Plugin: SpamForceField

SpamForceField is my newest anti-spam plugin for WordPress. This one does a couple of interesting things:

  • All connections via pinappleproxy are denied.
  • Every connection’s Referer is checked against your blacklist keys. If a match is found, the connection is denied.
  • If a comment is flagged as ’spam’ due to the normal spam checks, the client receives a 403 Forbidden HTTP status. This also occurs for connections denied in the other two checks above.
  • When connections are denied, the client receives a message explaining what has occurred. It contains a link to check if their connection is through an open proxy and an obfuscated reference to the site admin’s email address. (e.g., “joe (at) example (dot) com”).

I actually wonder if sending a 404 Not Found status would be more effective, as it might trick some spammers into thinking that your site was gone. However, the 403 Forbidden status is more semantically correct. Use of a 404 code for this could mess with analysis of your web logs in confusing ways.

Over about the past week, I’ve been tweaking this plugin and also analyzing sources of spam, and blocking the most abusive hosts and networks with firewall rules (ipfw on my FreeBSD server). This has virtually eliminated (so far) the appearance of referer spam in my stats. Plus it gives me a warm fuzzy to know that all those connections are being rejected.

I can suggest that you add the following strings to your Comment Blacklist (Options/Discussion):

  • -poker
  • poker-
  • tx-holdem
  • texas-holdem
  • tigerspice
  • -2005.com
  • .wslp24.com
  • conjuratia.com
  • .loveseo.com
  • buy-2005
  • firsthorizonmtg.com
  • government-grants.org
  • government-grants.ws
  • business-grants.org

There are plenty of others, but these account for most of the referer spam I’ve been seeing recently. Also, if anyone wants to share their moderation/blacklist keys via Mark’s XBN Plugin, please feel free to get in touch.

If you’ve read this far, you’re probably wondering where to download it? How about right here: txt, phps.

Note that the file is named 000-SpamForceField.php. The reason for naming it with the three leading zeros is that WordPress loads plugins in filename sort order. We want this plugin to load as early as possible, so we force it to the beginning via the funky filename. In my case, I wanted the SpamForceField to intercept spams before BAStats had a chance to log anything.


Update: I’ve received some reports that this plugin is issuing the 403 status when comments are flagged for moderation, not just when they are flagged as ’spam’. This behavior is not correct. If anyone can help me debug this, I’d appreciate it, since I’m buried with Real World problems at the moment.

Update 2: I’ve updated the plugin to version 1.1, with a slight change which should take care of the problem of getting the Warning: Missing argument 2 for deny_spammer() message when a comment is posted.

Stumble It!
Plugin: SpamForceField

Related posts:

  1. Blacklist Peering Plugin
    " Mark over at WeblogToolsCollection has come up with another great WordPress plugin for combatting blog comment spam: Blacklist Peering Plugin. My existing greylist and..."
  2. Some blog spam cases you might want to watch for
    " I like to think that I’ve got some pretty decent spam prevention measure in place on my server. My mail server uses RBL/DNSBL services..."
  3. Spammer Tar Pit
    " My spammer came back for another visit, so I decided to have a bit of fun. Here is my second WordPress plugin: TarPit (txt,..."
  4. SpamLookup plugin for MovableType
    " There’s a new plugin for MovableType called SpamLookup. Let’s compare this add-on to the anti-spam features already in the WordPress core: Feature Comparison for..."
  5. Testing a new spam blocker
    " I’ve been trying to snatch a few minutes here and there to work on the automated spam blocking system that I proposed last week...."
This entry was posted in Blogs, Plugins, Security, Servers, Software, Spam, Tech, WordPress and tagged , , , , , , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

27 Comments

  1. Andy Skelton skeltoac.com
    Posted March 29, 2005 at 6:19 pm | Permalink

    I don’t know how many false positives happen, but I hate to think that I might be turning a non-spammer away from the entire page. What about disabling the comment form for suspected spammers? This way a false-positive can still read the site and if they want to get in touch they can find the contact page. Is this a good idea or am I missing something?

