WordPress.org

Ready to get started?Download WordPress

Forums

WP Blacklist Comment SPAM Filteration (48 posts)

  1. Laughinglizard
    Member
    Posted 10 years ago #

    I wrote a little script to fight comment SPAM much along the lines of Jay Allen's MTBlacklist filter (but for WordPress). This really simple script is compatible with all versions of WordPress and uses a powerful master blacklist from Reflective Reality. I would really like to get some people to try and install it and see how well it works. So if you are using WordPress and have been receiving some SPAM in your comments, please help me in testing this script. WordPress 1.0+ will even allow you to view the SPAM comments without them ever being displayed on your blog (using moderation) which would mean that if you do receive SPAM and the filter catches it, you will know that the script is working. Here is a link to WPBlacklist.
    PS: Compatible with all versions of WordPress

  2. Matt Mullenweg
    Troublemaker
    Posted 10 years ago #

    It would be great to see some instructions for this, maybe in the wiki?

  3. Laughinglizard
    Member
    Posted 10 years ago #

    In the wiki now under WP Hacks. The zip file has the same instructions included in it.
    Peace

  4. steevak
    Member
    Posted 10 years ago #

    I'll install it too.

  5. Lester Chan
    Member
    Posted 10 years ago #

    hey i will try it. Thanks

  6. Laughinglizard
    Member
    Posted 10 years ago #

    I would like to know if and where this script misses spam in comments from people that actually use it. It will help in making it better. I am also going to work on a script which lets you add new spammers to the blacklist.

  7. davidchait
    Member
    Posted 10 years ago #

    Hey, while we're talking blacklists and spam, I've been using a completely overhauled version of ben johnson's refererLib. I've expanded it to use $wpdb, pull the blacklist array from a separate file (so people can exchange it even if they modify the base php!), and LOTS of other tweaks and mods.
    One of the other features I added was the ability to pass back a string to get echo'd into the page. I use it to notify a user if they've come from a blacklisted site, for example...
    My site has been getting referer-spammed a lot the last few weeks -- as such, I've got some good updates to the blacklist itself. I found some guy using hostcloud.com for a half-dozen plus sites was NAILING me... of course, he's running porn sites, and spamming, both of which are expressly against the terms and conditions of hostcloud.com. He'll get nailed eventually himself it he keeps it up. ;)
    If anyone wants my updated refererLib and blacklist, let me know and I'll post .phps files on my site.
    -d
    http://www.chait.net

  8. bdjohns1
    Member
    Posted 10 years ago #

    David,
    I'd be interested in seeing the code. I've actually updated my own version as well to use $wpdb, but I'd be interested in incorporating any of your improvements. I've only been seeing a few referer spams lately, so that section of code hasn't gotten a lot of work.
    What might be a more efficient thing to do is white-list certain "good" referers without doing a check-back. Sites like the major search engines, and sites you know generate links (like in my case, wp, ipodlounge, head-fi, etc) to you. Then, use the "load-and-check" function already in the code for other sites.

  9. Laughinglizard
    Member
    Posted 10 years ago #

    If someone has used this hack, could we please get some feedback? Thanks for testing it.
    Peace

  10. Laughinglizard
    Member
    Posted 10 years ago #

    Thank you for your comments Shreela. I fixed the wiki.
    This hack works by turning on suspect comments' moderation. So if the script thinks that a comment might be spam, it puts it in the moderation queue and does not show it on the main page. I suspect that if you look in your comment moderation queue, you will see the spam comments there.
    Your settings are just perfect. With your settings, your blog will email you with "moderation required for comment" message when it figures that the comment is spam. In that case, the comment is not posted till you get a chance to look at it. You could just click on the link in the email to unapprove the comment and it gets deleted.
    With the present incarnation of this hack, it is normal for it to NOT consider every url with viagra and casino in it as spam.
    Again, thank you for the feedback. Keep us posted!

  11. davidchait
    Member
    Posted 10 years ago #

    hiya ben!
    My updated version of your stuff is in:
    http://www.chait.net/wp-plugins/refererLib.phps
    and
    http://www.chait.net/wp-plugins/referer-blacklist.phps
    I also turned on blacklist-by-IP functionality, as a few people just continued spamming me with new sites each week.
    Other enhancements:
    - a new function I just added that gets the per-week-pageloads (I'm still working on unique-users-per-day and per-week type stats... can't figure out how to do the self-join needed for the distinct/unique lookups...)
    - a function to validate a string is actually a valid IP address -- useful for the REVERSE check of when a string IS an IP address and we want to disallow that (i.e., no referers that are just dotted IPs...).
    - response for 'blacklist hits' returned as a string -- though I've temporarily 'upgraded' this so that invalid referers just continue on, but hits on IP or URL blacklists die() with the error string (so that I don't take hits on spammings...).
    - fix for the googleList function for query= and not just q= styled query strings.
    - a new URL-passed-argument to flush the existing referer Table of all blacklisted URLs (for cleaning up after you've been spammed -- also good for cleaning up based on URL and THEN the output of the flush cmd will dump the IPs for capturing back to the blacklist as a comment or IP list...).
    =d

  12. bdjohns1
    Member
    Posted 10 years ago #

    I just tried those and got 404 errors...

  13. Mark (podz)
    Support Maven
    Posted 10 years ago #

    I've got the hack installed, but no moderation by default.
    I had a comment, by someone who I trust, has posted before, and who is also registered.
    The comment was 'white' followed by a smilie.
    Not sure why it was flagged to me, but thought I'd mention it....

