{"id":55,"date":"2010-02-18T00:00:00","date_gmt":"2010-02-18T00:00:00","guid":{"rendered":"http:\/\/bloodforge.com\/?p=55"},"modified":"2020-02-20T02:21:19","modified_gmt":"2020-02-20T02:21:19","slug":"disabling-comments-for-blacklisted-ip-addresses","status":"publish","type":"post","link":"https:\/\/bloodforge.azurewebsites.net\/index.php\/2010\/02\/18\/disabling-comments-for-blacklisted-ip-addresses\/","title":{"rendered":"Disabling Comments for Blacklisted IP addresses"},"content":{"rendered":"\n

I was reading through the discussions on Codeplex for Blogengine.NET, and a user (ALBsharah) had an interesting idea for controlling spam: if we can already determine that a user is blacklisted based on the IP, do not even give them the ability to post new comments.  The thread is available here<\/a>.<\/p>\n\n\n\n

Making this change to BE is relatively simple.  The first change was actually creating a function which would return whether the user is blacklisted.  Comment moderation methods seem to be located in the CommentHandlers.as file in the BlogEngine.Core project. All of this code was actually already written in another method ( ModeratedByRule ), I just needed to extract that code out of that method, and modify that method to use the new code \u2013 I hate having code that does the same thing in two different places.  So, where before the function looked like the following:<\/p>\n\n\n\n

static bool ModeratedByRule(Comment comment)\n{\n    \/\/ trust authenticated users\n    if (Thread.CurrentPrincipal.Identity.IsAuthenticated)\n    {\n        comment.IsApproved = true;\n        comment.ModeratedBy = \"Rule:authenticated\";\n        return true;\n    }\n    int blackCnt = 0;\n    int whiteCnt = 0;\n    \/\/ check if this user already has approved or\n    \/\/ rejected comments and belongs to white\/black list\n    foreach (Post p in Post.Posts)\n    {\n        foreach (Comment c in p.Comments)\n        {\n            if (c.Email.ToLowerInvariant() == comment.Email.ToLowerInvariant()\n                || c.IP == comment.IP)\n            {\n                if (c.IsApproved)\n                    whiteCnt++;\n                else\n                    blackCnt++;\n            }\n        }\n    }\n    \/\/ user is in the white list - approve comment\n    if (whiteCnt >= BlogSettings.Instance.CommentWhiteListCount)\n    {\n        comment.IsApproved = true;\n        comment.ModeratedBy = \"Rule:white list\";\n        return true;\n    }\n    \/\/ user is in the black list - reject comment\n    if (blackCnt >= BlogSettings.Instance.CommentBlackListCount)\n    {\n        comment.IsApproved = false;\n        comment.ModeratedBy = \"Rule:black list\";\n        return true;\n    }\n    return false;\n}<\/code><\/pre>\n\n\n\n
 It now looks like this: <\/p>\n\n\n\n
 \/\/\/ <summary>\n\/\/\/ Checks if the IP or email is blacklisted\n\/\/\/ <\/summary>\n\/\/\/ <param name=\"IP\">The IP of the user<\/param>\n\/\/\/ <param name=\"Email\">The Email of the user<\/param>\n\/\/\/ <returns>true if blacklisted, false if whitelisted, or null if undetermined<\/returns>\npublic static Nullable<bool> IsBlacklisted(string IP, string Email)\n{\n    int blackCnt = 0;\n    int whiteCnt = 0;\n    \/\/ check if this user already has approved or\n    \/\/ rejected comments and belongs to white\/black list\n    foreach (Post p in Post.Posts)\n    {\n        foreach (Comment c in p.Comments)\n        {\n            if (\n                ( Email != String.Empty && c.Email.ToLowerInvariant() == Email.ToLowerInvariant())\n                || c.IP == IP\n                )\n            {\n                if (c.IsApproved)\n                    whiteCnt++;\n                else\n                    blackCnt++;\n            }\n        }\n    }\n    \/\/ user is in the white list - approve comment\n    if (whiteCnt >= BlogSettings.Instance.CommentWhiteListCount)\n    {\n        return false;\n    }\n    \/\/ user is in the black list - reject comment\n    if (blackCnt >= BlogSettings.Instance.CommentBlackListCount)\n    {\n        return true;\n    }\n    return null;\n}\nstatic bool ModeratedByRule(Comment comment)\n{\n    \/\/ trust authenticated users\n    if (Thread.CurrentPrincipal.Identity.IsAuthenticated)\n    {\n        comment.IsApproved = true;\n        comment.ModeratedBy = \"Rule:authenticated\";\n        return true;\n    }\n    Nullable<bool> isBlacklisted = IsBlacklisted(comment.IP, comment.Email);\n    \/\/ user is in the white list - approve comment\n    if (isBlacklisted == false)\n    {\n        comment.IsApproved = true;\n        comment.ModeratedBy = \"Rule:white list\";\n        return true;\n    }\n    \/\/ user is in the black list - reject comment\n    if (isBlacklisted == true)\n    {\n        comment.IsApproved = false;\n        comment.ModeratedBy = \"Rule:black list\";\n        return true;\n    }\n    return false;\n}<\/code><\/pre>\n\n\n\n
Next, a very simple change needed to be made to the CommentView.ascx.cs file, which actually handles the viewing of the comment section.<\/p>\n\n\n\n
The following line was modified ( in \/User controls\/CommentView.ascx.cs):<\/p>\n\n\n\n
if (BlogSettings.Instance.IsCommentsEnabled)<\/code><\/pre>\n\n\n\n
 To this: <\/p>\n\n\n\n
if (\n    BlogSettings.Instance.IsCommentsEnabled && \n    BlogEngine.Core.CommentHandlers.IsBlacklisted(Request.UserHostAddress, String.Empty) != true\n)<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
I was reading through the discussions on Codeplex for Blogengine.NET, and a user (ALBsharah) had an interesting idea for controlling spam: if we can already determine that a user is blacklisted based on the IP, do not even give them the ability to post new comments.  The thread is available here. Making this change to BE […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts\/55"}],"collection":[{"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/comments?post=55"}],"version-history":[{"count":1,"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":56,"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts\/55\/revisions\/56"}],"wp:attachment":[{"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/media?parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/categories?post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bloodforge.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/tags?post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}