  2. macewan washingtonnc.org
    Posted March 29, 2005 at 9:10 pm | Permalink

    We’re giving this a try at washingtonnc.org – just wanted to drop a note to let you know.

  3. Ozh planetozh.com
    Posted March 30, 2005 at 1:06 am | Permalink

    I’ve written an anti refer-spam script, and to blocked connections I’ve decided to return a 404 instead of a 403. Who cares about semantics here, it’s all about hoping that spammers are checking their bot logs (they probably aren’t) and making them think the site is gone.

  4. craig blog.nuclearmoose.com
    Posted March 30, 2005 at 1:38 am | Permalink

    Dougal,
    I just saw this on my dashboard, and I’ve installed it. Will be interesting to see what happens. Thanks for putting it together.

  5. ben binarymoon.co.uk
    Posted March 30, 2005 at 8:25 am | Permalink

    Hi

    This sounds really good for me but I get the error anytime someone tries to comment.

    Warning: Missing argument 2 for deny_spammer() in /home/.oedipus/binarysun/binarymoon/wp-content/plugins/000-SpamForceField.php on line 60

  6. Dougal dougal.gunters.org
    Posted March 30, 2005 at 10:26 am | Permalink

    Andy:

    Yes, false positives can occur, which is why it is important to be careful what you put in your blacklist keys. And yes, this plugin will prevent access to even read posts on your site, if the client is connecting via pinappleproxy or their referer contains a blacklisted phrase. That is by design, though. However, this is why I made the concession of providing a friendly error message explaining the situation.

    Ben:

    I’m not sure why you’d be getting that error, unless there was a bugfix between the WordPress 1.5 release and the current SVN code which I’m running. That error indicates a problem with the action being called from the comment_post hook. You could just try commenting out the add_action() call near the beginning of the plugin, as a temporary workaround.

  7. Alderete aldoblog.com
    Posted April 1, 2005 at 8:28 pm | Permalink

    Dougal, nice plug-in!

    I notice that the URI for the plug-in (in the WP plug-in comments header) is incorrect, looks like you changed the post_name for the posting after you started the plug-in.

  8. Jon glog.jon-berg.biz
    Posted April 5, 2005 at 5:07 am | Permalink

    What is the point of having two p.o.k.e.r.s?
    # -.p.o.k.e.r.
    # p.o.k.e.r.-.
    Will not the just word p.o.k.e.r. be enough?

  9. Dougal dougal.gunters.org
    Posted April 5, 2005 at 8:15 am | Permalink

    If you are absolutely sure that there will be no legitimate comments on your site that mention poker at all, that’s fine. Most of the spammed sites with ‘poker’ in the URL have a dash before or after, though. So it’s a good way to be just a little more specific.

  10. Sparky sparkatopia.com
    Posted May 29, 2005 at 11:10 pm | Permalink

    Dougal,

    When I activate your plug in, I get this error at the top of my admin panel… I deactivate it and refresh teh screen and it goes away. I just upgraded to WP 1.5.1.1 so that may have something to do with it…please advise – thank you!

    Warning: Cannot modify header information – headers already sent by (output started at /home/sparka64/public_html/wordpress/wp-content/plugins/000-SpamForceField.php:1) in /home/sparka64/public_html/wordpress/wp-admin/admin.php on line 10

    Warning: Cannot modify header information – headers already sent by (output started at /home/sparka64/public_html/wordpress/wp-content/plugins/000-SpamForceField.php:1) in /home/sparka64/public_html/wordpress/wp-admin/admin.php on line 11

    Warning: Cannot modify header information – headers already sent by (output started at /home/sparka64/public_html/wordpress/wp-content/plugins/000-SpamForceField.php:1) in /home/sparka64/public_html/wordpress/wp-admin/admin.php on line 12

    Warning: Cannot modify header information – headers already sent by (output started at /home/sparka64/public_html/wordpress/wp-content/plugins/000-SpamForceField.php:1) in /home/sparka64/public_html/wordpress/wp-admin/admin.php on line 13

  11. fastmirrors fastmirrors.org
    Posted October 11, 2005 at 3:56 am | Permalink

    Sparky: you must change in php.ini this command

    —————————-
    output_buffering = On
    —————————-

  12. DVD Movie Man overstock-dvd.com
    Posted November 23, 2005 at 11:33 am | Permalink

    I have a huge problem with refferer spam. Do you know if spammers check their logs to see if you clicked on the link in your stats? I wonder if that keeps them coming? Good luck.

