I’ll just start off with it – comment spam sucks.
Well, okay – really, any kind of spam sucks, but comment spam has been the bane of my existence lately. Initially, just to stop the incoming flow, I resorted to keyword matching. I grabbed strings from the current comments (around 6 thousand of them) and put them into a big array to help blog the evil little baddies hellbent on posting their worthless crap all over my comments (me? bitter? never!)
Sure it works, but it’s a pain to have to go back in each time and readd something when a new spam comes along. So, I told myself, “Self, surely there has to be a better way”. All hail the happiness that is Google – I found an answer within the first few pages of results, and that solution’s name is Akismet.
Now, I know what you’re thinking, “That’s just a WordPress plugin, right?” Wrong. They actually have a pretty slick (and simple! yay!) API to interface with their vast repository of spam-related things. All you have to do is provide them with the contents of the comment you’ve just recieved and they give you a “yay” or “nay” as to if it’s spam or not. The API takes in a traditional POST request and returns a normal response, in this case with either the string “true” or “false” (true meaning that it is spam).
Since it is a pretty easy interface to work with, I decided to throw together a little PHP class to make the connection and check to see if the message is spam (as well as check to see if your WordPress key is valid). Oh, did I mention that you need a WordPress key to get the setup working? You’ll need to go signup over on WordPress.com and, once logged in, go to your “My Dashboard” (top left link), go to the “Users” tab at the top, hit “Your Profile”, and right there at the top of the page you’ll see “Your WordPress.com API key is…”. Easy as pie.
With that in hand, you can grab the PHP class and go to town. What’s that? You want to know a little bit more about it? Well, okay…but just this once. And because I like you.
The class (made for PHP5, but is pretty simple to go back to PHP4 with) basically has seven functions:
- Akismet() – the constructor, it just sets some class variables
- _makeRequest() – actually does the work of sending the data off and getting the response back
- _encodeRequest() – a simple function that loops and urlencodes an array
- checkSpam() – generates the request to send off to the API to see if something is spam
- checkKey() – calls a different server to see if the WordPress key you’re using is valid
- submitSpam() – placeholder, for now.
- submitHam() – placeholder for now.
Most of the class is pretty self-explanitory and is made to be used by just calling checkSpam() with the right parameters. As their documentation mentions, the more information you send along the better, but the simplest call I’ve seen that’s valid sends the content and author fields (comment_content and comment_author). The other fields that you can send are also listed in the documentation.
I know you’re hungry for some actual code by now, so we’ll get to the point. To make a simple checkSpam() call, here’s an example:
echo "this is spam and it sucks!";
echo "we have an all-clear!";
Pretty easy, right? And any of the other fields you add into $arr (like permalink, comment_author_email, or comment_type) will be automatically included in the POST request out to the Akismet service.
It’s not the most robust system and there’s some other classes out there that are more well-developed than this one, but it’s light, easy, and it worked for what I needed it to do. Hopefully, it’ll help someone else out there too…
Oh, and incase you missed it – source: Akismet.phps