through a verify process the first time you post) or I'll start approving all comments manually. I really hope I don't have to turn off commenting altogether, but I'm tired of deleting 20-30 spam messages a day.
For those of you wondering, I used LylaCaptcha for my captcha needs, which worked on really well. I was going to type up a "how-to", as the documents on the LylaCaptcha site aren't as straightforward as they could be. Once you figure out what you need to do, it's very straightforward, but I found I had to really do a lot through trial an error. Anyway, the reason I'm not doing a write-up is Brian Rinaldi already wrote what I ended up doing in a blog post titled Adding Open-Source LylaCaptcha to BlogCFC.
Don't let that title fool you though, he shows the basic code that's needed to add LylaCaptcha to any of your projects. I just wish I would have found this article before I wrote my code. It would have saved me a lot of trial and error.
There are a couple of issues I found with LylaCaptcha.
- The captchaService.cfc must be stored as a persistent variable (application scope, server scope, etc.) This is because it uses a caching algorithm for the hashes. If you only initiate the CFC as a local variable, the results will only be valid for that page. So, if you wish to use a setup like Brian documents in his blog post, make sure to use the application scope.
- If you're on CFMX 6.x, you'll need to remove references to the function isXML() found in the captchaService.cfc. I believe there's only one call to this function. This is a function new to CFMX 7. You can just comment this block of code out—doing so should not harm your code in the least, all it will do is give you less specific error checking if you captcha.xml is invalid.
- This is documented on the LylaCaptcha website. Line 248 that currently reads:
<cfset graphics.setColor(getConfigBean().getFontColor()) />
<cfset graphics.setColor(getColorByType(getConfigBean().getFontColor())) />