UPDATE 01.31.2010: The latest release of BlogEngine.NET (2.0) addresses a number of spam-related issues and includes some of it’s own CAPTCHA-type options, including reCaptcha.
BlogEngine.NET implements an “Invisible CAPTCHA” solution that has worked quite well for a considerable amount of time. As of the past few weeks, those of us using BlogEngine.NET have been pelted with numerous SPAM entries, far too frequent to be human-generated. It seemed as if someone had found their way around the CAPTCHA solution…and they have as the below video shows.
There is a lot of discussion amongst the developers of BlogEngine.NET on how to combat this, and four lines of code were added in Change Set 28194. The four lines are below, and are added to the top of the Page_Load in CommentView.ascx.cs.
string generatedFieldName = “txtName” + DateTime.Now.Ticks.ToString();
txtName.ID = generatedFieldName;
CustomValidator1.ControlToValidate = generatedFieldName;
RequiredFieldValidator1.ControlToValidate = generatedFieldName;
The code seems to dynamically generate the submit button name, so that an automated bot can’t just post based on what it knows the submit button’s name to be.
This appears to be something that could theoretically be hacked as well, but is an easy quick fix if you’re having issues. My understanding is that the BlogEngine.NET team is working diligently to come up with a more substantial solution.