""" REQUIRES: comments.py comment plugin Purpose: Attempt to block spam that only sends POST requests by having forms expire. This will create a new variable called $spamtoken This should go in your form, so in flavours/html/comment-form.html: The token is time-based. Old tokens are rejected. The default expiration period is 30 minutes. You can change this in your config.py with: py['comment_timeout'] = [number of seconds a comment form can live] """ __author__ = "Jordan Sissel" #__version__ = "20060722" __version__ = "20100516" # added filtering of 'lowest-rate-loans' spam __url__ = "http://www.semicomplete.com/" __description__ = "Time-based expiration on comment forms. Form submissions too-old are rejected." import re import sys import time def cb_prepare(args): request = args["request"] data = request.getData() data["spamtoken"] = int(time.time()) def cb_comment_reject(args): r = args["request"] c = args["comment"] form = r.getHttp()['form'] config = r.getConfiguration() # Default 30 minute timeout config["comment_timeout"] = config.get("comment_timeout", 1800) if "lowest-rate-loans.com" in c["description"]: reject(r, "lowest-rate-loans comment detected") return 1 sys.stderr.write("Comment: %s\n" % (c)) expiretime = time.time() - config["comment_timeout"] token = form['secretToken'].value jstest = re.search(r"\.OK$", token) m = re.search("[0-9]+", token) if m: token = int(m.group()) else: reject(r, "Invalid secret token: '%s'" % token) return 1 if 'secretToken' in form and (token - expiretime) > 0: if jstest: sys.stderr.write("%s] ACCEPT: %s - javascript OK, expiration OK\n" % ( time.asctime(), r.getHttp().get('REMOTE_ADDR', '???'))); else: reject(r, "javascript test failed (expiration ok)") return 1 return 0 reject(r, "expired secret") return 1 def reject(request, reason): sys.stderr.write("%s] REJECT: Comment attempt by %s rejected. Reason: %s\n" % (time.asctime(), request.getHttp().get('REMOTE_ADDR', '???'), reason))