  13. Alan Kellogg mythusmageopines.com
    Posted March 28, 2006 at 8:07 pm | Permalink

    My browser insists on downloading the plug-in as an HTML file. No matter what I do I cannot download it as a PHP or TXT file. I know it’s a small file, but code you zip it up?

  14. Posted February 28, 2007 at 4:11 pm | Permalink

    I have found the app the refferer spammers use.

    MagicTrafficBot.com

  15. Dougal dougal.gunters.org
    Posted February 28, 2007 at 5:06 pm | Permalink

    I’m sure that tool is just one of many that do the same thing. It’s drop-dead simple to write a tool that generates referrer spam.

  16. Mike wobum.com
    Posted May 3, 2007 at 12:53 pm | Permalink

    Akismet works great. I am using it on my wordpress and drupal websites.

  17. Posted May 8, 2007 at 4:22 pm | Permalink

    We’re giving this a try at smartlinks.us – Also I amm sick and tired of spamers stealing “scraping” my anchor text with ever constant changing Ips, Help.
    Dan Bradstreet

  18. Tomasz Gorski profesjonalna-reklama.pl
    Posted July 14, 2007 at 4:27 am | Permalink

    “Akismet works great. I am using it on my wordpress and drupal websites” I must agree to Mike i also use Akismet on one of my new blogs (2.2 wordpress) and it works great 99% of spam comments are deleted!

  19. Marc audiolab.de
    Posted July 19, 2007 at 6:27 pm | Permalink

    I have also Akismet running, but a few spam comments are coming through.
    Does someone with Akismet has also SpamForceField running?

  20. Turnkey Business turnkeyforms.com
    Posted August 3, 2007 at 7:04 pm | Permalink

    Well I will try it on my wordpress blog.

  21. manele manele.fm
    Posted August 31, 2007 at 5:08 am | Permalink

    i love it! now my blog is clean! thank you for your work!

  22. Jeff Baker broardband.net
    Posted October 7, 2007 at 10:32 am | Permalink

    How does SpamForceField compare with Akismet for wordpress? I am using Akismet on my personal blogs but looking for some spam solution for commercial blogs :(

  23. Mario 0am.de
    Posted November 6, 2007 at 8:43 pm | Permalink

    Thanks to this plugin my blog is spam free after activating it!

  24. Friseurportal headbiz.de
    Posted June 6, 2008 at 4:46 am | Permalink

    There are some good and some bad Plugins! This is a very good thing!
    Especially that the Referer is checked! I Like It!
    I have the running the askimt, the Spam Karma and an especial Captcha – so now i thinks there ist no way to come through this all! ;)

  25. Holde 'm fan roomreview.net
    Posted September 2, 2008 at 12:53 pm | Permalink

    Nice post.

  26. Hold'em friend learn2holdem.com
    Posted January 4, 2009 at 10:45 am | Permalink

    Spammers are killing me. Excellent post.

  27. Posted October 10, 2009 at 1:23 am | Permalink

    Best way is to use plugins. There are plenty that prevent spamming and they work pretty well. Out of 500 spam comments, only 5 would be able to get through it. Sure, the 5 comments are annoying, but it’s still 495 less right? ;)
    http://www.buyinpoker.com

20 Trackbacks

  1. By The War on Spam on March 29, 2005 at 8:59 pm

    Plugin: SpamForceField SpamForceField is my newest anti-spam plugin for WordPress. This one does a couple of interesting things: All connections via pinappleproxy are denied. Every connection’s Referer is checked against your blacklist keys. If a match is found, the

  2. By blivet 2.0 on April 9, 2005 at 9:33 pm

    The latest tool in the ongoing skirimish between this blog and comment and trackback spam is SpamForceField from Dougal Campbell. We shall see…

  3. [...] 것도 흥미롭게 들린다. 코멘트 스팸 퇴치를 위해라면 뭐든지 한다. geek ramblings » Plugin: SpamForceField Permalink [...]

