I have a mysterious situation where the cache is not sorting correctly. I moved the point where I do the cache sortΒ way down to just before I save it. I hope this helps. Wouldn’t you know that I haven’t received any spam since I made the changes. I hope that the sort order fixes itself.
I added DNSBL support. Right now it is turned on all the time and I always check the IP at several popular email spam black hole checkers. I am not sure how well this works with comment spam. After all email spam is different than comment spam. I should catch a few this way as comment spammers are probably related to email spammers.
I reject disposable email addresses from a list of disposable emails I compiled by searching forums. The list is probably older and I would like to find a reliable public list that I could use to update things from time to time. Right now this is just a test. I expect some user to claim that I am rejecting legitimate users by rejecting disposable emails.
Stop spammers is a little different from bad behavior. It does not analyze the spammer’s behavior or use javascript. When a person attempts to use an email, to register or leave a comment, my plugin validates the ip address and the email to see if the person is a known spammer.
Since the only thing that I hook is the email validation section of WordPress, plugins will not be aware of it. It is possible that some plugins or themes that use custom comment forms might not work, but so far I have not heard of any that don’t use the wordpress routines to validate the email.
If you run MU, you might like the built in MU aware parts of the plugin.
Keith
I should have mentioned I’ve just upgraded to 2.20
Hi Keith
Does Stop Spammers do mostly the same job as Bad Behavior? At first glance they seem not to much complimentary as they do the same things.
Secondly are there any plugins you know of that are incompatible or contraindicated with Stop Spammers?
I’m switching off Bad Behavior on a WPMU site as I’ll need WP-Super-Cache running mod rewrite. Those sites also run Spam Karma 2 (the kinda latest semi-fixed version), which I find much more effective than Akismet (which is also running).
Are there any contraindicators there?
Regards
Paul
Make sure that you have Akismet working. Require users have an email address, because Stop Spammers works when the user enters their email. Make sure that you get the API keys for botscout and project honeypot. Check off “comments must be held for moderation”.
Deny spammers found on Stop Forum Span with more than 0 incidents, and occurring less than 999 days ago. Don’t fiddle with these numbers or spammers will get through.
I am stopping several hundred spammers a day in my big sites, but 20 or so are getting through and being caught by Akismet on the high volume sites.
Good Luck
Keith
Hi Keith, I’ve just installed your plugin, along with Bad Behaviour, because I’m getting loads of spam registrations. The stats say that 14 spammers have been stopped so far, but I’m still getting new users every few minutes?!? Any ideas about what else I can do? Can I blacklist the users somehow? Or report the ones that have slipped through? Thanks and kind regards, Victoria
That’s a bug.
I’ll include that in the beta I send you.
oh and the stats on the dashboard seem to be broken, mine says: Stop Spammer Registrations has not stopped any spammers, yet.
but it has stopped spammers, on the main blog AND on sub-domain blogs. This count was working previously. see https://www.diigo.com/item/t/2370806_78718910_3821277
π thanks. betas are always welcome so if you want to know if something works for multisite, just let me know.
as to the check/report and API key suggestion: you are right. I wouldn’t want a spammer to register and pollute the network using my keys so probably the site admin should be the only person with access to those links and APIs.
OK,OK!
I’ll put it back. I will figure it out and send you a zip to test.
Keith
regarding your second answer: thanks, will monitor this psot to see if there are any new findings/ideas you come up with.
thanks!
believe it or not, a spammer has slipped through: https://www.diigo.com/item/t/2370806_78668388_3819336 with the old version, I could simply click the link, mark it as spam and bingo. since the link is missing, I now have to manually type that blog’s address, go to the comment section and mark it as spam…
and this is after only 1h of clearing the cache (did so manually after updating the plugin)
I have to review the checks links to see what happened there. I need to think about who can see your api keys in a networked blog. If you are the network admin you should be able to see them, but probably not the blog owner if you have people registering for a blog.
Checks are made at registration or commenting. Since you are logged in, there is no email check.
Keith
The link to the blog’s comments is gone. Now it will appear only if there is spam. If there is no spam, it leaves the link out. You are not getting spam on those sites, so there is no need to click through and check it.
Keith
oh and the links to check or report a comment with honeypot/stop forum spam have disappeared from the sub-domain blogs while still being visible on the main blog.
oh and I was just wondering if comments by admins or registered users are not being logged? just being curios since my comment I made since upgrading hasn’t shown up in the recent activity despite refreshing several times.
hey Keith,
I’ve been away for a few days and noticed you updated the plugin. there is one thing I’d like to know: wouldn’t it be good to let us know which disposable email services you are blocking so we can decide whether to unable or disable that option?
currently testing the plugin on a multisite installation with sub-domains and will let you know if I find anything unusual.
There is one change you did that was really, really important for multisite installations: on the plugin’s options page in the recent activity part, the blog name used to be a link to that blog’s comment page which was a wonderful thing: one click and I could manually check one blog’s comments now there is no longer a direct link, please put that link back it made multisite administration so much more easier!
just a few days ago I read about a new project that verifies /checks an email address if it is from a disposable address provider, can’t find it right now π
Hah! Found it: https://www.block-disposable-email.com/ I hope that does help you π