FrontPage | Mr Blog | HowTo | RecentChanges


Greymatter Verification Word Hack

Implemented on Mr Blog: by DavidBeckemeyer The Mr Blog verification word comment anti-spam hack is built on top of Greymatter, but it should be possible to do something similar on top of other Blog software.

Note: Thereis a somewhat easier version of a numebr of anti-spam tools for Greymatter here: GreymatterAntiSpamHack

Revision History

Accessability Issues

The major problem with this technique is that it only works for sighted people and requires a browser/platform supporting graphics. I plan to add a scheme that allows users to 'fall-back' to an email verification or other scheme if, for whatever reason, they cannot complete the CAPTCHA verification. This keeps posting easy for the majority of users, and only adds a small overhead for those that cannot perform the CAPTCHA verification.


Download the tarball here:


Greymatter requires CGI, so it is assumed your web server supports CGI. The included scripts are in Bourne shell, so that basically implies a UNIX system. The simple CAPTCHA implemention uses Jef Poskanzer's PBMPLUS utilities. These tools are often already installed on many web servers. You need GCC (or some C compiler) to build the small pbmcaptcha program and of course you must be able to build a binary that will run on your web hosting server. If you cannot do that, let me know (DavidBeckemeyer) and I can maybe try to create a binary of the pbmcaptcha program for you for your web server platform.


 Type 'make' to build the 'pbmcaptcha' program.
 <b>Note:</b> This is for Greymatter v1.2.1.  It has not been ported to v1.3. If you do the port, please let me know.
 Modify the "mkcaptcha" script near the beginning where it has:
 so that the the value of CGIDIR is the local path to the CGI
 directory, as shown on the Greymatter Configuration page as 
 'Local CGI Path'
 Do the same for the 'captcha' script.
 Upload the following files to your web server CGI directory (the
 same place where your Greymatter CGI files reside):
 Use your FTP program to create a sub-directory in your CGI
 directory called "tmp" and CHMOD it to 777
 CHMOD the files "pbmcaptcha", "captcha", "gm-comments.cgi", and 
 "mkcaptcha" to 755.
 CHMOD the files "dictionary" and "luBIS24.bdf" to 644.
 Finally, change the Greymatter <b>{{entrycommentsform}}</b> Comments
 Form template to include an invocation of the captcha CGI script
 to generate a graphic verification word image and a corresponding
 text file for the user to enter the word, where the text field 
 name must be "newcommentxword".  As an example, something like
 the following HTML:
   <tr valign=top>
     <td nowrap align=right>
       Verification Word:
     <td align=left>
       <img border=0 src='/cgi-bin/captcha?a=myblog:{{entrynumber}}&new=y'
         alt='Verification Word'>
   <tr valign=top>
     <td nowrap align=right>
       Enter Verification Word:
     <td align=left>
       <INPUT TYPE=TEXT NAME="newcommentxword" SIZE=40>
 If you change the 'a=myblog:' in the above to something else, you
 need to change the "gm-comments.cgi" script to use the same string.
 If you use "a=myblog:" as above, it will work.
 If you want to use a different font in the CAPTCHA images, any X11 
 BDF font should work (hunt under /usr/X11 and try different ones 
 until you find one you like).  Modify the the setting for 'FONT' in
 the 'mkcaptcha' script to point to the desired font file.
 If you want to use a different dictionary, simply replace the
 supplied 'dictionary' file.