Support » Plugins » WP Blacklist Comment SPAM Filteration

  • I wrote a little script to fight comment SPAM much along the lines of Jay Allen’s MTBlacklist filter (but for WordPress). This really simple script is compatible with all versions of WordPress and uses a powerful master blacklist from Reflective Reality. I would really like to get some people to try and install it and see how well it works. So if you are using WordPress and have been receiving some SPAM in your comments, please help me in testing this script. WordPress 1.0+ will even allow you to view the SPAM comments without them ever being displayed on your blog (using moderation) which would mean that if you do receive SPAM and the filter catches it, you will know that the script is working. Here is a link to WPBlacklist.
    PS: Compatible with all versions of WordPress

Viewing 15 replies - 1 through 15 (of 47 total)
  • Moderator Matt Mullenweg



    It would be great to see some instructions for this, maybe in the wiki?

    In the wiki now under WP Hacks. The zip file has the same instructions included in it.

    I’ll install it too.

    hey i will try it. Thanks

    I would like to know if and where this script misses spam in comments from people that actually use it. It will help in making it better. I am also going to work on a script which lets you add new spammers to the blacklist.

    Hey, while we’re talking blacklists and spam, I’ve been using a completely overhauled version of ben johnson’s refererLib. I’ve expanded it to use $wpdb, pull the blacklist array from a separate file (so people can exchange it even if they modify the base php!), and LOTS of other tweaks and mods.
    One of the other features I added was the ability to pass back a string to get echo’d into the page. I use it to notify a user if they’ve come from a blacklisted site, for example…
    My site has been getting referer-spammed a lot the last few weeks — as such, I’ve got some good updates to the blacklist itself. I found some guy using for a half-dozen plus sites was NAILING me… of course, he’s running porn sites, and spamming, both of which are expressly against the terms and conditions of He’ll get nailed eventually himself it he keeps it up. 😉
    If anyone wants my updated refererLib and blacklist, let me know and I’ll post .phps files on my site.

    I’d be interested in seeing the code. I’ve actually updated my own version as well to use $wpdb, but I’d be interested in incorporating any of your improvements. I’ve only been seeing a few referer spams lately, so that section of code hasn’t gotten a lot of work.
    What might be a more efficient thing to do is white-list certain “good” referers without doing a check-back. Sites like the major search engines, and sites you know generate links (like in my case, wp, ipodlounge, head-fi, etc) to you. Then, use the “load-and-check” function already in the code for other sites.

    If someone has used this hack, could we please get some feedback? Thanks for testing it.

    Thank you for your comments Shreela. I fixed the wiki.
    This hack works by turning on suspect comments’ moderation. So if the script thinks that a comment might be spam, it puts it in the moderation queue and does not show it on the main page. I suspect that if you look in your comment moderation queue, you will see the spam comments there.
    Your settings are just perfect. With your settings, your blog will email you with “moderation required for comment” message when it figures that the comment is spam. In that case, the comment is not posted till you get a chance to look at it. You could just click on the link in the email to unapprove the comment and it gets deleted.
    With the present incarnation of this hack, it is normal for it to NOT consider every url with viagra and casino in it as spam.
    Again, thank you for the feedback. Keep us posted!

    hiya ben!
    My updated version of your stuff is in:
    I also turned on blacklist-by-IP functionality, as a few people just continued spamming me with new sites each week.
    Other enhancements:
    – a new function I just added that gets the per-week-pageloads (I’m still working on unique-users-per-day and per-week type stats… can’t figure out how to do the self-join needed for the distinct/unique lookups…)
    – a function to validate a string is actually a valid IP address — useful for the REVERSE check of when a string IS an IP address and we want to disallow that (i.e., no referers that are just dotted IPs…).
    – response for ‘blacklist hits’ returned as a string — though I’ve temporarily ‘upgraded’ this so that invalid referers just continue on, but hits on IP or URL blacklists die() with the error string (so that I don’t take hits on spammings…).
    – fix for the googleList function for query= and not just q= styled query strings.
    – a new URL-passed-argument to flush the existing referer Table of all blacklisted URLs (for cleaning up after you’ve been spammed — also good for cleaning up based on URL and THEN the output of the flush cmd will dump the IPs for capturing back to the blacklist as a comment or IP list…).

    I just tried those and got 404 errors…

    Mark (podz)


    Support Maven

    I’ve got the hack installed, but no moderation by default.
    I had a comment, by someone who I trust, has posted before, and who is also registered.
    The comment was ‘white’ followed by a smilie.
    Not sure why it was flagged to me, but thought I’d mention it….

    just a question.. i wrote a little shellscript to automatically delete the old blacklist.php file, download a new blaclist.txt file and run php (via shell) to import blacklist.txt again..
    doing this, the old blacklist.txt entries are overwritten or i just fill my mysql database with another list of (maybe) duplicate sites?

    @gat: I am not sure about your question. If you are importing entries into your database, make sure they do not already exist before you update or add them or make sure that the new blacklist.txt file contains all the old and new entries.
    (I am not even sure that you are talking about my hack, I apologize if this question is about david’s hacks)

    I just installed this and played around with it for a while.
    Install was easy. Caught most of the ‘bad’ comments i made, the ones it missed didn’t seem to be on the blacklist (like
    “I am also going to work on a script which lets you add new spammers to the blacklist.”
    That’s pretty much the only feature that i’d like to see added.
    “With the present incarnation of this hack, it is normal for it to NOT consider every url with viagra and casino in it as spam.”
    Would it be tough for me to change it so that it does consider every url with casino or viagra (or other key words) as spam? I’d rather have a good comment get a slight delay in posting than a bad comment make it through.
    Thanks for this, and all your other WP hacks, by the way. People like you make me feel lazy for not learning PHP so i can help out.

Viewing 15 replies - 1 through 15 (of 47 total)
  • The topic ‘WP Blacklist Comment SPAM Filteration’ is closed to new replies.