Fighting spam with Waegis

<< Securing images in Asp.Net | Commentor - new extension for BlogEngine >>

Nov 24

Security

Are you getting a lot of spam lately? BlogEngine has built-in filter and it worked just fine for me up until now. But for the last couple of months I got some spam getting through. Not a hole lot yet and sources seem to be pretty obvious so that I probably could’ve easily block it myself with simple home-made solution, but I decided to use it as an opportunity to take a look at big boy’s spam fighting machines.

There are few choices we have here, and first one I wanted to try is Waegis. Waegis is a service built by our fellows .NETers which supports many .NET projects including BlogEngine. It has entry level free personal subscription as well as commercial offering, which is usually a good sign – you have to have good hardware and solid back-end at a minimum to run commercial site and Waegis home page speaks up front about this important fact.

On the flip side – you have certain restrictions when you mix free and paid accounts. That’s fair, so before jumping in make sure your site gets less then 5000 monthly comments. I’m quite positive that this is not an issue for me. If you have several sites running under your domain, one account will cover up to 10 “instances” (if I got it right - in Waegis terms instance is not equals web application). I think these restrictions are pretty generous overall.

To get it up and running on BlogEngine, first go to http://waegis.com and sign up for free personal account. Then you can navigate to download section and get BlogEngine extension along with client library. It also comes with source code if you need to make changes and application key that extension will use to authenticate at Waegis. Simply put DLL in the /bin folder and extension in the /app_code/extensions, then enter your site URL and application key in the extension settings and you all set.

Now every time before accepting a comment, BlogEngine will call Waegis and kick it out if it decides that comment is a spam. How good it is in identifying spam? That’s the question! Time will tell.

Custom Filters in BlogEngine 1.6 Spam comments are annoying and sometimes looking at comment allowed by Akismet or some other anti-...Spam counter control I’ve been playing a lot with Commentor and Waegis lately and got a little tired of having to ...How to switch Commentor from Waegis to Akismet If you are using Commentor with Waegis like I do, you probably got email about Waegis suspending se...

Comments

11/26/2008 10:55:10 AM #

I'm trying too Waegis.
Unfortunately it does not work with Blogengine.NET !

Well, the service work fine: it recognizes spam but the comments are marked as "in moderation" and shown the same if you do not have active comment moderation.

I think that the problem is due to a bug in Blogengine's method to display the comment list. I tested the code for the extension and I think correctly

In this way the service is useless

What do you think about Ruslan ?

Cristiano |

11/26/2008 11:53:10 AM #

I'm also not happy with the way it is working. If I use moderation, I want Waegis validate and approve comments for me - and it doesn't. And I don't want to use moderation at all, I'd prefer to allow everybody to comment and just redirect spam to the staging where I can delete or approve it. I started playing with this idea, will probably end up building an extension that combines admin interface for comment moderation and integrates Waegis extension to catch spam.

rtur.net |

11/26/2008 4:41:44 PM #

I started playing with this idea, will probably end up building an extension that combines admin interface for comment moderation and integrates Waegis extension to catch spam.

Good ! But IMHO I think that there is a problem in /usercontrol/CommentView.ascx. This is the code snippet:

      //Add approved Comments
      foreach (Comment comment in Post.Comments)
      {
        CommentViewBase control = (CommentViewBase)LoadControl(path);
        if (comment.IsApproved || !BlogSettings.Instance.EnableCommentsModeration)
        {
          control.Comment = comment;
          control.Post = Post;
          phComments.Controls.Add(control);
        }
      }

If comment is NOT approved but BlogSettings.Instance.EnableCommentsModeration is FALSE, the the comment shows the same and the comment is again shown by the following snippet of code

//Add unapproved comments
      foreach (Comment comment in Post.Comments)
      {
        CommentViewBase control = (CommentViewBase)LoadControl(path);

        if (!comment.IsApproved && Page.User.Identity.IsAuthenticated)
        {
          control.Comment = comment;
          control.Post = Post;
          phComments.Controls.Add(control);
        }
      }

Well, the bug is also present in Blogengine :-(

Cristiano |

11/26/2008 5:00:26 PM #

I think its intentional in the first example; if you turn moderation off, you want all comments to show up even if they not approved. In the second snippet, it shows unapproved comments to the admin so he is able to approve/delete them. I would probably change it from "IsAuthenticated" to "in admin role".

In any case, I want this extension to work with existing 1.4.5 without forcing to upgrade.

rtur.net |

11/27/2008 5:22:48 AM #

Thank you for introducing Waegis

As of the free and commercial services, I should share the good news with you that Waegis will be completely free until the end of 2008. We're hosted on multiple dedicated servers to gurantee the uptime but will switch to a cloud solution to improve things more and more.

Regarding your comments, would you please explain the situation in more details (you should have my email from this comment), so I can understand what's wrong? Btw, the solution shouldn't be difficult to apply but you would keep in mind that in a comment spam filter, we try to store all results on the local storage whether they're marked as spam or not. If they're spam, they will not be published but will be there, so editors can check the items in the future (something like junk folder for emails).

Keyvan Nayyeri |

11/27/2008 5:23:34 AM #

Btw, you can find more about the future plans for Waegis here:

http://nayyeri.net/blog/the-future-of-waegis/

Keyvan Nayyeri |

12/1/2008 6:11:49 AM #

@Keyvan Nayyeri:
Well, but your Blogengine.NET's extension does not distinguish between comments by the editor (or administrator) and those of visitors.
In this way are used unnecessarily call to the Waegis API and can be wrongly interpreted as spam comments of the editors (or the administrator).

Cristiano |

12/1/2008 7:37:27 AM #

It seems [usercontrol:...] in comments also works?

[usercontrol:'PostList']

[usercontrolostList]

Dusan |

1/23/2009 5:29:28 AM #

spam is a fact of life when you run a open public blog. Waegis will be good enough to catch the obvious ones but then you will still need to moderate a few yourself. There will also be some which Waegis catches by mistake but it's worth it.

Mouse Cursor |

8/21/2009 11:34:51 PM #