HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

My glorious new spam plugin, that catches only false positives =/

Hi folks,

Grumpy with the amount of identical-looking spambot spam that's been littering the forum lately, I'm trying to create a plugin, using @Todd's two spam filter plugins as a guide, which evaluates post content against a regular expression.

It works a charm - on my own posts, catching anything with the offending text, and letting through everything else. On actual spambot posts, it happily gives the green flag.

If anyone has the time/inclination, I'd immensely appreciate any thoughts as to what might be going on!

The meat of the plugin is the Base_CheckSpam_Handler, which looks like this - pretty simple, but apparently something's missing!

Cheers!

aery

Comments

  • like any regular expression it has to match exactly so if you put one space, it will match one space only, if you want a broader search that is heuristic, then you need patterns that allow for this.

    There is all sort of formatting involved in a post, and you either just strip that out and search for words or you search against the the actual formatting.

    grep is your friend.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @MichaelTyson

    I'm confused.

    You say you are grumpy about SpamBot plugins, but you want to create another one?

    Your solution seems to suggest that you are reacting after spammers have joined and posted, when there is currently a perfectly functional pair of plugins that stop spammers joining at all.

    Baffled.

  • edited August 2013

    Ah-ha! I'm an idiot - I was using a regex I'd put together for a mod I made to a different plugin, but forgot that the MySQL regex match is case insensitive. Switched to case insensitive preg match and that's got it. Thanks @x00 for the inspiration =)

    @whu606 No, not grumpy about spam plugins, grumpy about spam. StopForumSpam catches a few registrations, but a heap get through, and Akismet was catching a bunch of false positives. The ones that are getting through all follow a very predictable pattern, so the simplest solution is to filter on that. Working now.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @MichaelTyson

    Ah, my confusion, then.

    For me, the BotSotp plugin, plus @peregrine's registration logger plugin has cut out all spambot applicants.

  • phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP

    By the way: Today i had my first SpamBot that was able to create a discussion. All the years before they were only fit to register and post to the activity wall. Nightmares ahead!

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • Ah, I might try those others too; cheers @whu606. Funny, there's been a massive influx over the last week or so - must be some big push coming from spam city.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @MichaelTyson

    Yes, I think there is definitely a surge.

    For a long time, BotStop (with registration approval) stopped the applicants, but bots clearly learnt that it was a numerical solution, and I found they were getting through as applicants.

    @peregrine kindly made the registration logger plugin, and in combination they have once more completely stopped spambots getting through.

Sign In or Register to comment.