Applications

One way to try to prevent automated scripts from posting comments to a weblog is to implement a simple Turing test that asks the user to follow written instructions and correctly enter some input based on those instructions. A couple of years ago, Stefan Geens published a hack for Movable Type that allowed you to create just about the most rudimentary possible version of such a test: The user is required to type a single letter in order to post a comment. Simple, yet those who used it found it to be remarkably effective.

However, this method had several drawbacks. It required hacking some of the Movable Type source code; it would ask for the same letter across all entries (meaning it would be relatively easy for a spam script to circumvent); and it was never updated for current versions of MT, which now includes its own built-in anti-spam measures.

TinyTuring expands upon Stefan's basic idea, implementing it as an easy-to-install plugin. No hacking is required, and the letter the user is asked for will vary randomly with each entry. An encrypted key based on a private code is used as an additional safeguard, so a spam script couldn't simply try all 26 letters. For a comment where the correct letter is not provided, you have the option either to junk it using MT's junk scoring system, or to block it entirely so it never gets into your database.

Obviously, this approach does nothing whatsoever to prevent actual humans from going to your weblog and manually posting spam. Its intent is entirely to block automated scripts. TinyTuring is meant to be used in conjunction with MT's other content-based filtering mechanisms, not in place of them.

As with all anti-spam measures, TinyTuring may be effective for a while and become ineffective at some point as spammers devise a way to work around it. If you use it and eventually find that spam is once again starting to get through, I'd appreciate it if you could report this on the Plugin Forums so I can see if there's a way to improve the plugin.

Requirements

TinyTuring requires Movable Type 3.2.

Special Thanks

To Stefan Geens for the original hack, and to Daniel Radosh for requesting this feature and serving as a guinea pig for various versions of the plugin.

Installation

To install TinyTuring, download TinyTuring.tar.gz and decompress it on your hard drive. This will result in a directory called TinyTuring-[version]. The directories within this correspond to directories in the MT directory on your server.

Open the plugins directory. Upload the file TinyTuring.pl to the plugins directory on your server.

If you're using dynamic publishing, open the php/plugins directory. Upload all the files in that directory to the php/plugins directory on your server.

Support

Please use the support forums for all support requests, bug reports, feature requests, questions, and comments regarding this plugin.

Implementing TinyTuring on Your Templates

Once the plugin is installed, you must add a bit of template code to the MT templates that contain commenting forms. Normally this will be your Individual Entry Archive template (under Archives) and your Comment Preview Template (under System).

You have two options for how to insert the necessary code. The simplest way is simply to insert the MTTinyTuring tag where you want the test to appear. This will generate all the components needed to get TinyTuring to work, including the field for entering the letter, the text asking the user to enter the letter, and a hidden field with an encrypted value.

If you want more control over how the test looks, or what the text says, you can use the other tags provided to insert these elements individually. For example:

<$MTTinyTuringStart$>
<$MTTinyTuringHiddenField$><div class="my-text-style">
Please enter the letter "<$MTTinyTuringLetter$>" in the field below:
</div>
<div class="my-field-style">
<$MTTinyTuringField$>
</div>

Either way, you can place the TinyTuring code anywhere within the comment form, but it's probably best to put it immediately above the buttons for submitting a comment. For example, if you're using the default MT templates, you might put it immediately before this code:

<div id="comments-open-footer" class="comments-open-footer">

After you've put the code on your templates, you must enable TinyTuring for your weblog in the Plugin Settings.

Previewing vs. Posting

TinyTuring does not actually require you to enter the validation letter in order to preview a comment, only to post the comment. And it currently does not carry over a letter you enter in the form on the entry page to the field on the comment preview template (and, in fact, it will probably ask for a different letter). This is also true when previewing multiple times.

Because of this, you may want to add some text to let commenters know that they don't have to enter the letter until they're finished previewing and are ready to post.

Plugin Settings

To change the settings for TinyTuring for a particular weblog, go into the Settings area for that weblog and click the Plugins tab. You should see a listing for TinyTuring. Click on Show Settings to display the settings.

To change the default settings for all weblogs, go to System Overview > Plugins and click on Show Settings in the TinyTuring listing.

The available settings are as follows:

Enable: Controls whether, when a comment is submitted, the TinyTuring plugin will check to see that the correct letter has been entered. By default, TinyTuring is turned off for all weblogs.
Unverified Comments: This lets you choose what will happen when a comment is submitted without the correct letter entered in the TinyTuring field. You can either Junk the comment, meaning it will be entered into the MT system but with a junk score of -10 (so it won't be published but can be reviewed by an administrator), or Reject the comment entirely.
Salt: This is a two-letter code used to generate the encrypted hidden field used by TinyTuring. The code itself is never displayed on your pages. This can (and probably should) be different for each weblog for which you have TinyTuring turned on.

MTTinyTuring

This tag will display all the HTML code necessary for TinyTuring to function. It will select a random letter, and a verb or phrase beginning with that letter, which it uses to begin a sentence of the following form:

Terminate comment spam by typing the first letter of this sentence here:

Some CSS code is included so that the letter in question will be displayed bold and slightly larger.

MTTinyTuringStart

If you're not using MTTinyTuring to generate your code, you must use this tag before any of the other tags. This will initialize the plugin and select a random letter.

MTTinyTuringLetter

This tag will display the randomly selected letter for a given page.

MTTinyTuringWord

This tag will display a verb or phrase beginning with the randomly selected letter, from the following list:

avoid, beat, cancel, defeat, eliminate, forbid, get rid of, hinder, inhibit, jettison, kick out, liquidate, mitigate, negate, obliterate, prevent, quash, reduce, smash, terminate, unload, veto, wipe out, x out, you can help stop, zap

MTTinyTuringField

This tag will display a small input field named tinyturing, which is the field the plugin will look for when the comment is submitted.

MTTinyTuringHiddenField

This tag will output the HTML code for a hidden form field whose name is an encrypted key based on the random letter and the private two-letter code specified in the settings. This field must be submitted along with the user's one-letter entry for TinyTuring to accept the comment.

Version History

10/29/06 - version 1.02

The TinyTuring junk filter was mistakenly being applied to incoming TrackBack pings, resulting in their being junked (Dave Hill)

6/5/06 - version 1.01

Fixed bug where "Enabled" setting being turned off was not respected for junk filtering (Earl Fogel)

5/19/06 - version 1.0 released