News Untold - Confessions of a developer

Reviving old projects and making them open-source!

While I'm waiting for input on what to put in the next release of MVC Forum, I've been working on automating some of the tasks involved in hosting. Yes, I know, there's a bunch of (commercial) so-called control panels out there, and there might even be one or two free and open-source ones.

This is actually something I've been working with and on for many years, back in 2003 (or maybe 2002), I created a web front-end for the Windows DNS Server. The site is still running (in it's, very old, second version) at WebDNS. I've been trying to get the time to re-do the site, and now that I've had my mind on hosting tasks anyway, I decided on pulling out my old DNS project, go throught the code and move it to a codeplex project.

I know a lot of people were asking for how to use the "API" of the DNS server on Windows back when I built it, I did a lot of looking around online, but back then .Net, WMI and the Windows DNS server was a bit of a mystery.

If you need to manage your DNS server from .Net, take a look at DNS API .Net, and let me know what you think.

Categories: WMI - .Net - DNS Server - OSS

More bot fighting

This is a follow-up post on fighting spam and bots.

So far all the anti-spam and anti-bot measures I've implemented in MVC Forum have been server-side. Even though I think CAPTCHA's are starting to be too hard for humans to read, I know I have to allow some sort of UI anti-bot measure. It could be reCAPTCHA or it could be a simple checkbox with the text: Are you human?

Before starting work on that, I've added a new event that is thrown when a new user is about to be create (that's before it actually happens). So I'm going to reuse the two anti-bot measures I already have in place, Stop Forum Spam and BotScout. Whenever an user/bot tries to sign up on a MVC Forum, the application can run a check against these two services.

This is of course a much better solution that letting the bots sign up and get activated and then stop the spam when they actually start spamming.

Let's look at some code:

public class StopForumSpamAddOn : <...>, IEventListener<NewUserEvent> {
	public void Handle(NewUserEvent payload) {
		// Is this add-on enabled? Was the user already identified as a bot?
		if (this.addOnConfig.CheckNewUsers && !payload.Bot) {
			// Stop Forum Spam client
			Client client = new Client(this.addOnConfig.Key);
			Response response = client.Check(payload.Username, payload.EmailAddress, payload.IPAddress);
			if (response.Success) {
				payload.Bot = response.ResponseParts.Where(rp => rp.Appears > 0).Any();
			}
		}
	}
}

Sweet and simple! I might put in a threshold later, or maybe just leave as it is. The Stop Forum Spam service is called, and if the username, e-mail address and IP number combination is known, we have a bot. We returned true in the Bot property, and then we'll let the code creating the user decide on whether or not to actually create a new user account.

Categories: MVC Forum - Anti-bot

Plain text, or some formatting allowed?

Ever since the WWW was "invented", people have been wanting to format the text they write online. Especially after more and more non-geeks started going online, it has been a constant battle to get some sort of easy formatting options online.

So we have the good, old, plain text-area, where the output is exactly like the input. The only formatting you get, is the formatting from the CSS style on plain text. This is more or less the dream of most developers, but unfortunately this is hardly ever what the writers/authors want!

With MVC Forum I don't want to decide what people can and can not do with formatting the content of the topics and posts. So a content editor and the parsing of the content put into editors can be handled by add-ons. In the latest pushes to codeplex I have included a regular text parser and editor, a BBCode editor and parser and a Markdown editor and parser.

I still need to make it possible to configure these parser/editors, but I think that will be easy enough, so I've had my focus on getting the other parts working. To help avoid cross-site scripting, I've also added a small sanitizer method, that will strip all HTML content (unless it's part of a white-list).

To get an idea of what is required to do a editor/parser add-on, here are some code:

public interface IContentParser {
	MvcHtmlString Parse(String content);
	String Quote(String author, String content);
	String Name { get; }
}

public class RegularParser : IContentParser {
	public MvcHtmlString Parse(String content) {
		// Let's sanitize the input, we don't want HTML to get past the parser and into the output!
		return MvcHtmlString.Create(content.SanitizeHTML());
	}
	public String Quote(String author, String content) {
		return String.Format("{0} wrote: {1}", author, content);
	}
	public String Name { get { return "Regular"; } }
}

The only thing missing in the example is that you'll also need to add a (MVC) view called RegularEditor (as the parser's name is "Regular"). That's it, well, you'll also need to register the add-on with the dependency injection framework, but that's common practise for all MVC Forum add-ons.

Categories: MVC Forum - Alpha 5 - BBCode - Markdown

Fighting spam

This is not the first post I've done on the topic of fighting spam, and most likely, it isn't going to be the last either.

When I started out working on MVC Forum, I knew I was going to have to deal with spam and spambots. I also very quickly decided on not trying to make some intelligent anti-spam code myself. There's already a lot of smart (and not so smart) options out there.

The first anti-spam add-on for MVC Forum to use an external service, was the Akismet add-on. Akismet is actually more of a anti-comment-spam service, not really meant for anti-forum-spam.

So yesterday I decided on taking a look at some of the other options that exist, and came across first Stop Forum Spam and later BotScout. I couldn't find any .Net API for these services, so I decided on writing my own, and in the spirit of things, put it up as an open source project on Codeplex. So far I'm almost done with the Stop Forum Spam .Net API.

Common for both Stop Forum Spam and BotScout is that they don't try to determine whether or not the content posted is spam, they only look at the poster - the username, e-mail address and the IP address of the person/bot posting. The spam bots and anti-spam services are in a constant battle, and trying to recognize spam by looking at the content simply doesn't seem like the right approach!

I have one last anti-spam or anti-bot measure I want to include in MVC Forum, a DNS black list lookup. Before adding that, I need to figure out how to let 3rd party developers (myself included) add anti-bot measures when a new user signs up for an account. What I want is to let add-on developers put in their own CAPTCHAs, "Are you a human" etc.

Categories: MVC Forum - Akismet - Alpha 5 - Stop Forum Spam - BotScout - Anti-spam

Back on track, MVC Forum version 0.8 released!

Last night I uploaded and released MVC Forum version 0.8 (Alpha 4). So after 2 months of a bit of inactivity, I'm back on track, with a renew focus of reaching version 1.0 as soon as possible. The 0.8 highlights are as follows: Even better tested and easier to integrated with existing MVC applications.

So what's in store for the next release? I actually haven't decided yet, and with the lack of feedback I'm getting on the project, nothing has been decided yet. With the basic forum features almost in place, I'll probably focus on making the user control panel better. Other things I'm considering, are a lot of small features, like: latest user, posts in the last 24 hours, etc.

On a more low level, I'm considering moving a lot of the code from the action methods in the controllers to service classes. This should make an better/easier API for people integrating their own application with MVC Forum.

Visually I've been taking a look at the Twitter Boostrap project, and might end up creating a theme for MVC Forum based on the work done by the Twitter guys. Hopefully this will make a theme with a more 2012 look and feel. I'm currently trying the bootstrap project out with another project I'm doing, and if that works out fine, I'm also considering moving the administration section to the bootstrap code, to get a more uniform look. The administration section as it is now, is a mix of two different designs (the overall design and the form design).

Any feedback and ideas are welcome!

Categories: MVC Forum - Alpha 4 - Twitter Boostrap - Alpha 5