http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660There's no point bothering with custom code to handle IP's and cookies when SubText already has support for Akismet and Invisible CAPTCHA (which just verifies that the user agent can eval a JavaScript statement). Seems like a silly thing to complain about. Every user has to type "orange" to post a comment on codinghorror, and plenty of readers have managed that. After typing a few hundred characters in a comment, is 4 more that much of a hardship? Maybe it's a good thing - a short waiting period to prevent rash comments. ;-) http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment9http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment9Fri, 07 Dec 2007 19:43:53 GMTI also miss RSS for comments. In my opinion that would increase debate on particular issue and increase number of page visits and comment replies. http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment8http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment8Tue, 04 Dec 2007 14:59:05 GMT@Jeremy, It sucks if you have a dynamic IP that changes often. However, if there have been several non-spam comments and zero spam messages in the past N days, then I believe it is highly likely that the next comment will _not_ be spam. Thus, I do not see how my plan fails, at least for those with relatively static IPs. For dynamic IPs, one could always do a cookie that gets some unique value from the server. I don't think we need to worry about spammers sniffing such cookies... http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment7http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment7Tue, 04 Dec 2007 14:15:01 GMTThat issue with not closing your comment tags is fixed in the next version of Subtext, soon to be released. http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment6http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment6Tue, 04 Dec 2007 08:36:45 GMTSadly, Luke's request regarding whitelisting his IP address is only tenable in a mythical world populated only with static IP addresses. In the real world, an IP address can't even be trusted for a single request, let alone a chronology of them. ;) http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment5http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment5Mon, 03 Dec 2007 20:39:19 GMTI should probably elaborate on #7: it should be simple to see if there are any undeleted comments from the requesting IP greater than a certain age, and if so, skip the CAPTCHA. I wasn't arguing against a CATCHA at all (spammers be damned), but against requiring one when it is trivial to trust me. :-) I promise I won't release my awesome spamming engine that has made me billions of dollars. http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment4http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment4Mon, 03 Dec 2007 17:35:52 GMT &lt;- Sent a closing "code" tag. oops... likes like you are allowing &lt;code&gt; blocks in your comments but we (Subtext) didn't do a good job of validating the input b/c I didn't send a closing tag. We should either auto-close it, or HTML Encode the unclosed opening tag. http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment3http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment3Mon, 03 Dec 2007 16:33:42 GMTI think I can answer (or at least point you in the direction of an answer/solution) for most of your issues. 1) [code change] I think we already have a [feature request](http://sourceforge.net/tracker/index.php?func=detail&aid=1290424&group_id=137896&atid=739982) for something like this, so perhaps we just need to get it's priority increased... or someone to submit a patch. :) 2) [skinning issue/possible code change] The most robust solution would require a code change to allow a commenter to markup their comment to notify Subtext that a block of text is a comment... and then Subtext could "convert" it to formatted HTML that works with our [csharp.css style sheet](http://ayende.com/Blog/skins/_system/csharp.css). Of course, some of this could also be fixed by adjusting your skin to allow <pre> and/or markup in the comments. 3) [upgrade] As of Subtext v1.9.4 (or so...) we've been using AJAX to submit comments, so if you upgrade this issue will go away. You can go test it at my blog (running a beta build of 1.9.6) to see what I mean. 4) [upgrade/skinning issue] As of v1.9.4 there is a [user control](http://idunno.org/archive/2007/02/12/Adding-the-Post-Category-List-to-your-subtext-skin.aspx) to do this. 5) [upgrade] We will support this in the coming v1.9.6 release... 6) [skinning issue] this is a matter of the skin being used and it can be changed by adjusting the CSS for this skin 7) [blog config option] Subtext supports several forms of CAPTCHA including full fledged CAPTCHA, invisible CAPTCHA, Akismet support, etc... Enabling/disabling these various forms of CAPTCHA is up the the blog owner. I hope these answers point you in the right direction. And remember, Subtext is OSS, so you (and your readers) should feel free to contribute back to Subtext if you wish... we're always open to ideas and feedback from our community and a little help pumping out the code is nice too. :) http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment2http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment2Mon, 03 Dec 2007 16:30:06 GMTA Test comment for my next comment. http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment1http://ayende.com/3003/blog-feedback-and-a-request-for-help#comment1Mon, 03 Dec 2007 16:19:17 GMT