SpamForceField is my newest anti-spam plugin for WordPress. This one does a couple of interesting things:
- All connections via pinappleproxy are denied.
- Every connection’s
Refereris checked against your blacklist keys. If a match is found, the connection is denied.
- If a comment is flagged as ‘spam’ due to the normal spam checks, the client receives a
403 ForbiddenHTTP status. This also occurs for connections denied in the other two checks above.
- When connections are denied, the client receives a message explaining what has occurred. It contains a link to check if their connection is through an open proxy and an obfuscated reference to the site admin’s email address. (e.g., “joe (at) example (dot) com”).
I actually wonder if sending a
404 Not Found status would be more effective, as it might trick some spammers into thinking that your site was gone. However, the
403 Forbidden status is more semantically correct. Use of a
404 code for this could mess with analysis of your web logs in confusing ways.
Over about the past week, I’ve been tweaking this plugin and also analyzing sources of spam, and blocking the most abusive hosts and networks with firewall rules (
ipfw on my FreeBSD server). This has virtually eliminated (so far) the appearance of referer spam in my stats. Plus it gives me a warm fuzzy to know that all those connections are being rejected.
I can suggest that you add the following strings to your Comment Blacklist (Options/Discussion):
There are plenty of others, but these account for most of the referer spam I’ve been seeing recently. Also, if anyone wants to share their moderation/blacklist keys via Mark’s XBN Plugin, please feel free to get in touch.
Note that the file is named
000-SpamForceField.php. The reason for naming it with the three leading zeros is that WordPress loads plugins in filename sort order. We want this plugin to load as early as possible, so we force it to the beginning via the funky filename. In my case, I wanted the SpamForceField to intercept spams before BAStats had a chance to log anything.
Update 2: I’ve updated the plugin to version 1.1, with a slight change which should take care of the problem of getting the
Warning: Missing argument 2 for deny_spammer() message when a comment is posted.