DEV Community

Cover image for 3 top open-source comment systems and their anti-spam capabilities
๐Ÿพ Onar A.
๐Ÿพ Onar A.

Posted on • Originally published at oopspam.com

3 top open-source comment systems and their anti-spam capabilities

We'll talk about different comment systems and how they fight spam. Finally, at the end of the article, we will see what you can do about spam in such comment systems.

First I thought writing on how to integrate spam filter to one of those open-source comment systems. Then, I convinced it would be probably more helpful to put together a nice list of open-source (and free) comment systems and describe the way they fight with spam.

There are many options, some runs hell a lot of ads on your blog, some collect as much data possible about your visitors. Some ask for sign up, some don't. I will list a few good ones, you can, of course, go ahead and check their functionality on their website or different blogs. But this blog post is going to talk about How they approach spam protection in their system.

Open-source and free comment systems

Isso

Isso is an open-source, self-hosted and completely free. It comes out as "a commenting server similar to Disqus". Instead of writing a long paragraph I'm going to list main points:

  • It's written in Python
  • Supports all major browsers including IE10 (yep, people still use it).
  • Comments support Markdown
  • Admin panel to moderate comments
  • Works with SQLite database
  • Support Disqus & WordPress Import
  • Small size 40kb (12kb gzipped)
  • Basic spam protection

Isso comment system

Why choose Isso as your comment system:

  • No ads, no tracking
  • Open-source, free & self-hosted
  • Allows anonymous comments
  • Fast and lightweight

Spam filtering in Isso comment system

Now, let's talk more about anti-spam capabilities. Isso comes with basic built-in spam protection. There are not any content or IP analyses. The only way you can protect yourself is to have a rate limit per IP. Let's say, 2 comments per minute. This is the place where you could also require email, author and email fields so no more anonymous comment.
You can activate these limitations on your config file (e.g isso.conf) by adding Guard parameter with appropriate fields :

[guard]
enabled = true
ratelimit = 2
direct-reply = 3
reply-to-self = false
require-author = false
require-email = false
Enter fullscreen mode Exit fullscreen mode

Read more about Guard parameters on the Isso official documentation.

Schnack

Here is another alternative to paid comment systems. Just like Isso, Schnack is an open-source, free, self-hosted comment system. Here are the main points:

  • It's written in Javascript (Node.js)
  • Really small packaging, 8KB
  • Doesn't allow anonymous comments
  • Supports third-party authentication (Github, Twitter, etc.)
  • Works with SQLite database
  • Admin panel to moderate comments
  • No explicit spam protection, asks for authentication
  • Support Disqus & WordPress Import

Schnack comment system

Why choose Schnack as your comment system:

  • No ads, no tracking
  • Open-source, free & self-hosted
  • Integration with third-party authentication providers (Github, Twitter, Google, and Facebook)
  • Trust list (a way to allow some people to comment without approval from admin)
  • Fast and lightweight

As you can see, Schanck and Isso are pretty alike as both of them self-hosted, open-source and free. So, it is hard to tell why someone would choose one over the other. However, there are some differences such as Schanck's backend is on Node.js while Isso's is on Python. Schanck is smaller in terms of package size. While Isso supports anonymous commenting Schanck doesn't.

Spam filtering in Schanck comment system

The author of Schanck answers this concern on his blog post.

Spam protection for Schnack comment system

As Schanck doesn't support anonymous commenting and requires to sign up through one of the third-party providers which prevents spambots to comment on your blog. However, spammers are not always spambots. Many spammers are real people. There are services where you can hire people very cheap ($1 per hour) to spam. For these kinds of spammers, you cannot do much with third-party authentication.

Remark42

Remark42 looks pretty promising. It is self-hosted and lightweight. The backend is written in Go and the frontend is in Node.js.
Remark42 supports an anonymous comment, social login through Twitter, Github, etc, Voting, moderating comments and a bunch of other features. I would say Remark42 offers everything and more than all 2 options above. Check the official website for the full list of features.

Remark42 comment system

Spam filtering in Remark42 comment system

As Remark42 allows optional anonymous commenting, anti-spam measurements need to be taken. There is not any built-in spam filter unless you disable anonymous commenting.

Spam filter for open-source comments system

One of the most liberal perks that come with open-source projects is the ability to integrate. You can build own anti-spam filter with various rules such as honeypot, captcha or use third-party solutions like OOPSpam Anti-Spam API.
The main reason why people don't want to use paid services like Disqus is privacy. For many, It is important to keep your data on your server while serving ad-free comments. Having anonymous comments are certainly good to have in your comment system, however, this also enables spammer to post on your blog post.
That being said, some paid comment systems such as Commento is a privacy-focused solution. They rely on a subscription model instead of an advertisement. Commento uses Akismet as a spam-filter which is a red flag considering Akismet requires to submit your blog URL, user's IP and user agent on top of the other optional parameters such as server information (such as $_SERVER in PHP).

All in all, these are the main open-source, self-hosted and free comment systems in the wild.

Happy spam-free day!

Top comments (0)