Not working to block email domains

Keith, thanks for all your work on this plugin. It seems like it can be very useful on community sites. But if you’re really interested, you may want to check out ZBBlock. It may provide you with some useful ideas.

https://www.spambotsecurity.com/zbblock.php

Also if you’re interested in speedy up things using preg_match or just any PCRE, I could provide you with the most efficient regex.

Great stuff. Thanks.

re: ‘timeout’ I actually meant to say ‘sleep’ parameter – as you say.
re: ‘extra fields’ maybe some confusion – i didnt mean to suggest adding extra fields, but instead, a filter ie: in function kpg_load_all_check, around line 50-70 rearrange slightly to read eg: ::

...
$is_a_supported_field = ( array_key_exists('akismet_comment_nonce',$_POST) || array_key_exists('bbp_anonymous_email',$_POST) ||
... etc );

$is_a_supported_field = apply_filters('ssr_supported_field', $is_a_supported_field, $_POST);

if (!$is_a_supported_field) {
 $_SESSION['kpg_stop_spammers_time']=time();
 return;
}
...

– plus, similar constructs to set $em and $author variables just after that.

this way, if someone writes a plugin to say ‘upload_my_cv’ – then they can easily add full SSP support for any extra forms they use via a simple invocation of:

add_filter('ssr_supported_field', 'my_new_ssr_support_func', 1, 2);
function my_new_ssr_support_func($val, $post_arr) {
 return( $val || array_key_exists('my_new_post_field_name',$post_arr));
}

( + similar filter calls for: ‘ssr_set_em’ and ‘ssr_set_author’ )

– and same can be achieved by theme writers by adding same to functions.php

(in fact dont even need to pass $_POST to the filters since its available globally anyway).

i think this will ultimatelyy reduce downstream maintenance effort associated with your plugin.

make sense?

re: checks on email addresses (vis a vis just ip’s) – please do KEEP the email checks as well – though separate options field would be helpful – since we do get some persistent ones – and in fact people rotate/change ip addresses via proxies just as much as they rotate email addresses – in my experience anyway.

re: overhead of big ip list – yep, agreed. but, so long as its only scanned upon forms POST, rare, relatively speaking, so a small price to pay i think (the remote akismet, SFS, honypot checks, etc are much slower by comparison).

Look forward to the next release.

All very best

Rob

Changes from last night and this morning (Nov 19, 2012):

Separate email, IP and good cache sizing.

Sleep time option.

Session speed test option.

Also an option to not check anything IP related. This is for people behind firewalls, proxies, or routers that hide the incoming IP address and do not use XFF to provide the original IP.

Aggresively check XFF header information whenever getting IP address, This may help users who have trouble with the IP and start denying themselves.

Next is the custom fields, but before I do that I want to make a “protected by” widget with a spam count. Maybe use as advertising so I could double my book sales. I am hoping to break that $1.00 a month ceiling.

Beta seems to be working well on blogseye.com and two other sites.

Keith

Great news Keith! Nicely done. ??

One more idea/requirement I’ve just discoverd:

– Ability to remove individual email’s and/or ip’s from the backlist (cache).

Discoverd that I had one or two false positives in the backlist – either legitimate users who just happend to be using email domains I had previously banned, else had been unfortunate enough to have their (dynamic) IP’s added to a public blacklist through no fault of their own.

At present, I the only way I can see of allowing them access to my site again is either a) to clear the entire blacklist cache and/or b) add them to the whitelist (which gets checked first, iirc).

Unless there is another way of achieving this I am unaware of?

Thanks again for all your brilliant work! ??

(btw: on one of our clients sites your plugin has so far pevented 45,247 spammers since 2012/07/04 and counting!.Fantastic! And now no registrations clogging up the db either. I would be very happy to make a donation towards this plugin – I’m sure many other people would also (eg: the buddydev site is currently rammed full of spammer registrations, so are most other BP sites i have come across in the wild – they could sure use your plugin!)).

Rob

I added a trashcan to items in the cache.

Be sure to add the new widget to the bottom of your side panel. I will make it customizable in the future, but for now the widget just shows the number of spam attempts stopped and links to the plugin (and a tiny “buy-the-book”).

Keith