BlogEngine.NET has an invisible captacha that should stop comment spam except for 1 tiny little problem: somebody that goes through the trouble of writing a robot can defeat it.
I’m not sure how many people use BE.NET, but apparently it is enough to attract spammers. Somebody had to sent down look at the comment form and write a program that would post it back to the URL end points. It wouldn’t be too hard to realize that one of the fields being sent to the client also needed to go back.
My solution is to attach a key press event to the comment field. When somebody types in the field I set some values that get verified on the server side. It can still be hacked, but because this is unique to my blog I doubt anybody would bother to customize a robot just for little ol’me.
Does it work? No idea yet. I’m writing a control panel application to help manage comments. In my case I approve comments, but BE out of the box requires that I log on to the site and go through my posts to find comments. I want a program that just shows me all the new unapproved comments and lets me delete them or approve them. Should be really easy to write.