I have written a small script which try to avoid the spam in comments posted in Dotclear blogs. It uses JavaScript events to detect any human activity (move of the mouse or press of a key) and send, using AJAX, a data to the server in order to inform it that the user is human. Then, the entire form is displayed and can be submitted. If no human activity is detected, the user is considered as a bot and can't see the entire form. It can't fill all the inputs and it will be rejected automatically by the server when the submit will take place because of a lack of informations.

The way to install this script is quite simple :

  • Get the file http://www.sygus.net/atwork/dumbspam/dumbspam-1.0.zip
  • Extract it and put the file form_ajax.php in the directory in which the current theme is. For example : /dotclear/themes/currentTheme/
  • Open the file /dotclear/themes/currentTheme/post.php and replace the line which call form.php :

<?php include dirname(FILE).'/form.php'; ?>

by

<?php include dirname(FILE).'/form_ajax.php'; ?>

It should work for the new bots which try to post spam. If the bot has already come, and has saved the form's page in his memory before the installation of the script, it can go beyond this protection. In this case, another modification is needed. If the weblog is new, obviously this problem doesn't exist.

So the modification is the following : in the file form_ajax.php, replace the line :

<input name="c_nom" id="c_nom" type="text" ...

by

<input name="c_nomform" id="c_nom" type="text" ...

And in the file /dotclear/layout/prepend.php, replace the line :

$c_nom = trim($_POST'c_nom');

by

$c_nom = trim($_POST'c_nomform');

Yes, you need to modify the core of dotclear ! I don't see any other solution.