NP_SpamSlower.php

NP_SpamSlower is a spam-fighting plugin that strives to limit rapid-fire spambots and bots without javascript enabled. It does nothing to parse comment body or otherwise detect spam. Comments from members are not subjected to these tests.

It can (and probably should) be used with other spam-fighting plugins and techniques.

1. Unzip the file and upload the contents to your plugin directory
2. Install the plugin
3. Configure the plugin options to your liking. See below for details.

The plugin will work just by being installed. You may want to adjust the options as described below to be more strict or lenient than the defaults. You can see what the plugin has done by going to the plugin's admin page to view stats and logs.

It has four main functions:

1. Seeks to slow automated spammers by setting a minimum time between comments coming from the same IP (configurable, defaults to 30 sec).

2. Seeks to slow automated spammers by setting a maximum number of comments from a single IP address over a period of time (configurable, default 4 comments in 10 minute span).

3. Put a spam ticket into each comment form that is valid for 30 minutes from the time the form is loaded. Comments not accepted with invalid or expired tickets.

4. Puts extra field on comment form if javascript is turned off (most bots do not enable javascript, but most people do). User must enter a random string given with the field. Most auto-spamming bots do not have script enabled so they will see this field and must find and enter the correct string. Most valid users have script enabled, and if not will easily solve the request.

Each time an IP address fails one of these tests, it gets a “strike” recorded against it. After a configurable number of strikes (default is 3), the IP address gets banned.

• None

• Show Admin Area in quick menu? (yesno) default yes. Whether to show link to plugin's admin page on left navigation bar of Nucleus admin area.
• Delete NP_SpamSlower data tables on uninstall? (yesno). default no. Whether to delete plugin's db tables when you uninstall. Should be set to no unless you plan to never re-install the plugin.
• Max number of strikes before ban (number). default 3. After how many strikes (failed attempts) should the IP address be banned? The default of 3 is somewhat aggressive and will result in many IP bans in your Nucleus ban table. If that is not desirable for you, set this to a higher number. Use a really high number to 'disable' banning.
• Minimum time (in seconds) between submits from same IP (number) default 30. The minimum number of seconds between submitted comments. If a visitor tries to submit a comment less than this number of seconds after the last one from this IP, he will receive an error message indicating he needs to wait for a little while before trying again. This number should probably be between 15 and 60 seconds.
• Maximum submits per 10 minute period (number) default 4. The maximum number of comments a user can submit within a 10 minute period. The default of 4 is probably slightly aggressive, but should be a good number for all but cases where your users have interactive discussions in comments.
• Number of days to keep log entries (number) default 7. The number of days worth of log files to keep. Keeping too many days worth of log files could result in excessive database storage. The default is probably good for most sites. Large volume sites may consider lowering the number.

• For sites running multiple blogs, all blogs must have the same time offset as the default blog for the time based tests to work properly.
• If running it with NP_Captcha, or other plugin that subscribes to the ValidateForm plugin API event, it will work better if NP_SpamSlower appears higher on the list of installed plugins.

• Version 1.10, released 18 Nov 2010
  • first public release