WordPress.org

Ready to get started?Download WordPress

Forums

I hate blogspammers - this is how I kill them (29 posts)

  1. loopbiz
    Member
    Posted 9 years ago #

    Dont stupid blogspammers have anything useful to do?
    My blogs have moderated comments and its a pain to delete 50 per day!
    (BTW: I changed the default radio button to be "Delete comment" )

    So here is a very minor code change to blast them into oblivion with no effort on your part, after setting up your kill words.
    - it also has a fix for a problem that should be handled elsewhere, but I don't have time right now. Maybe someone else can do it.

    First, add this function in wp-includes/functions.php

    function zap_comment($author, $email, $url, $comment, $user_ip)
    {
    // moderation keys empty?
    if ('' == trim( get_settings('moderation_keys') ) ) return false;
    $words = explode("\n", get_settings('moderation_keys') );
    foreach ($words as $word)
    {
    $word = trim($word);
    $pattern = "#$word#i";
    if('##i' != $pattern) // ignore blank lines in the bad words list
    {
    if ( preg_match($pattern, $author) ) return true;
    if ( preg_match($pattern, $email) ) return true;
    if ( preg_match($pattern, $url) ) return true;
    if ( preg_match($pattern, $comment) ) return true;
    if ( preg_match($pattern, $user_ip) ) return true;
    }
    }
    return false;
    }

    Then change the checkcomment code in wp-comments-post.php

    if(check_comment($author, $email, $url, $comment, $user_ip))
    {
    $approved = 1;
    }
    else
    {
    if(zap_comment($author, $email, $url, $comment, $user_ip))
    {
    die( __('Stop spamming my blog, I just delete all your spam anyway.') );
    }
    $approved = 0;
    }

    You can test this by visiting one of my blogs at
    http://crossfirewar.com and posting a comment.

    To trigger it, use the phrase "stupid blogspammers"

    Hopefully someone will consider using this and adding another textarea for kill_keys, rather than using moderation_keys

    Alan.

  2. RustIndy
    Member
    Posted 9 years ago #

    This feature has been built into WP1.5 on the Discussion Option page :)

  3. Jinsan
    Member
    Posted 9 years ago #

    but useful for those not on 1.5

  4. autowriter
    Member
    Posted 9 years ago #

    Hi Alan - I have just tested your site using "stupid blogspammers" in the comment as suggested. Very nice! I then copied the code you provided above and added it to my own site. It's brilliant! Thank you so much for taking the time to design this code and for sharing it.

    Michael

  5. diretribe
    Member
    Posted 9 years ago #

    Something that would be neat (not in 1.5 either) would be to block posts on various other things - e.g. the name given by the spammer, or an url specified (either in the poster-info, or in the post). Since the blogspam follows some rules on these things - esp. the most regular ones - that would do nicely.

    I am wondering where this spam comes from? Most of what I get has non-working links in anyway - whats the point exactly?

  6. Joe
    Member
    Posted 9 years ago #

    The best anti-spam hack I've seen is Authimage. It requires the poster to enter in an image code(which the spam bots can't read). EXCELLENT hack!

    You can see what it looks like in the comments section of my blog:
    Mudbomb.com

  7. Well, since we're now going off topic and throwing out other anti-spam solutions, enjoy the feast: http://www.tamba2.org.uk/wordpress/spam/

  8. NuclearMoose
    Member
    Posted 9 years ago #

    Some bots are now capable of reading image codes. This is not a long-term solution to stopping spam. Methods will have to continue to evolve as the spammers evolve.

  9. Joe
    Member
    Posted 9 years ago #

    Those "image-reader" bots aren't very accurate though. They have problems with certain fonts and with skewed characters. If you know just a tiny bit of PHP, you can change both the font and the skew angle in the authimage hack. So, unless there's a huge leap in spam bot technology, this is a safe solution for a while.

    However I agree that eventually the spammers will probably figure out a way around this, too.

  10. DianeV
    Member
    Posted 9 years ago #

    Joe, what is the "bit of PHP" that we'd need to skew font and angle?

  11. wordygirl
    Member
    Posted 9 years ago #

    thanks much Alan, you made me very happy this morning.

  12. diretribe
    Member
    Posted 9 years ago #

    Interesting to hear that bots can now read those images. Perhaps something similar to displaying sums to add up would be an extra step in complexity to keep them at bay for a while?

    Try this on a bot...

