Fixing comment attack by bot

Gemfile

@@ -29,8 +29,6 @@ gem 'mini_magick'
 gem 'html_truncator'
 gem 'nokogiri'
 gem 'figaro'
-gem 'rqrcode-with-patches', require: 'rqrcode'
-gem 'chunky_png'
 gem 'sidekiq'
 gem 'redis-namespace'
 gem 'rest-client'
@@ -39,6 +37,7 @@ gem 'newrelic_rpm'
 gem 'puma'
 
 gem 'mina', require: false
+
 gem 'mina-multistage', require: false
 gem 'mina-sidekiq', require: false
 gem 'mina-puma', require: false

Gemfile.lock

@@ -66,7 +66,6 @@ GEM
       activesupport (>= 3.2.0)
       json (>= 1.7)
       mime-types (>= 1.16)
-    chunky_png (1.3.5)
     codeclimate-test-reporter (0.5.0)
       simplecov (>= 0.7.1, < 1.0.0)
     coderay (1.1.1)
@@ -235,8 +234,6 @@ GEM
       mime-types (>= 1.16, < 3.0)
       netrc (~> 0.7)
     rouge (1.10.1)
-    rqrcode-with-patches (0.6.0)
-      chunky_png
     rspec (3.1.0)
       rspec-core (~> 3.1.0)
       rspec-expectations (~> 3.1.0)
@@ -332,7 +329,6 @@ DEPENDENCIES
   byebug
   capybara
   carrierwave
-  chunky_png
   codeclimate-test-reporter
   coffee-rails (~> 4.1.0)
   database_cleaner
@@ -369,7 +365,6 @@ DEPENDENCIES
   redis-namespace
   rest-client
   rouge
-  rqrcode-with-patches
   rspec-rails (>= 2.8.1)
   rspec-sidekiq
   sass-rails (~> 5.0)

app/controllers/comments_controller.rb

@@ -1,6 +1,6 @@
 class CommentsController < ApplicationController
   layout false
-  helper_method :format_time
+
   def index
     @post = Post.find( params[:blog_id] )
     res = @post.comments.desc(:created_at).collect { |comment| build_json(comment) }
@@ -8,6 +8,10 @@ class CommentsController < ApplicationController
   end
 
   def create
+    unless request.xhr?
+      logger.warning 'attack action detected'
+      redirect_to root_path
+    end
     cookies[:name] = comment_params[:name]
     cookies[:email] = comment_params[:email]
     @post = Post.find( params[:blog_id] )