Accepting comments via access.log

I am somewhat dissatisfied with the comments server on my main website, and have been hunting for alternatives. The most cursed thing I’ve seen so far is this:

I implemented static HTML comments on my website by tail’ing the /var/logs/nginx/access.log with a perl script. No CGI, no database, just the actual text of the comments stored as a single comment per line in a .html file.

To comment a visitor takes any url on the domain and appends “/@say/”. Like notmyurl.com/somepage…. response to somepage. Or “…lakephoto.jpg/@say/Cool fish! How long was it?”

The perl script sees the /@say/ in the logs and adds the parsed out and sanitized comment to an .html file. There’s some nginx location hijinks for matching /@say/ URLs that goes to a confirmation page and redirects to the comment listing page.

I’ve used this comment system on my tor onion services sites for the last decade. I get plenty of people trying to exploit it. It’s kind of fun. If the Tor folk haven’t pwned it I doubt the HN folk will. Not for lack of skill but mostly a lack of motivation relative to the tor folk.

I do not plan to do this but I also do not plan to avoid doing this, should the opportunity arise.

Micah R Ledbetter @micahrl