[Howto] Advanced Spam Fighting with Regular Expressions

  • Resolved Simon

    (@sdellenb)


    10 years, 9 months ago

    The following changes assume that you have Antispam Bee version 2.5.7 installed.

    Since a few days, more and more spam comments managed to get around ASB, because of changing IP, email and web addresses. So I updated the _is_regexp_spam(.) function of my antispam_bee.php to target the common denominator of all those spammers: certain keywords they use in the ‘author’ field.

    I extended this (antispam_bee.php, lines 1395-1405):

    /* Regexp */
$patterns = array(
	0 => array(
		'host'	=> '^(www\.)?\d+\w+\.com$',
		'body'	=> '^\w+\s\d+$',
		'email'	=> '@gmail.com$'
	),
	1 => array(
		'body'	=> '\<\!.+?mfunc.+?\>'
	)
);

    to this (my wife has a fashion oriented blog):

    /* Regexp */
$patterns = array(
	0 => array(
		'host'	=> '^(www\.)?\d+\w+\.com$',
		'body'	=> '^\w+\s\d+$',
		'email'	=> '@gmail.com$'
	),
	1 => array(
		'body'	=> '\<\!.+?mfunc.+?\>'
	),
	2 => array(
		'author' => 'moncler|north face|vuitton|handbag|burberry|outlet|dress|プラダ|maillot'
	),
	3 => array(
		'ip' => '^27\.159\.|^110\.86\.'
	)
);

    Additionally, I had to change line 1444 from this:
    if ( preg_match('|' .$regexp. '|isu', $comment[$field]) ) {
    to this:
    if ( preg_match('/' .$regexp. '/isu', $comment[$field]) ) {
    (because the RegEx pipe symbol I use in my expression says this-or-this-or-this for the my new author expression, and I can’t have them in the preg_match string as separators)

    I hope this is also useful for anybody else. 🙂

    Greetings,
    Simon

    http://wordpress.org/extend/plugins/antispam-bee/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Simon

    (@sdellenb)

    10 years, 8 months ago

    In the last weeks, more and more new spammers hit my blog, so I updated the filters accordingly:

    /* Regexp */
$patterns = array(
	0 => array(
		'host'	=> '^(www\.)?\d+\w+\.com$',
		'body'	=> '^\w+\s\d+$',
		'email'	=> '@gmail.com$'
	),
	1 => array(
		'body'	=> '\<\!.+?mfunc.+?\>'
	),
	2 => array(
		'author' => 'moncler|north face|vuitton|handbag|burberry|outlet|dress|maillot|oakley|ralph lauren|ray ban|iphone|プラダ'
	),
	3 => array(
		'host'	=> '^(www\.)?fkbook\.co\.uk$|^(www\.)?nsru\.net$|^(www\.?goo\.gl$|^(www\.?bit\.ly$'
	),
	5 => array(
		'body'	=> 'targeted visitors|targetted visitors'
	)
);
    Sergej Müller

    (@sergejmueller)

    10 years, 8 months ago

    Thanks. Done: http://plugins.trac.wordpress.org/changeset/756264

    Thread Starter Simon

    (@sdellenb)

    10 years, 6 months ago

    There was a typo in the 3rd host expression (matching group brackets for the optional ‘www.’ not closed), so here’s the fixed one:

    /* Regexp */
$patterns = array(
	0 => array(
		'host'	=> '^(www\.)?\d+\w+\.com$',
		'body'	=> '^\w+\s\d+$',
		'email'	=> '@gmail.com$'
	),
	1 => array(
		'body'	=> '\<\!.+?mfunc.+?\>'
	),
	2 => array(
		'author' => 'moncler|north face|vuitton|handbag|burberry|outlet|dress|maillot|oakley|ralph lauren|ray ban|iphone|プラダ'
	),
	3 => array(
		'host'	=> '^(www\.)?fkbook\.co\.uk$|^(www\.)?nsru\.net$|^(www\.)?goo\.gl$|^(www\.)?bit\.ly$'
	),
	4 => array(
		'body'	=> 'target[t]?ed (visitors|traffic)'
	)
);
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Howto] Advanced Spam Fighting with Regular Expressions’ is closed to new replies.