• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

Frustration with Comment Spam on Wordpress

Robert Watcher

Well-known member
There are plugins - there are all kinds of IP detection, blacklisting, Captcha schemes designed to block bots and other unwelcome visitors from filling up your Comments box and all of the management required to approve comments and delete all of the junk..

And so here is my logic that has worked pretty well so far for me. While I don't use Wordpress, they are both very simple to implement into the Wordpress source code I would think.

First thing is an amazingly simple concept I figured out several years ago. It has to do with preventing "automated" spamming - which I feel is a large percentage of spam. These type of bots fill in every form field to cover all of the bases. So if you introduce a field that is hidden from view using CSS - - - it can easily be checked if there is any content in that field when the form is processed. If there is content in there, then it is an automated spambot because no human can see that field as it is not displayed (it isn't a "hidden" field).

So in the form you may add something like <input type="text" name="special" style="display:none;" />

And then in the processing section, you can check if that field is empty and allow the processing to continue using if ($_POST['special']='') { } - - - in other words if the post variable "special" is empty.

You may be amazed that will get rid of a lot if not most of spam.

However - humans do enter Spam as well. IP blocking doesn't necessarily work that well as they can easily provide a fake IP. As well, you may end up blocking other legitimate viewers who use that IP. I had this issue where Spammers were getting around me blocking the IP that was present when they posted a comment. And so I started to look for a consistent "pattern". The email was always different - the user name was always different. I just about gave up when I got wondering why they are doing this. In most cases they are wanting to post links - - - otherwise, why would they bother just posting plain text right?

And so I already was stripping out HTML tags for links like <a href=""></a> - - -but then I noticed the pattern. This spammer was using the url BB code tags in the message to cover for the html tags being stripped out. Ingenious. And so what I ended up doing was use the PHP function stristr to see if the text "[url" was present in the comment. So the code if (stristr($_POST['comment'], '[url')) { $dontpost = true; } worked perfectly. So if $dontpost = true; then you wouldn't allow the database to be updated or an email sent to you letting you know there was a post. It can just bypass that whole process. They could keep on sending and you wouldn't know the difference.

I am posting this for those that have a basic knowledge of how to change bits of code in Wordpress. It would be quite simple. But for those who don't know, it may be a challenge. But when you think about that logic - it should cover most scenarios where someone is crating havoc with your Comments and where you get frustrated and want to get rid of them. Of course if plugins are working for you, that is great as well.



These modifications will also work with email forms as well.
 

Asher Kelman

OPF Owner/Editor-in-Chief
Bob,

This is an important subject. I have to reread it. I like the idea of hidden fields to catch BOTS. There's more for me to glean. I'll be studying your notes so keep at it.

Asher
 
There are plugins - there are all kinds of IP detection, blacklisting, Captcha schemes designed to block bots and other unwelcome visitors from filling up your Comments box and all of the management required to approve comments and delete all of the junk..

And so here is my logic that has worked pretty well so far for me. While I don't use Wordpress, they are both very simple to implement into the Wordpress source code I would think.

First thing is an amazingly simple concept I figured out several years ago. It has to do with preventing "automated" spamming - which I feel is a large percentage of spam. These type of bots fill in every form field to cover all of the bases. So if you introduce a field that is hidden from view using CSS - - - it can easily be checked if there is any content in that field when the form is processed. If there is content in there, then it is an automated spambot because no human can see that field as it is not displayed (it isn't a "hidden" field).

So in the form you may add something like <input type="text" name="special" style="display:none;" />

And then in the processing section, you can check if that field is empty and allow the processing to continue using if ($_POST['special']='') { } - - - in other words if the post variable "special" is empty.

You may be amazed that will get rid of a lot if not most of spam.

However - humans do enter Spam as well. IP blocking doesn't necessarily work that well as they can easily provide a fake IP. As well, you may end up blocking other legitimate viewers who use that IP. I had this issue where Spammers were getting around me blocking the IP that was present when they posted a comment. And so I started to look for a consistent "pattern". The email was always different - the user name was always different. I just about gave up when I got wondering why they are doing this. In most cases they are wanting to post links - - - otherwise, why would they bother just posting plain text right?

And so I already was stripping out HTML tags for links like <a href=""></a> - - -but then I noticed the pattern. This spammer was using the url BB code tags in the message to cover for the html tags being stripped out. Ingenious. And so what I ended up doing was use the PHP function stristr to see if the text "[url" was present in the comment. So the code if (stristr($_POST['comment'], '[url')) { $dontpost = true; } worked perfectly. So if $dontpost = true; then you wouldn't allow the database to be updated or an email sent to you letting you know there was a post. It can just bypass that whole process. They could keep on sending and you wouldn't know the difference.

I am posting this for those that have a basic knowledge of how to change bits of code in Wordpress. It would be quite simple. But for those who don't know, it may be a challenge. But when you think about that logic - it should cover most scenarios where someone is crating havoc with your Comments and where you get frustrated and want to get rid of them. Of course if plugins are working for you, that is great as well.



These modifications will also work with email forms as well.

Thank you, Robert. this new work-around sounds great as I've been getting so many spam comments in the last week, it is ridiculous. Sometimes there is a legitimate comment between them, so couldn't just chuck them all out, and comments can be important interactive feature on a website so didn't want to cut them out. This should really help. Thanks
Maggie
 
Top