    "Anne has 15 apples,
    Jenny has 12, but gave 3 to Sam
    Sam had 4 to start with, then gave 2 to Anne.
    How many has Sam got now?"

    No bot is going to work that out (I think I might just start on a plugin/hack for this.... hmmm). Hell, it's probably even script kiddie proof. Success!

  13. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Anne has 17
    Jenny has 9
    Sam has 5

    that right ?

  14. diretribe
    Member
    Posted 9 years ago #

    Correct. You can now post a comment ;)

  15. Joe
    Member
    Posted 9 years ago #

    DianeV:
    If you open up authimage.php, find this near the beginning:
    ImageTTFText($im, 18, 5,
    That 18 is font size in pt. The 5 is the angle in degrees.

    Note that the angle is already skewed a bit by default (5 degrees), so it should be "good enough for now" as-is.

  16. LouisC
    Member
    Posted 9 years ago #

    The problem with the authimage hack is that if you use a textbrowser like links or lynx, you're screwed.

    I prefer SpamKarma.

  17. DianeV
    Member
    Posted 9 years ago #

    Excellent Joe, thanks!

  18. Lorelle
    Member
    Posted 9 years ago #

    I'm going bonkers. I'm on the road traveling, living off of borrowed computers on this trip, and the same "gamblers" I was sure I was done with two months ago are back. I have their titles, combinations of their titles, and other things in my spam words and various non-super radical spam killers (I don't want to kill every comment) plugins running.

    Are these guys getting smarter or what. I'm going to give the spelling bee authorization thing a whack, but why aren't the spam words filtering out the same text as caught yesterday? How are these time wasters getting through?

    And really, aren't there supposed to be all these fines and prosecution stuff happening? Where does one go to report the bad guys? Any Internet police force actually working out there?

  19. Joe
    Member
    Posted 9 years ago #

    Most of the blog spam comes through anonymous proxies, so unfortunately there's no way to actually track down who's responsible :-(. Besides, I don't think that there's even any sort of law relating to the content of posts in a public forum in the U.S. And I'm not sure that I would want there to be one...(free speech and all)

    The blog spammers are definitely getting smarter. Just a few weeks ago, you could prevent them from spamming you just by changing the filename of your comment-posting file. Now, the spambots actually parse through the page and look for the filename of the posting script!

    Since installing authimage, I have not gotten a single spam(knocks wood). I've even set up my version to use an easier to read font, greater color contrast, and only a 4 digit code, but the spammers still can't seem to get around it :-)

  20. jet
    Member
    Posted 9 years ago #

    where do you edit the amount of digits required?

  21. Lorelle
    Member
    Posted 9 years ago #

    You're right, I shouldn't equate comment spammers with email spammers. Same slime, different animal.

  22. Lorelle
    Member
    Posted 9 years ago #

    Any tips and tricks for using authimage in 1.5? It tells me to look for something in wp-comments-post.php and it ain't there.

  23. Lorelle
    Member
    Posted 9 years ago #

    I found a comment for fixing authimage on his site for 1.5, but I still can't get it to work. Has anyone gotten it to work?

  24. gudlyf
    Member
    Posted 9 years ago #

    I've improved the AuthImage captcha image generation in version 3.0, just released today. Bots should have a really hard time getting through that, if at all.

  25. DJ Rg
    Member
    Posted 9 years ago #

    i use both WordPress v1.2 and Blogger.com ..i only get comment spam (and trackback spam until i turned it off yesterday) on WordPress ..what does Blogger do different? Maybe we should follow what Blogger does to avoid spam? ..just a thought

  26. callistawolf
    Member
    Posted 9 years ago #

    I have Spam Karma and I haven't had one comment spam show up on my blog since I installed it. Works like a charm. :) I like that you can add a script to your index page to tell others how many spams have been eaten since the last reset too. :) You know it's working.

  27. borntorun
    Member
    Posted 9 years ago #

    Thanks for the code! I installed it and it seems to work like a charm ... except somehow, some messages are still getting through to my moderation queue despite having banned words. When I post the same message myself manually, though, it gets blocked. So somehow, some of the blog spammers are getting around the code. AAAAAAAAAAAAAAAARGH. Still less than before, though.

  28. gvtexas
    Member
    Posted 9 years ago #

    Ran across this:
    http://subfuska.notlong.com

    oobrien (he used to use authimage) has a verifying plain text field (password field?) in his comment form. Interesting...

  29. How to use a plain text field like the one mentioned above:

    http://www.syndic8.com/~jeff/blog/index.php?p=103

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.