Spam BLIP stops comment and ping spam from being posted, primarily by
checking the IP address attempting to post a comment in one or more
of the public DNS blacklists. A number of options are available
to refine the check, and with the option defaults, a DNS lookup
is only performed the first time an address attempts to post a
comment; thereafter, the address might quickly ‘pass’ because it
was not listed, or quickly be rejected because it was listed.
Spam BLIP creates, and maintains, a database table for this purpose,
and database lookups are quite fast. Therefore, concerns about
DNS lookup time can be limited to an initial comment attempt.
Here are some features of Spam BLIP to consider if you are
not yet falling over yourself to get it installed:
When WordPress is producing a page for a visitor, it checks
whether comments are open for each post, and it allows plugins
to “filter” the check. Spam BLIP uses that filter, but does not
do DNS lookups at this stage, because DNS lookups can take
perceptible time. Spam BLIP does check optional user-set
black and white lists, and optionally existing comments that
are marked as spam, and of course Spam BLIP’s own database records.
Those checks are fast, so they should not have a perceptible
effect on page loading. Furthermore, on pages with multiple
posts, WordPress runs the filter for each, but Spam BLIP
stores the first result, so even the fast checks are not
When a comment is actually submitted, Spam BLIP does the above
checks, then the DNS lookup only if necessary. At this stage,
if the DNS lookup causes a perceptible delay, a real human
(or very clever pet) making the comment should perceive it
as mere server-side processing. As for spammer robots . . .
let them wait.
Spam BLIP comes configured with blacklist domains that have
worked well during development, so a user should not need to
be concerned with the blacklists, but there is an advanced
option to add or delete, activate or disable (yet save)
list domains, and configure the interpretation of a return
from a successful lookup.
Spam BLIP provides user-set whitelist and blacklist options.
Spam BLIP provides options to check for pings/trackbacks, and
for user registrations. (The option to blacklist-check user
registration is off by default. See “Tips” under the help
tab on the Spam BLIP settings page.)
Spam BLIP provides options to configure a ‘Time To Live’ (TTL)
for its database records, and a maximum number of records.
The TTL is important because, generally, an IP address should
not be marked permanently. Consider an ISP that quickly
disables any account that is found to be spamming. An honest
ISP is also a victim of spammer abuse, and will need to reuse
addresses. DNS blacklist operators provide means for IP
address owners to get records removed — Spam BLIP provides
a configurable TTL for its records. (Database table maintenance
is triggered approximately hourly by a WordPress cron event.)
Spam BLIP will optionally check if a commenter address is a
TOR exit node. TOR (The Onion Router) is an important protection
for people who need or wish for anonymity. You may want to
accept comments from TOR users (you should), but unfortunately
spammers have exploited and abused TOR, which has led some
DNS blacklist operators to include TOR exit node addresses
whether or not it is known that the address is spamming. If you
enable this option (you should), it might let some spam get
through. In this case, mark the comment as spam, and use the
Spam BLIP option to check existing comments marked as spam; or
use Spam BLIP in concert with another sort of spam filter, such
as one that analyzes comment content. (Please report any
conflict with other, non-DNS blacklist type spam plugins.
Note that Spam BLIP is not expected to work in concert with
other DNS-type anti-spam plugins.)
Spam BLIP includes a widget that will show options and records
information. The widget might or might not be an enhancement
to your page, but in any case it should provide feedback
while you evaluate Spam BLIP, so it might be used temporarily.
Spam BLIP is installed through the WordPress administrative interface,
and does not have additional requirements for installation.
- What is the ‘BLIP’ in “Spam BLIP”?
Think ‘BLacklist IP’.
Contributors & Developers
“Spam_BLIP” is open source software. The following people have contributed to this plugin.Contributors
- Check with WordPress 4.6.
- Misc. cleanups in code.
- Correct error in repository checkin of 1.0.7.
- Check with WordPress 4.5.
- Widget update for theme preview selective refresh.
- Simplify by removing options for comments/pings_open, and
- Check with WordPress 4.3.
- Fix URL preparation bug in plugin_page_addlink().
- Remove uses of PHP extract().
- Fix bug in widget introduced in 1.0.5.
- Checks with WordPress 4.0: OK.
- Checks with WordPress 3.9.1: OK.
- Add more advisory locking around database table accesses.
- Bug fix in black/white list range handling (from 1.0.3).
- Black/White list settings now accept a sub-network specified
as a range from minimum to maximum subnet address, as in
“N.N.N.N – N.N.N.N” (note the dash separator), which is
common in WHOIS listings.
- Bugfix: typo in code that checks for reserved addresses. It had
only affected logging, using string “LOCALHOST” rather than
- Changed JS naming convention from dev.js -> .js to .js -> min.js.
- Checked with shiny new WordPress 3.9, but not with PHP 3.5 and
new WP DB code used with PHP 3.5 — feedback welcome.
- Small code cleanups.
- Tweak database table options: Intro text re. max records clarified;
TTL option radios added for two and four weeks, max data records
option radio added for 200 records, defaults increased to
two weeks and 200 records respectively.
- User-set blacklist and whitelist:
Now a net-address/net-mask is accepted, so a whole subnet may be
blacklisted or whitelisted. See settings page “Advanced Options”
- Small code cleanups.
- Made the “Screen Options” tab -> “Section Introductions” checkbox
value persistent, if the “Save Settings” button is clicked.
- Style tweaks and size tweaks (admin) in response to WP 3.8 changes.
- Checked with WP 3.8: OK.
- No real change: just a correction of an error in the
special file headers used for information display
in the admin interface and at WordPress.org plugin
- Initial release.