  4. [...] 1 PocketMac® For PSP | Call Toll Free 1-866-POCK-MAC (tags: psp osx) Plugin: SpamForceField (tags: wordpress) Stopdesign | Staying organized (t [...]

  5. By empdesign » Blog Archive » Plugins Wp on May 16, 2005 at 1:10 pm

    [...] ess, los cuales por defecto solo se ocultan pero siguen residiendo en la base de datos. [...]

  6. [...] SpamForceField (http://dougal.gunters.org/blog/2005/03/29/plugin-spamforcefield)  [...]

  7. By 2000 Lux sur le Net > Spam spam spam… Encore ? on December 13, 2006 at 12:48 pm

    [...] Autres solutions à essayer : Referer Karma, Referrer Bouncer, AutoBanReferer ou encore SpamForceField [...]

  8. By lapedrada.es.kz » Plugins para WordPress on January 23, 2007 at 12:28 pm

    [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  9. By Enfim… » Spam on March 9, 2007 at 5:10 pm

    [...] radical, pois nessa manhã havia novamente um bloco imenso de spams a apagar: instalei um tal de spamforcefield. Caso algum dos comentaristas habituais tiver problemas, sabe onde me encontrar. Os que quiserem [...]

  10. [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  11. [...] is just one of them. I think 2 of the plugins I’ve been using have worked really well so far: SpamForceField and WP SpamAssassin, plus another one which shall remain nameless…..I believe one (or more) [...]

  12. [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  13. [...] Visit [...]

  14. By Kill More People » Blog Archive » WordPress Spam on November 23, 2007 at 9:36 am

    [...] auch allen anderen Entwicklern von Anti-Spam Plugins: SpamForceField Wordpress Hashcash Bad Behavior Spam Karma [...]

  15. By Capturing Blog » Wordpress Plugins/Spam Tools on March 8, 2008 at 1:31 am

    [...] SpamForceField(http://dougal.gunters.org/blog/2005/03/29/plugin-spamforcefield) [...]

  16. [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  17. [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  18. By Más plugin para Wordpress « El Cubanito Web on November 1, 2008 at 8:26 am

    [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  19. By Oloroko Blog – Lista de Plugins para Wordpress on November 10, 2009 at 4:12 pm

    [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

  20. [...] SpamForceField: Plugin anti spam. Entre otras funciones permite bloquear las conexiones vía pinappleprox y comparar los nuevos comentarios contra una lista negra, denegando la conexión en caso de que el resultado sea positivo. [...]

Post a Comment

Your email is never published nor shared.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe without commenting

  • Subscribe

  • Follow Me

    Twitter  Facebook  Flickr  Last.fm  LinkedIn  StumbleUpon  Technorati  Delicious  
  • Referrals

    Sign up for Text Link Ads and earn money from your blog.
  • Lifestream

    • Anybody know where I can get an apt for PHP > 5.2.6 for Ubuntu Jaunty (without upgrading to Karmic?) [dougal]
      1h ago via Twitter
    • Crap. A bug in the Unbuntu 9.04 version of PHP has caused me to waste several hours. I hate when that happens. [dougal]
      1h ago via Twitter
    • Every time the @BaskinRobbins "Ice Cream and Cake" commercial comes on, our kids all break into spontaneous song and dance. Hilarious! [dougal]
      19h ago via Twitter
    • Today for me will be all about XML. I'm trying to maintain a positive attitude about that :) [dougal]
      1d ago via Twitter
    • @ryanolson I'll be working on a new version of the Fancybox Gallery plugin soon, with user-configurable options. [dougal]
      1d ago via Twitter