djangospam 0.3.3

Django antispam module

Django antispam module with an invisible fake comment/contact form, cookie based middleware and Akismet verification.

See http://pythonhosted.org/djangospam for complete documentation. Djangospam is compatible with both Python 2 and 3.

General options

These options are used by more than one djangospam module/package:

DISCARD_SPAM

If spam should be either automaticaly discarded or marked as not public and removed.

DJANGOSPAM_COOKIE_LOG

Log file path and name. Defaults to False (no logging).

Fake form with cookie middleware

New in version 0.3.0

The cookie middleware uses cookies to identify known spam bots. Simple crawlers usually don’t accept cookies, but spam bots may accept, since a website may require this to receive comments. In order to use the cookie middleware, add djangospam.cookie.middleware.SpamCookieMiddleware to MIDDLEWARE_CLASSES at your settins file (usually settings.py). In your template, insert:

{% include 'djangospam/cookieform.html' %}

You may also define some variables at your settings file to customize your cookie:

DJANGOSPAM_COOKIE_KEY

The cookie identifier. Defaults to dsid.

DJANGOSPAM_COOKIE_PASS

The initial value of the cookie. It is used only to know beforehand if the user agent accepts cookies. Defaults to 0.

DJANGOSPAM_COOKIE_SPAM

The cookie value for known spammers. If the HTTP request presents djangospam cookie with this value, the middleware will return a 404 status code (moved permanently or forbidden, according to the standards). Defaults to 1.

Note: If djangospam.cookie.middleware.SpamCookieMiddleware is being used, djangospam.akismet module will treat as spam any comment attempt with cookies disabled.

Fake form without middleware

You may also use the fake form without the cookie middleware. This will not block access from known spam bots. In order to do this, include djangospam in your installed modules (at settings.py) and insert the following code in your template, before the true form:

{% include 'djangospam/form.html' %}

You may define a spam_uri context variable with the fake formulary destination URI. If no URI is defined, the form will be posted at the same address of the page in which the form has been placed (it will be used a <form method=”post” action=””>…</form> code). The destination address must accept POST requests and should not change the database.

Akismet

New in version 0.2.0

Besides including djangospam in your installed modules (at settings.py), you should insert the following code to your models file:

from djangospam import akismet

class MyModel(...):
    ...

try:
    akismet.register(MyModel)
except akismet.AlreadyModerated:
    pass

You also must define the variables below at settings.py:

AKISMET_BLOG

Your home page URL, including http://

AKISMET_KEY

Your application key at akismet.com

AKISMET_USERAGENT

Your application name

AKISMET_USERAGENT_VERSION

Your application version

Note: If djangospam.cookie.middleware.SpamCookieMiddleware is being used, djangospam.akismet module will treat as spam any comment attempt with cookies disabled.

Results

The fake form alone is getting more than 99,9% (circa 1,399 out of 1,400 spam comments) efficiency at http://www.correioprogressista.com.br/, which used to have more than 200 spam comments each day. Even so, I recommend using Akismet or another spam analysis tool.

On the first 14 hours of the cookie middleware at the same website, it identified 244 spammers and blocked 68 requests from known spammers:

$ grep -c "BLOCK RESPONSE" spam.log
244
$ grep -c "SPAM REQUEST" spam.log
68

Change log

• 0.3:

  • 0.3.3 (2013-03-17):

    Worked around pip bug.

  • 0.3.2 (2013-03-17):

    Fixed new setup bug (setup.py) - NOT A BUG, see v. 0.3.3.

  • 0.3.1 (2013-03-17):

    Fixed setup bug (in Manifest.in)

  • 0.3.0 (2013-03-17):

    Implemented cookie middleware

• 0.2:

  • 0.2.2 (2013-03-16):

    Fixed bug at akismet module.

  • 0.2.1 (2013-03-13):

    Made compatible with both Python 2 and 3.

  • 0.2.0 (2013-03-10):

    Implemented Akismet verification.

• 0.1:

  • 0.1.1-0.1.6 (2013-03-10):

    Bugfixes.

  • 0.1.0 (2013-03-09):

    First version.