Akismet In .Net
Last Friday brought us version 1.0 of SubKismet, an open source library of tools to help us .Net addicts deal with the ever-evolving spam technologies that challenge the public-facing web apps we build. You can find it over on Microsoft's CodePlex. This version of SubKismet includes the first .Net implementation of the Akismet API that I’ve seen. Akismet is a free web service that you can run user-submitted content through to determine if it is spam. You use the SubKismet Akismet library with WordPress.com’s free Akismet service for “personal use”. I’m not yet certain if it can wire up to other, more enterprise-targeted Akismet web service providers out there, like Yahoo! Pro-Blogger.
Captcha!
SubKismet also has two different types of Captcha webserver controls included. The first control is called CaptchaControl, and it provides you with the standard image-based Captcha challenge. It uses a custom httpHandler to generate images on the fly using random fonts that are installed on your system. You can easily customize the characters it uses, the length of the code that is displayed, and the amount of “warping” that is done to make the text difficult for bots to recognize.
There are a few things that are missing from the CaptchaControl that I would like to see in a future version. First, there is no way to programmatically “unvalidate” an instance of CaptchaControl once it has successfully been validated. Once a user successfully matches the code in a CaptchaControl, the control is validated from then on, and the web form can be submitted infinitely more times with no further Captcha challenges required. I think this is a HUGE problem with the behavior of the CaptchaControl. Either the CaptchaControl should reset on its own after it validates, or there should be a public method that allows the programmer to rest the control in the code-behind.
The other thing that could be a show-stopper for the CaptchaControl is that it doesn’t provide any formatting options. In order to customize the look and feel of the control I had to modify the source code inside the SubKismet library and recompile the SubKismet dll. This process isn’t so bad, but most web developers aren’t going to want to spend time digging through the source code of this control. They would rather use their time working on the details of their own projects. So, I feel that the CaptchaControl needs at the very least to include a few more properties that allow you to give the inner-components a CSS Class name.
The other Captcha control that is included in SubKismet is called InvisibleCaptcha. The InvisibleCaptcha is a clever idea where javascript is used in order to add two numbers together to make the page valid. If the javascript doesn’t run (I guess most spam bots don’t execute javascript) then the page doesn’t validate. If a user has javascript turned off, then a form is rendered where the user can do the math in his or her own head. It’s a pretty elegant solution. This method alone can supposedly block 99.99% of spam bots. Excellent! Just drag one of these guys onto your next web form and forget about spam!
What else is in SubKismet?
The final thing that comes in the SubKismet library is a .Net implementation of Google Safe Browsing. I haven’t tried using this yet, but it appears to be a way to check URLs against Google’s blacklist of suspected phishing and malware pages. This could come in handy if you have a website that accepts URLs as user input. Again, another excellent tool!
All in all, the SubKismet is another excellent open source tool for .Net web developers. The source projects are set up very nice in a Visual Studio 2008 solution, and compile out of the box. Job well done to all who contributed to this project. Keep up the good work!