  14. gat
    Member
    Posted 10 years ago #

    just a question.. i wrote a little shellscript to automatically delete the old blacklist.php file, download a new blaclist.txt file and run php (via shell) to import blacklist.txt again..
    doing this, the old blacklist.txt entries are overwritten or i just fill my mysql database with another list of (maybe) duplicate sites?

  15. Laughinglizard
    Member
    Posted 10 years ago #

    @gat: I am not sure about your question. If you are importing entries into your database, make sure they do not already exist before you update or add them or make sure that the new blacklist.txt file contains all the old and new entries.
    (I am not even sure that you are talking about my hack, I apologize if this question is about david's hacks)

  16. BillW
    Member
    Posted 10 years ago #

    I just installed this and played around with it for a while.
    Install was easy. Caught most of the 'bad' comments i made, the ones it missed didn't seem to be on the blacklist (like casino-jp.com).
    "I am also going to work on a script which lets you add new spammers to the blacklist."
    That's pretty much the only feature that i'd like to see added.
    "With the present incarnation of this hack, it is normal for it to NOT consider every url with viagra and casino in it as spam."
    Would it be tough for me to change it so that it does consider every url with casino or viagra (or other key words) as spam? I'd rather have a good comment get a slight delay in posting than a bad comment make it through.
    Thanks for this, and all your other WP hacks, by the way. People like you make me feel lazy for not learning PHP so i can help out.

  17. Laughinglizard
    Member
    Posted 10 years ago #

    @billw: :) Thank you for your kind words. I have a lot of fun and take a lot of pride in this community!
    There has been some interest in this script and writing another script to add stuff to the blacklist is one of things I still have to do. As for the ability to consider viagra etc as spam, you could add another regex to the list before you import it. For example you could add another line to blacklist.txt (before importing it) which would say:
    (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)
    This would check for those words in your comments and filter them out for moderation if those words are contained in the comments. Here is a good tutorial for understanding regular expressions (or regex) like the ones used in blacklist.txt
    http://dinki.mine.nu/word/regex/regex.php
    Peace.

  18. litlnemo
    Member
    Posted 10 years ago #

    Having just got my first comment spams today (advertising viagra), I've just installed this hack. We'll see how it goes.

  19. litlnemo
    Member
    Posted 10 years ago #

    I've also taken the step of obfuscating the words Name, Email, URI and "Your Comment" in wp-comments.php, in case the spammers are doing automated scripting looking for those words on the page.

  20. davidchait
    Member
    Posted 10 years ago #

    Ben -
    Sorry, screwed that up. Should have been my-plugins, not wp-plugins.
    http://www.chait.net/my-plugins/refererLib.phps
    and
    http://www.chait.net/my-plugins/referer-blacklist.phps
    -d

  21. TechGnome
    Moderator
    Posted 10 years ago #

    Man.... I got my first spam comment today..... about darn time! At any rate, I'm going to be running LL's hack.... But.... I was wondering if there is a way to add a link/button/something to the edit comment page to add the name/domain/ip to the blacklist automatically.
    TG

  22. tcervo
    Member
    Posted 10 years ago #

    Cool. I got my first comment spam today. Deleted it fairly quick, then installed LL's hack. I tried posting a comment merely *mentioning* who the spam came from, and the blacklist filter caught it. Thanks, LL!

  23. Anonymous
    Unregistered
    Posted 10 years ago #

    After getting some comment spam today, I came here to look for a solution. I installed this script, tested it, and it works like a charm!
    Thanks, LL! :-)

  24. Laughinglizard
    Member
    Posted 10 years ago #

    @TG: That is one of the things on my list of items to do when I get a reprieve from my thesis. I will also be working on an import/export function for the blacklist for easier exchange between users. :-)
    Everyone else....Thanks for the positive feedback!

  25. hmw26
    Member
    Posted 10 years ago #

    Thanks so much for writing WP Blacklist!
    I (and probably others also) would find it really useful if you could add a few lines to WP Blacklist so that the blacklist MySQL table can have the same user-specified prefix as the other WP tables.
    When installing WP, one has the option of changing the $table_prefix variable in wp-config.php to the prefix for the WP tables (e.g. $table_prefix = 'wp_';). It's pretty easy to add something similar to WP Blacklist (instructions halfway down this page)
    so it might be worth doing for future versions.
    HTH!

  26. TechGnome
    Moderator
    Posted 10 years ago #

    And it works too! So far I'm 6 for 6 in catching spam comments, and only two false positives (both of which were me!)
    TG

  27. tontamoo
    Member
    Posted 10 years ago #

    Does this still work with 1.2?

  28. Fahim
    Member
    Posted 10 years ago #

    It probably does but you can't find the lines mentioned in the readme file for the install instructions :p I actually rewrote the wholet thing as a plugin for 1.2 and am calling it WP Blacklist 1.2. I've asked Mark whether he wants the source back so that he can continue development or whether I can distribute it on my own and continue development and once I hear from him, I'll either release it or he will :)

  29. Fahim
    Member
    Posted 10 years ago #

    I've developed a WP 1.2 compatible version of the WP Blacklist plugin. If anybody is interested, you can download it from http://sm.farook.org/files/WPBlacklist12.zip

  30. Xadrian
    Member
    Posted 10 years ago #

    Very cool update, Fahim. Exceedingly easy to install. I look forward to future updates (especially de-spamming of existing comments after adding new spam filters... that was my most used function under MT.) And of course, kudos to LaughingLizard for the original versions. :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.