Disabling Comments for Blacklisted IP addresses

by filip 18. February 2010 19:28

I was reading through the discussions on Codeplex for Blogengine.NET, and a user (ALBsharah) had an interesting idea for controlling spam: if we can already determine that a user is blacklisted based on the IP, do not even give them the ability to post new comments.  The thread is available here.

Making this change to BE is relatively simple.  The first change was actually creating a function which would return whether the user is blacklisted.  Comment moderation methods seem to be located in the CommentHandlers.as file in the BlogEngine.Core project. All of this code was actually already written in another method ( ModeratedByRule ), I just needed to extract that code out of that method, and modify that method to use the new code – I hate having code that does the same thing in two different places.  So, where before the function looked like the following:

   1: static bool ModeratedByRule(Comment comment)
   2:         {
   3:             // trust authenticated users
   4:             if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
   5:             {
   6:                 comment.IsApproved = true;
   7:                 comment.ModeratedBy = "Rule:authenticated";
   8:                 return true;
   9:             }
  10:  
  11:             int blackCnt = 0;
  12:             int whiteCnt = 0;
  13:  
  14:             // check if this user already has approved or
  15:             // rejected comments and belongs to white/black list
  16:             foreach (Post p in Post.Posts)
  17:             {
  18:                 foreach (Comment c in p.Comments)
  19:                 {
  20:                     if (c.Email.ToLowerInvariant() == comment.Email.ToLowerInvariant()
  21:                         || c.IP == comment.IP)
  22:                     {
  23:                         if (c.IsApproved)
  24:                             whiteCnt++;
  25:                         else
  26:                             blackCnt++;
  27:                     }
  28:                 }
  29:             }
  30:  
  31:             // user is in the white list - approve comment
  32:             if (whiteCnt >= BlogSettings.Instance.CommentWhiteListCount)
  33:             {
  34:                 comment.IsApproved = true;
  35:                 comment.ModeratedBy = "Rule:white list";
  36:                 return true;
  37:             }
  38:  
  39:             // user is in the black list - reject comment
  40:             if (blackCnt >= BlogSettings.Instance.CommentBlackListCount)
  41:             {
  42:                 comment.IsApproved = false;
  43:                 comment.ModeratedBy = "Rule:black list";
  44:                 return true;
  45:             }
  46:             return false;
  47:         }

It now looks like this:

   1: /// <summary>
   2:         /// Checks if the IP or email is blacklisted
   3:         /// </summary>
   4:         /// <param name="IP">The IP of the user</param>
   5:         /// <param name="Email">The Email of the user</param>
   6:         /// <returns>true if blacklisted, false if whitelisted, or null if undetermined</returns>
   7:         public static Nullable<bool> IsBlacklisted(string IP, string Email)
   8:         {
   9:             int blackCnt = 0;
  10:             int whiteCnt = 0;
  11:  
  12:             // check if this user already has approved or
  13:             // rejected comments and belongs to white/black list
  14:             foreach (Post p in Post.Posts)
  15:             {
  16:                 foreach (Comment c in p.Comments)
  17:                 {
  18:                     if (
  19:                         ( Email != String.Empty && c.Email.ToLowerInvariant() == Email.ToLowerInvariant())
  20:                         || c.IP == IP
  21:                         )
  22:                     {
  23:                         if (c.IsApproved)
  24:                             whiteCnt++;
  25:                         else
  26:                             blackCnt++;
  27:                     }
  28:                 }
  29:             }
  30:  
  31:             // user is in the white list - approve comment
  32:             if (whiteCnt >= BlogSettings.Instance.CommentWhiteListCount)
  33:             {
  34:                 return false;
  35:             }
  36:  
  37:             // user is in the black list - reject comment
  38:             if (blackCnt >= BlogSettings.Instance.CommentBlackListCount)
  39:             {
  40:                 return true;
  41:             }
  42:  
  43:             return null;
  44:         }
  45:  
  46:         static bool ModeratedByRule(Comment comment)
  47:         {
  48:             // trust authenticated users
  49:             if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
  50:             {
  51:                 comment.IsApproved = true;
  52:                 comment.ModeratedBy = "Rule:authenticated";
  53:                 return true;
  54:             }
  55:  
  56:             Nullable<bool> isBlacklisted = IsBlacklisted(comment.IP, comment.Email);
  57:  
  58:             // user is in the white list - approve comment
  59:             if (isBlacklisted == false)
  60:             {
  61:                 comment.IsApproved = true;
  62:                 comment.ModeratedBy = "Rule:white list";
  63:                 return true;
  64:             }
  65:  
  66:             // user is in the black list - reject comment
  67:             if (isBlacklisted == true)
  68:             {
  69:                 comment.IsApproved = false;
  70:                 comment.ModeratedBy = "Rule:black list";
  71:                 return true;
  72:             }
  73:             return false;
  74:         }

Next, a very simple change needed to be made to the CommentView.ascx.cs file, which actually handles the viewing of the comment section.

The following line was modified ( in /User controls/CommentView.ascx.cs):

   1: if (BlogSettings.Instance.IsCommentsEnabled)

To this:

   1: if (
   2:                 BlogSettings.Instance.IsCommentsEnabled && 
   3:                 BlogEngine.Core.CommentHandlers.IsBlacklisted(Request.UserHostAddress, String.Empty) != true
   4:                 )

Both of the updated files are available for download by following this link.  Hopefully I didn’t mess anything up ( this was all about 5 min of code, thanks to BenAmada for his tips ).

Tags: , , , ,

Web Development

blog comments powered by Disqus

About Filip Stanek

Death Note Pic I'm a developer at ACG in Cincinnati, OH. I like ASP.NET, Flash, and other web technologies, & enjoy playing chess, video games, etc.

Currently playing:
- StarCraft IIE-mail me Send mail

Disqus

Month List