Update: Due to lack of time and interest (on my part), I am no longer maintaining JSSpamBlock or ImageScaler.
The way JSSpamBlock has evolved since I first released it has reminded me why I love open-source. From day one, I had users pointing out bugs and features they would like added, sometimes even submitting a fix for the bug or adding a new feature in themselves. Here are some modifications I have come across on other blogs:
After Georg Kaindl and I had a discussion on whether a database was really neccesary (he made some excellent points on why this is not the case, though I still maintain that the extra protection is worth the small cost of time), he released a JSSpamBlock modification as a new plugin called simpleAntiSpam. He also came up with a clever way to require that the form be parsed once by the bot for each post (although the bot can make unlimited comments to a post once it has parsed the form). I have considered making this functionality the default in an upcoming version of JSSpamBlock, since it will be more than enough protection for the average user.
More recently, I got a comment from Brandon Checketts, who had modified JSSpamBlock so that the comment field names were different than the defaults. The reason was that even if spam bots adapt to JSSpamBlock, modified field names will throw them off. Although I can’t see anyone modifying their spam bots to specifically get around my plugin, I have always tried to design it as if they eventually would, so this will likely be a feature in future versions as well.
Kevin Pendleton, another user, has ported JSSpamBlock to Perl. His version is a bit simpler; it uses a hard-coded value instead of a randomly generated one. In my experience with blocking bots, this should be enough to block out the vast majority of spam bots.
Good to hear you are still working on the plugin!
One bug/problem I’ve been noticing with my own implementation (I’m not sure if the original JSSpamBlock is affected as well), is that it filters out trackbacks and pingbacks as well, since those are also handled like comments by WordPress.
However, I’m using the following line of code to exclude those two special types of comments from the anti-spam logic, and it works nicely now. You will have to retrieve the comment from the database, though ($c in this case):
if (preg_match(‘/pingback/i’, $c->comment_type) || preg_match(‘/trackback/i’, $c->comment_type)) { /* always accept, Askimet should handle them */ }
Thanks Georg, I will put this in the next version.
Hello folks,
I have tried randomizing the input field names to see what happens. Still daily >40 spam comments in queue per day
Stargazer
Stargazer, I have checked your blog and it looks like it is installed properly. You must be unfortunate enough to be found by a bot that does execute JavaScript. In the next version of JSSpamBlock I will include optional user agent logging, so that I can investigate this further.
Thanks for the comments,
Paul
Thanks for checking, Paul. If you want to, we could do some testing on my site.
Hi Paul,
just wanted to let you know about my progress here watching and analyzing canned meat. I have noticed that most spam uses BBCode. So I hacked a small 10 lines plugin (in fact, there’ more comment than code). A comment preprocessor filter does most work:
if (preg_match(‘|\[url(\=.*?)?\]|is’, $comment['comment_content'])) wp_die(‘BBCode not accepted nor interpreted’);
It seems like 1.4 dont work with WP 2.3
Heard it b4 ??
Jinge, thanks for letting me know. I will be installing 2.3 on my own blog soon (after my mid-terms) and I will make sure jsspamblock works with it.