- Wordpress -
Shoutbox Wordspew (and Wordspew Extended) is absolutely open for spam bots. Last three days they attacked me every 2-3 minutes. I was deleting spam and minutes later I got next 6 spam comments in shoutbox. This scenario went on for hours, eventually forcing me to remove Wordspew from my site completely. Spammers submit messages directly through Wordspew routines which add submitted data to database, bypassing submission form. Even if you completely remove submission form you will still get spam in your shoutbox. Switching Wordspew to “registered only user ” does nothing - you still get spam. Even deactivating plugin doesn’t stop them. In other words they have you all possible ways submitting “Keep up working!” with a bunch of links. All they need is Wordspew.php file in plugins folder.
I solved this by modifying code and implementing simple image verifying scenario. It’s very simple but effective, cause most spam you get is generated by spambots, and just adding one more field for entering code to verify that its a real human is enough. You do not have to enter it each time you submit message - you enter it once and next time it is available as cookie. It is even more primitive, but as soon as it works I will keep it.
Hey, do you mind revealing your code for the image verification feature? The spammers are driving me nuts…
Actually its just very primitive wordspew.php hack and “verification code” is static and the same for all users- if you decide to change it you have to do it manually, inside wordspew file. You will also need to create some images for the codes you will use, and change the URI for image as well.
Also, the field used for the code is actually URL field. I’m using that field for the code.
I’ve tried adding an additional verification code textbox, but the value is always empty. Just checking, did you make any changes to fatAjax.php? I merely added some code to wordspew.php and it didn’t work.
There is a place in wordspew starting with this comment:
// When user submits and javascript fails
This is where some posted values are checked and if they are not empty then they are added to database.
there are two such lines where I added additional condition.
if ($_POST[’shoutboxname’] != ” && $_POST[’chatbarText’] != ” && $_POST[’shoutboxurl’] == ‘xxxxxxx’)
and
if ($jal_user_name != ” && $jal_user_text != ” && $jalSendChat == “yes” && $jal_user_url == ‘xxxxxxx’)
notice that shoutboxurl form field value is used!!!
default value of http:// for that field in submission form should be removed.
You do not need to change FatAjax file, but i think that I removed some http:// from there regarding jal_user_url or jalUrl variable. also you will need to change Label for “shoutboxurl” to something like “Code”
Now when user enter code in “shoutboxurl” field, this value is stored as Cookie , because we didn’t change anything except label and just added one more condition which checks if that fields value is equal the code.
also you will need to add URI for image of that code next to the ShoutboxUrl field. just create some images and store them in wordspew plugins folder.
Cool thanks, I’ll try it soon. (:
Faineant: do not forget to check “useUrlField” on in wordspew admin options page!!
Cool, I’ve done it. Thanks lots!! (-: Hope I’ve gotten rid of the spammers.
I think its temporary solution. We need something more serious.
UPDATE: there is also a place in code where you can add words or character sequences which you want to be filtered from messages. this place is commented with this line:
// CENSORS .. default is off. To turn it on, uncomment the line below. Add new lines with new censors as needed.
You may add lines which filter “www” “http://” “.com” and others, if you dont want links in shoutbox comments.
Hi, i suggest that you have a try on the latest version of the shoutbox on my blog (http://pierre.sudarovich.free.fr/) because i add some stuff to fight spammers and i think that it will be really harder for them to bypass all the filters.
Amicably,
Pierre