Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Plugin: SpamForceField

SpamForceField is my newest anti-spam plugin for WordPress. This one does a couple of interesting things:

  • All connections via pinappleproxy are denied.
  • Every connection’s Referer is checked against your blacklist keys. If a match is found, the connection is denied.
  • If a comment is flagged as ‘spam’ due to the normal spam checks, the client receives a 403 Forbidden HTTP status. This also occurs for connections denied in the other two checks above.
  • When connections are denied, the client receives a message explaining what has occurred. It contains a link to check if their connection is through an open proxy and an obfuscated reference to the site admin’s email address. (e.g., “joe (at) example (dot) com”).

I actually wonder if sending a 404 Not Found status would be more effective, as it might trick some spammers into thinking that your site was gone. However, the 403 Forbidden status is more semantically correct. Use of a 404 code for this could mess with analysis of your web logs in confusing ways.

Over about the past week, I’ve been tweaking this plugin and also analyzing sources of spam, and blocking the most abusive hosts and networks with firewall rules (ipfw on my FreeBSD server). This has virtually eliminated (so far) the appearance of referer spam in my stats. Plus it gives me a warm fuzzy to know that all those connections are being rejected.

I can suggest that you add the following strings to your Comment Blacklist (Options/Discussion):

  • -poker
  • poker-
  • tx-holdem
  • texas-holdem
  • tigerspice
  • -2005.com
  • .wslp24.com
  • conjuratia.com
  • .loveseo.com
  • buy-2005
  • firsthorizonmtg.com
  • government-grants.org
  • government-grants.ws
  • business-grants.org

There are plenty of others, but these account for most of the referer spam I’ve been seeing recently. Also, if anyone wants to share their moderation/blacklist keys via Mark’s XBN Plugin, please feel free to get in touch.

If you’ve read this far, you’re probably wondering where to download it? How about right here: txt, phps.

Note that the file is named 000-SpamForceField.php. The reason for naming it with the three leading zeros is that WordPress loads plugins in filename sort order. We want this plugin to load as early as possible, so we force it to the beginning via the funky filename. In my case, I wanted the SpamForceField to intercept spams before BAStats had a chance to log anything.


Update: I’ve received some reports that this plugin is issuing the 403 status when comments are flagged for moderation, not just when they are flagged as ‘spam’. This behavior is not correct. If anyone can help me debug this, I’d appreciate it, since I’m buried with Real World problems at the moment.

Update 2: I’ve updated the plugin to version 1.1, with a slight change which should take care of the problem of getting the Warning: Missing argument 2 for deny_spammer() message when a comment is posted.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Blogs, Plugins, Security, Servers, Software, Spam, Tech, WordPress and tagged , , , , , , , , . Bookmark the permalink.

52 Responses to Plugin: SpamForceField

  1. Pingback: blivet 2.0

  2. Pingback: The War on Spam

  3. Pingback: GatorLog: A Blogger’s Monologue » geek ramblings » Plugin: SpamForceField

  4. Pingback: nf0’s Life » Blog Archive » links for 2005-03-31

  5. Pingback: empdesign » Blog Archive » Plugins Wp

  6. Pingback: Blog » Blog Archive » Wordpress Antispam Plugins

  7. Pingback: 2000 Lux sur le Net > Spam spam spam… Encore ?

  8. Pingback: lapedrada.es.kz » Plugins para WordPress

  9. Pingback: Enfim… » Spam

  10. Pingback: Profesor Blog » Los Mejores Plugins Para Worpress

  11. Pingback: A Daily Rant » Blog Archive » Net Access Stopped

  12. Pingback: » Enchula tu Blog,Plugins Para Worpress Información Tecnología Internet y Gadgets

  13. Pingback: WP Plugins DB » Plugin Details » SpamForceField

  14. Pingback: Kill More People » Blog Archive » WordPress Spam

  15. Pingback: Capturing Blog » Wordpress Plugins/Spam Tools

  16. Pingback: La Mansion » Blog Archive » Plugins Wordpress

  17. Pingback: 282 plugins para WordPress (5ª parte de la R a la Z) | Pichicola.com

  18. Pingback: Más plugin para Wordpress « El Cubanito Web

  19. Pingback: Oloroko Blog – Lista de Plugins para Wordpress

  20. Pingback: Plugins para Wordpress. | Puydi Publicidad 100% efectiva

  21. Pingback: Plugins para Wordpress «

  22. Pingback: Los mejores Plugins para Wordpress no documentados | FOTO - VIDEO

  23. Pingback: Comment Spam: 46+ Free Tools & Resources to Stop Blog Spammers

  24. Pingback: Plugins para Wordpress | LINUX

Leave a Reply

%d bloggers like this: