Anti-spam - Version 4.1

Version Description

  • 2015-10-25 =
  • added log spam to file feature (huge thanks to Guti
  • prevent full path disclosure
  • added empty index.php file
  • publish plugin to Github
  • added Text Domain for translation.wordpress.org
Download this release

Release Info

Developer webvitaly
Plugin Icon 128x128 Anti-spam
Version 4.1
Comparing to
See all releases

Code changes from version 4.0 to 4.1

Files changed (8) hide show
  1. .gitattributes +17 -0
  2. .gitignore +43 -0
  3. anti-spam-functions.php +32 -10
  4. anti-spam-info.php +77 -75
  5. anti-spam.php +174 -164
  6. index.php +2 -0
  7. js/{anti-spam-4.0.js → anti-spam-4.1.js} +72 -72
  8. readme.txt +31 -6
.gitattributes ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Auto detect text files and perform LF normalization
2
+ * text=auto
3
+
4
+ # Custom for Visual Studio
5
+ *.cs diff=csharp
6
+
7
+ # Standard to msysgit
8
+ *.doc diff=astextplain
9
+ *.DOC diff=astextplain
10
+ *.docx diff=astextplain
11
+ *.DOCX diff=astextplain
12
+ *.dot diff=astextplain
13
+ *.DOT diff=astextplain
14
+ *.pdf diff=astextplain
15
+ *.PDF diff=astextplain
16
+ *.rtf diff=astextplain
17
+ *.RTF diff=astextplain
.gitignore ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Windows image file caches
2
+ Thumbs.db
3
+ ehthumbs.db
4
+
5
+ # Folder config file
6
+ Desktop.ini
7
+
8
+ # Recycle Bin used on file shares
9
+ $RECYCLE.BIN/
10
+
11
+ # Windows Installer files
12
+ *.cab
13
+ *.msi
14
+ *.msm
15
+ *.msp
16
+
17
+ # Windows shortcuts
18
+ *.lnk
19
+
20
+ # =========================
21
+ # Operating System Files
22
+ # =========================
23
+
24
+ # OSX
25
+ # =========================
26
+
27
+ .DS_Store
28
+ .AppleDouble
29
+ .LSOverride
30
+
31
+ # Thumbnails
32
+ ._*
33
+
34
+ # Files that might appear on external disk
35
+ .Spotlight-V100
36
+ .Trashes
37
+
38
+ # Directories potentially created on remote AFP share
39
+ .AppleDB
40
+ .AppleDesktop
41
+ Network Trash Folder
42
+ Temporary Items
43
+ .apdisk
anti-spam-functions.php CHANGED
@@ -1,11 +1,33 @@
1
- <?php
2
-
3
- function antispam_log_stats() {
4
- $antispam_stats = get_option('antispam_stats', array());
5
- if (array_key_exists('blocked_total', $antispam_stats)){
6
- $antispam_stats['blocked_total']++;
7
- } else {
8
- $antispam_stats['blocked_total'] = 1;
9
- }
10
- update_option('antispam_stats', $antispam_stats);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
11
  }
1
+ <?php
2
+
3
+ defined('ABSPATH') OR exit; // prevent full path disclosure
4
+
5
+ function antispam_counter_stats() {
6
+ $antispam_stats = get_option('antispam_stats', array());
7
+ if (array_key_exists('blocked_total', $antispam_stats)){
8
+ $antispam_stats['blocked_total']++;
9
+ } else {
10
+ $antispam_stats['blocked_total'] = 1;
11
+ }
12
+ update_option('antispam_stats', $antispam_stats);
13
+ }
14
+
15
+
16
+ function antispam_log( $spam_comment = '' ) {
17
+
18
+ $log_file_name = plugin_dir_path( __FILE__ ).'log/anti-spam-'.date('Y-m').'.log';
19
+ $log_file = fopen( $log_file_name, 'a' );
20
+ if ($log_file) {
21
+ fwrite( $log_file, $spam_comment );
22
+ fclose( $log_file );
23
+ }
24
+
25
+ // delete old files
26
+ $time_past = strtotime( '-1 year', time() );
27
+ $date_past = date( 'Y-m', $time_past );
28
+ $log_file_name_to_delete = plugin_dir_path( __FILE__ ).'log/anti-spam-'.$date_past.'.log';
29
+ if (file_exists( $log_file_name_to_delete )) {
30
+ unlink( $log_file_name_to_delete );
31
+ }
32
+
33
  }
anti-spam-info.php CHANGED
@@ -1,75 +1,77 @@
1
- <?php
2
-
3
- function antispam_admin_notice() {
4
- global $pagenow;
5
- if ($pagenow == 'edit-comments.php'):
6
- $user_id = get_current_user_id();
7
- $antispam_info_visibility = get_user_meta($user_id, 'antispam_info_visibility', true);
8
- if ($antispam_info_visibility == 1 OR $antispam_info_visibility == ''):
9
- $antispam_stats = get_option('antispam_stats', array());
10
- $blocked_total = $antispam_stats['blocked_total'];
11
- if(empty($blocked_total)){
12
- $blocked_total = 0;
13
- }
14
- ?>
15
- <div class="update-nag antispam-panel-info">
16
- <p style="margin: 0;">
17
- <?php echo $blocked_total; ?> spam comments were blocked by <a href="http://wordpress.org/plugins/anti-spam/">Anti-spam</a> plugin so far.
18
- <a href="http://codecanyon.net/item/antispam-pro/6491169?ref=webvitaly" title="Anti-spam Pro">Upgrade to Pro</a> for more advanced protection.
19
- </p>
20
- </div>
21
- <?php
22
- endif; // end of if($antispam_info_visibility)
23
- endif; // end of if($pagenow == 'edit-comments.php')
24
- }
25
- add_action('admin_notices', 'antispam_admin_notice');
26
-
27
-
28
- function antispam_display_screen_option() {
29
- global $pagenow;
30
- if ($pagenow == 'edit-comments.php'):
31
- $user_id = get_current_user_id();
32
- $antispam_info_visibility = get_user_meta($user_id, 'antispam_info_visibility', true);
33
-
34
- if ($antispam_info_visibility == 1 OR $antispam_info_visibility == '') {
35
- $checked = 'checked="checked"';
36
- } else {
37
- $checked = '';
38
- }
39
-
40
- ?>
41
- <script>
42
- jQuery(function($){
43
- $('.antispam_screen_options_group').insertAfter('#screen-options-wrap #adv-settings');
44
- });
45
- </script>
46
- <form method="post" class="antispam_screen_options_group" style="padding: 20px 0 5px 0;">
47
- <input type="hidden" name="antispam_option_submit" value="1" />
48
- <label>
49
- <input name="antispam_info_visibility" type="checkbox" value="1" <?php echo $checked; ?> />
50
- Anti-spam info
51
- </label>
52
- <input type="submit" class="button" value="<?php _e('Apply'); ?>" />
53
- </form>
54
- <?php
55
- endif; // end of if($pagenow == 'edit-comments.php')
56
- }
57
-
58
-
59
- function antispam_register_screen_option() {
60
- add_filter('screen_layout_columns', 'antispam_display_screen_option');
61
- }
62
- add_action('admin_head', 'antispam_register_screen_option');
63
-
64
-
65
- function antispam_update_screen_option() {
66
- if (isset($_POST['antispam_option_submit']) AND $_POST['antispam_option_submit'] == 1) {
67
- $user_id = get_current_user_id();
68
- if (isset($_POST['antispam_info_visibility']) AND $_POST['antispam_info_visibility'] == 1) {
69
- update_user_meta($user_id, 'antispam_info_visibility', 1);
70
- } else {
71
- update_user_meta($user_id, 'antispam_info_visibility', 0);
72
- }
73
- }
74
- }
75
- add_action('admin_init', 'antispam_update_screen_option');
 
 
1
+ <?php
2
+
3
+ defined('ABSPATH') OR exit; // prevent full path disclosure
4
+
5
+ function antispam_admin_notice() {
6
+ global $pagenow;
7
+ if ($pagenow == 'edit-comments.php'):
8
+ $user_id = get_current_user_id();
9
+ $antispam_info_visibility = get_user_meta($user_id, 'antispam_info_visibility', true);
10
+ if ($antispam_info_visibility == 1 OR $antispam_info_visibility == ''):
11
+ $antispam_stats = get_option('antispam_stats', array());
12
+ $blocked_total = $antispam_stats['blocked_total'];
13
+ if(empty($blocked_total)){
14
+ $blocked_total = 0;
15
+ }
16
+ ?>
17
+ <div class="update-nag antispam-panel-info">
18
+ <p style="margin: 0;">
19
+ <?php echo $blocked_total; ?> spam comments were blocked by <a href="http://wordpress.org/plugins/anti-spam/">Anti-spam</a> plugin so far.
20
+ <a href="http://codecanyon.net/item/antispam-pro/6491169?ref=webvitaly" title="Anti-spam Pro">Upgrade to Pro</a> for more advanced protection.
21
+ </p>
22
+ </div>
23
+ <?php
24
+ endif; // end of if($antispam_info_visibility)
25
+ endif; // end of if($pagenow == 'edit-comments.php')
26
+ }
27
+ add_action('admin_notices', 'antispam_admin_notice');
28
+
29
+
30
+ function antispam_display_screen_option() {
31
+ global $pagenow;
32
+ if ($pagenow == 'edit-comments.php'):
33
+ $user_id = get_current_user_id();
34
+ $antispam_info_visibility = get_user_meta($user_id, 'antispam_info_visibility', true);
35
+
36
+ if ($antispam_info_visibility == 1 OR $antispam_info_visibility == '') {
37
+ $checked = 'checked="checked"';
38
+ } else {
39
+ $checked = '';
40
+ }
41
+
42
+ ?>
43
+ <script>
44
+ jQuery(function($){
45
+ $('.antispam_screen_options_group').insertAfter('#screen-options-wrap #adv-settings');
46
+ });
47
+ </script>
48
+ <form method="post" class="antispam_screen_options_group" style="padding: 20px 0 5px 0;">
49
+ <input type="hidden" name="antispam_option_submit" value="1" />
50
+ <label>
51
+ <input name="antispam_info_visibility" type="checkbox" value="1" <?php echo $checked; ?> />
52
+ Anti-spam info
53
+ </label>
54
+ <input type="submit" class="button" value="<?php _e('Apply'); ?>" />
55
+ </form>
56
+ <?php
57
+ endif; // end of if($pagenow == 'edit-comments.php')
58
+ }
59
+
60
+
61
+ function antispam_register_screen_option() {
62
+ add_filter('screen_layout_columns', 'antispam_display_screen_option');
63
+ }
64
+ add_action('admin_head', 'antispam_register_screen_option');
65
+
66
+
67
+ function antispam_update_screen_option() {
68
+ if (isset($_POST['antispam_option_submit']) AND $_POST['antispam_option_submit'] == 1) {
69
+ $user_id = get_current_user_id();
70
+ if (isset($_POST['antispam_info_visibility']) AND $_POST['antispam_info_visibility'] == 1) {
71
+ update_user_meta($user_id, 'antispam_info_visibility', 1);
72
+ } else {
73
+ update_user_meta($user_id, 'antispam_info_visibility', 0);
74
+ }
75
+ }
76
+ }
77
+ add_action('admin_init', 'antispam_update_screen_option');
anti-spam.php CHANGED
@@ -1,165 +1,175 @@
1
- <?php
2
- /*
3
- Plugin Name: Anti-spam
4
- Plugin URI: http://wordpress.org/plugins/anti-spam/
5
- Description: No spam in comments. No captcha.
6
- Version: 4.0
7
- Author: webvitaly
8
- Author URI: http://web-profile.com.ua/wordpress/plugins/
9
- License: GPLv3
10
- */
11
-
12
- $antispam_send_spam_comment_to_admin = false; // if true, than rejected spam comments will be sent to admin email
13
-
14
- $antispam_allow_trackbacks = false; // if true, than trackbacks will be allowed
15
- // trackbacks almost not used by users, but mostly used by spammers; pingbacks are always enabled
16
- // more about the difference between trackback and pingback - http://web-profile.com.ua/web/trackback-vs-pingback/
17
-
18
- define('ANTISPAM_PLUGIN_VERSION', '4.0');
19
-
20
- $antispam_settings = array(
21
- 'send_spam_comment_to_admin' => $antispam_send_spam_comment_to_admin,
22
- 'allow_trackbacks' => $antispam_allow_trackbacks,
23
- 'admin_email' => get_option('admin_email')
24
- );
25
-
26
- include('anti-spam-functions.php');
27
- include('anti-spam-info.php');
28
-
29
-
30
- function antispam_enqueue_script() {
31
- if (is_singular() && comments_open()) { // load script only for pages with comments form
32
- wp_enqueue_script('anti-spam-script', plugins_url('/js/anti-spam-4.0.js', __FILE__), null, null, true);
33
- }
34
- }
35
- add_action('wp_enqueue_scripts', 'antispam_enqueue_script');
36
-
37
-
38
- function antispam_form_part() {
39
- global $antispam_settings;
40
- $rn = "\r\n"; // .chr(13).chr(10)
41
-
42
- if ( ! is_user_logged_in()) { // add anti-spam fields only for not logged in users
43
- echo ' <p class="antispam-group antispam-group-q" style="clear: both;">
44
- <label>Current ye@r <span class="required">*</span></label>
45
- <input type="hidden" name="antspm-a" class="antispam-control antispam-control-a" value="'.date('Y').'" />
46
- <input type="text" name="antspm-q" class="antispam-control antispam-control-q" value="'.ANTISPAM_PLUGIN_VERSION.'" autocomplete="off" />
47
- </p>'.$rn; // question (hidden with js)
48
- echo ' <p class="antispam-group antispam-group-e" style="display: none;">
49
- <label>Leave this field empty</label>
50
- <input type="text" name="antspm-e-email-url-website" class="antispam-control antispam-control-e" value="" autocomplete="off" />
51
- </p>'.$rn; // empty field (hidden with css); trap for spammers because many bots will try to put email or url here
52
- }
53
- }
54
- add_action('comment_form', 'antispam_form_part'); // add anti-spam inputs to the comment form
55
-
56
-
57
- function antispam_check_comment($commentdata) {
58
- global $antispam_settings;
59
- $rn = "\r\n"; // .chr(13).chr(10)
60
-
61
- extract($commentdata);
62
-
63
- $antispam_pre_error_message = '<p><strong><a href="javascript:window.history.back()">Go back</a></strong> and try again.</p>';
64
- $antispam_error_message = '';
65
-
66
- if ($antispam_settings['send_spam_comment_to_admin']) { // if sending email to admin is enabled
67
- $post = get_post($comment->comment_post_ID);
68
- $antispam_message_spam_info = 'Spam for post: "'.$post->post_title.'"' . $rn;
69
- $antispam_message_spam_info .= get_permalink($comment->comment_post_ID) . $rn.$rn;
70
-
71
- $antispam_message_spam_info .= 'IP: ' . $_SERVER['REMOTE_ADDR'] . $rn;
72
- $antispam_message_spam_info .= 'User agent: ' . $_SERVER['HTTP_USER_AGENT'] . $rn;
73
- $antispam_message_spam_info .= 'Referer: ' . $_SERVER['HTTP_REFERER'] . $rn.$rn;
74
-
75
- $antispam_message_spam_info .= 'Comment data:'.$rn; // lets see what comment data spammers try to submit
76
- foreach ($commentdata as $key => $value) {
77
- $antispam_message_spam_info .= '$commentdata['.$key. '] = '.$value.$rn;
78
- }
79
- $antispam_message_spam_info .= $rn.$rn;
80
-
81
- $antispam_message_spam_info .= 'Post vars:'.$rn; // lets see what post vars spammers try to submit
82
- foreach ($_POST as $key => $value) {
83
- $antispam_message_spam_info .= '$_POST['.$key. '] = '.$value.$rn;
84
- }
85
- $antispam_message_spam_info .= $rn.$rn;
86
-
87
- $antispam_message_spam_info .= 'Cookie vars:'.$rn; // lets see what cookie vars spammers try to submit
88
- foreach ($_COOKIE as $key => $value) {
89
- $antispam_message_spam_info .= '$_COOKIE['.$key. '] = '.$value.$rn;
90
- }
91
- $antispam_message_spam_info .= $rn.$rn;
92
-
93
- $antispam_message_append = '-----------------------------'.$rn;
94
- $antispam_message_append .= 'This is spam comment rejected by Anti-spam plugin - wordpress.org/plugins/anti-spam/' . $rn;
95
- $antispam_message_append .= 'You may edit "anti-spam.php" file and disable this notification.' . $rn;
96
- $antispam_message_append .= 'You should find "$antispam_send_spam_comment_to_admin" and make it equal to "false".' . $rn;
97
- }
98
-
99
- if ( ! is_user_logged_in() && $comment_type != 'pingback' && $comment_type != 'trackback') { // logged in user is not a spammer
100
- $spam_flag = false;
101
-
102
- if ( trim($_POST['antspm-q']) != date('Y') ) { // year-answer is wrong - it is spam
103
- if ( trim($_POST['antspm-d']) != date('Y') ) { // extra js-only check: there is no js added input - it is spam
104
- $spam_flag = true;
105
- if (empty($_POST['antspm-q'])) { // empty answer - it is spam
106
- $antispam_error_message .= 'Error: empty answer. ['.$_POST['antspm-q'].']<br> '.$rn;
107
- } else {
108
- $antispam_error_message .= 'Error: answer is wrong. ['.$_POST['antspm-q'].']<br> '.$rn;
109
- }
110
- }
111
- }
112
-
113
- if ( ! empty($_POST['antspm-e-email-url-website'])) { // trap field is not empty - it is spam
114
- $spam_flag = true;
115
- $antispam_error_message .= 'Error: field should be empty. ['.$_POST['antspm-e-email-url-website'].']<br> '.$rn;
116
- }
117
-
118
- if ($spam_flag) { // it is spam
119
- $antispam_error_message .= '<strong>Comment was blocked because it is spam.</strong><br> ';
120
- if ($antispam_settings['send_spam_comment_to_admin']) {
121
- $antispam_subject = 'Spam comment on site ['.get_bloginfo('name').']'; // email subject
122
- $antispam_message = '';
123
- $antispam_message .= $antispam_error_message . $rn.$rn;
124
- $antispam_message .= $antispam_message_spam_info; // spam comment, post, cookie and other data
125
- $antispam_message .= $antispam_message_append;
126
- @wp_mail($antispam_settings['admin_email'], $antispam_subject, $antispam_message); // send spam comment to admin email
127
- }
128
- antispam_log_stats();
129
- wp_die( $antispam_pre_error_message . $antispam_error_message ); // die - do not send comment and show errors
130
- }
131
- }
132
-
133
- if ( ! $antispam_settings['allow_trackbacks']) { // if trackbacks are blocked (pingbacks are alowed)
134
- if ($comment_type == 'trackback') { // if trackbacks ( || $comment_type == 'pingback')
135
- $antispam_error_message .= 'Error: trackbacks are disabled.<br> ';
136
- if ($antispam_settings['send_spam_comment_to_admin']) { // if sending email to admin is enabled
137
- $antispam_subject = 'Spam trackback on site ['.get_bloginfo('name').']'; // email subject
138
- $antispam_message = '';
139
- $antispam_message .= $antispam_error_message . $rn.$rn;
140
- $antispam_message .= $antispam_message_spam_info; // spam comment, post, cookie and other data
141
- $antispam_message .= $antispam_message_append;
142
- @wp_mail($antispam_settings['admin_email'], $antispam_subject, $antispam_message); // send trackback comment to admin email
143
- }
144
- antispam_log_stats();
145
- wp_die($antispam_pre_error_message . $antispam_error_message); // die - do not send trackback
146
- }
147
- }
148
-
149
- return $commentdata; // if comment does not looks like spam
150
- }
151
-
152
- if ( ! is_admin()) {
153
- add_filter('preprocess_comment', 'antispam_check_comment', 1);
154
- }
155
-
156
-
157
- function antispam_plugin_meta($links, $file) { // add some links to plugin meta row
158
- if (strpos($file, 'anti-spam/anti-spam.php') !== false) {
159
- $links = array_merge($links, array('<a href="http://web-profile.com.ua/wordpress/plugins/anti-spam/" title="Plugin page">Anti-spam</a>'));
160
- $links = array_merge($links, array('<a href="http://web-profile.com.ua/donate/" title="Support the development">Donate</a>'));
161
- $links = array_merge($links, array('<a href="http://codecanyon.net/item/antispam-pro/6491169?ref=webvitaly" title="Upgrade to Pro">Anti-spam Pro</a>'));
162
- }
163
- return $links;
164
- }
 
 
 
 
 
 
 
 
 
 
165
  add_filter('plugin_row_meta', 'antispam_plugin_meta', 10, 2);
1
+ <?php
2
+ /*
3
+ Plugin Name: Anti-spam
4
+ Plugin URI: http://wordpress.org/plugins/anti-spam/
5
+ Description: No spam in comments. No captcha.
6
+ Version: 4.1
7
+ Author: webvitaly
8
+ Text Domain: anti-spam
9
+ Author URI: http://web-profile.com.ua/wordpress/plugins/
10
+ License: GPLv3
11
+ */
12
+
13
+ defined('ABSPATH') OR exit; // prevent full path disclosure
14
+
15
+ $antispam_send_spam_comment_to_admin = false; // if true, than rejected spam comments will be sent to admin email
16
+ $antispam_log_spam_comment = false; // if true, than rejected spam comments will be logged to wp-content/plugins/anti-spam/log/anti-spam-2015-11.log
17
+ $antispam_allow_trackbacks = false; // if true, than trackbacks will be allowed
18
+ // trackbacks almost not used by users, but mostly used by spammers; pingbacks are always enabled
19
+ // more about the difference between trackback and pingback - http://web-profile.com.ua/web/trackback-vs-pingback/
20
+
21
+ define('ANTISPAM_PLUGIN_VERSION', '4.1');
22
+
23
+ $antispam_settings = array(
24
+ 'send_spam_comment_to_admin' => $antispam_send_spam_comment_to_admin,
25
+ 'allow_trackbacks' => $antispam_allow_trackbacks,
26
+ 'admin_email' => get_option('admin_email'),
27
+ 'log_spam_comment' => $antispam_log_spam_comment
28
+ );
29
+
30
+ include('anti-spam-functions.php');
31
+ include('anti-spam-info.php');
32
+
33
+
34
+ function antispam_enqueue_script() {
35
+ if (is_singular() && comments_open()) { // load script only for pages with comments form
36
+ wp_enqueue_script('anti-spam-script', plugins_url('/js/anti-spam-4.1.js', __FILE__), null, null, true);
37
+ }
38
+ }
39
+ add_action('wp_enqueue_scripts', 'antispam_enqueue_script');
40
+
41
+
42
+ function antispam_form_part() {
43
+ global $antispam_settings;
44
+ $rn = "\r\n"; // .chr(13).chr(10)
45
+
46
+ if ( ! is_user_logged_in()) { // add anti-spam fields only for not logged in users
47
+ echo ' <p class="antispam-group antispam-group-q" style="clear: both;">
48
+ <label>Current ye@r <span class="required">*</span></label>
49
+ <input type="hidden" name="antspm-a" class="antispam-control antispam-control-a" value="'.date('Y').'" />
50
+ <input type="text" name="antspm-q" class="antispam-control antispam-control-q" value="'.ANTISPAM_PLUGIN_VERSION.'" autocomplete="off" />
51
+ </p>'.$rn; // question (hidden with js)
52
+ echo ' <p class="antispam-group antispam-group-e" style="display: none;">
53
+ <label>Leave this field empty</label>
54
+ <input type="text" name="antspm-e-email-url-website" class="antispam-control antispam-control-e" value="" autocomplete="off" />
55
+ </p>'.$rn; // empty field (hidden with css); trap for spammers because many bots will try to put email or url here
56
+ }
57
+ }
58
+ add_action('comment_form', 'antispam_form_part'); // add anti-spam inputs to the comment form
59
+
60
+
61
+ function antispam_check_comment($commentdata) {
62
+ global $antispam_settings;
63
+ $rn = "\r\n"; // .chr(13).chr(10)
64
+
65
+ extract($commentdata);
66
+
67
+ $antispam_pre_error_message = '<p><strong><a href="javascript:window.history.back()">Go back</a></strong> and try again.</p>';
68
+ $antispam_error_message = '';
69
+
70
+ if (($antispam_settings['send_spam_comment_to_admin']) || ($antispam_settings['log_spam_comment'])) { // if sending email to admin is enabled or loging
71
+ $post = get_post($comment->comment_post_ID);
72
+ $antispam_message_spam_info = 'Spam for post: "'.$post->post_title.'"' . $rn;
73
+ $antispam_message_spam_info .= get_permalink($comment->comment_post_ID) . $rn.$rn;
74
+
75
+ $antispam_message_spam_info .= 'IP: ' . $_SERVER['REMOTE_ADDR'] . $rn;
76
+ $antispam_message_spam_info .= 'User agent: ' . $_SERVER['HTTP_USER_AGENT'] . $rn;
77
+ $antispam_message_spam_info .= 'Referer: ' . $_SERVER['HTTP_REFERER'] . $rn.$rn;
78
+
79
+ $antispam_message_spam_info .= 'Comment data:'.$rn; // lets see what comment data spammers try to submit
80
+ foreach ($commentdata as $key => $value) {
81
+ $antispam_message_spam_info .= '$commentdata['.$key. '] = '.$value.$rn;
82
+ }
83
+ $antispam_message_spam_info .= $rn.$rn;
84
+
85
+ $antispam_message_spam_info .= 'Post vars:'.$rn; // lets see what post vars spammers try to submit
86
+ foreach ($_POST as $key => $value) {
87
+ $antispam_message_spam_info .= '$_POST['.$key. '] = '.$value.$rn;
88
+ }
89
+ $antispam_message_spam_info .= $rn.$rn;
90
+
91
+ $antispam_message_spam_info .= 'Cookie vars:'.$rn; // lets see what cookie vars spammers try to submit
92
+ foreach ($_COOKIE as $key => $value) {
93
+ $antispam_message_spam_info .= '$_COOKIE['.$key. '] = '.$value.$rn;
94
+ }
95
+ $antispam_message_spam_info .= $rn.$rn;
96
+
97
+ $antispam_message_append = '-----------------------------'.$rn;
98
+ $antispam_message_append .= 'This is spam comment rejected by Anti-spam plugin - wordpress.org/plugins/anti-spam/' . $rn;
99
+ $antispam_message_append .= 'You may edit "anti-spam.php" file and disable this notification.' . $rn;
100
+ $antispam_message_append .= 'You should find "$antispam_send_spam_comment_to_admin" and make it equal to "false".' . $rn;
101
+ }
102
+
103
+ if ( ! is_user_logged_in() && $comment_type != 'pingback' && $comment_type != 'trackback') { // logged in user is not a spammer
104
+ $spam_flag = false;
105
+
106
+ if ( trim($_POST['antspm-q']) != date('Y') ) { // year-answer is wrong - it is spam
107
+ if ( trim($_POST['antspm-d']) != date('Y') ) { // extra js-only check: there is no js added input - it is spam
108
+ $spam_flag = true;
109
+ if (empty($_POST['antspm-q'])) { // empty answer - it is spam
110
+ $antispam_error_message .= 'Error: empty answer. ['.$_POST['antspm-q'].']<br> '.$rn;
111
+ } else {
112
+ $antispam_error_message .= 'Error: answer is wrong. ['.$_POST['antspm-q'].']<br> '.$rn;
113
+ }
114
+ }
115
+ }
116
+
117
+ if ( ! empty($_POST['antspm-e-email-url-website'])) { // trap field is not empty - it is spam
118
+ $spam_flag = true;
119
+ $antispam_error_message .= 'Error: field should be empty. ['.$_POST['antspm-e-email-url-website'].']<br> '.$rn;
120
+ }
121
+
122
+ if ($spam_flag) { // it is spam
123
+ $antispam_error_message .= '<strong>Comment was blocked because it is spam.</strong><br> ';
124
+ if ($antispam_settings['send_spam_comment_to_admin']) {
125
+ $antispam_subject = 'Spam comment on site ['.get_bloginfo('name').']'; // email subject
126
+ $antispam_message = '';
127
+ $antispam_message .= $antispam_error_message . $rn.$rn;
128
+ $antispam_message .= $antispam_message_spam_info; // spam comment, post, cookie and other data
129
+ $antispam_message .= $antispam_message_append;
130
+ @wp_mail($antispam_settings['admin_email'], $antispam_subject, $antispam_message); // send spam comment to admin email
131
+ }
132
+ if ($antispam_settings['log_spam_comment']) {
133
+ $antispam_message = $rn.$rn.'========== ========== =========='.$rn.$rn;
134
+ $antispam_message .= $antispam_error_message . $rn.$rn;
135
+ $antispam_message .= $antispam_message_spam_info; // spam comment, post, cookie and other data
136
+ antispam_log( $antispam_message );
137
+ }
138
+ antispam_counter_stats();
139
+ wp_die( $antispam_pre_error_message . $antispam_error_message ); // die - do not send comment and show errors
140
+ }
141
+ }
142
+
143
+ if ( ! $antispam_settings['allow_trackbacks']) { // if trackbacks are blocked (pingbacks are alowed)
144
+ if ($comment_type == 'trackback') { // if trackbacks ( || $comment_type == 'pingback')
145
+ $antispam_error_message .= 'Error: trackbacks are disabled.<br> ';
146
+ if ($antispam_settings['send_spam_comment_to_admin']) { // if sending email to admin is enabled
147
+ $antispam_subject = 'Spam trackback on site ['.get_bloginfo('name').']'; // email subject
148
+ $antispam_message = '';
149
+ $antispam_message .= $antispam_error_message . $rn.$rn;
150
+ $antispam_message .= $antispam_message_spam_info; // spam comment, post, cookie and other data
151
+ $antispam_message .= $antispam_message_append;
152
+ @wp_mail($antispam_settings['admin_email'], $antispam_subject, $antispam_message); // send trackback comment to admin email
153
+ }
154
+ antispam_counter_stats();
155
+ wp_die($antispam_pre_error_message . $antispam_error_message); // die - do not send trackback
156
+ }
157
+ }
158
+
159
+ return $commentdata; // if comment does not looks like spam
160
+ }
161
+
162
+ if ( ! is_admin()) {
163
+ add_filter('preprocess_comment', 'antispam_check_comment', 1);
164
+ }
165
+
166
+
167
+ function antispam_plugin_meta($links, $file) { // add some links to plugin meta row
168
+ if (strpos($file, 'anti-spam/anti-spam.php') !== false) {
169
+ $links = array_merge($links, array('<a href="http://web-profile.com.ua/wordpress/plugins/anti-spam/" title="Plugin page">Anti-spam</a>'));
170
+ $links = array_merge($links, array('<a href="http://web-profile.com.ua/donate/" title="Support the development">Donate</a>'));
171
+ $links = array_merge($links, array('<a href="http://codecanyon.net/item/antispam-pro/6491169?ref=webvitaly" title="Upgrade to Pro">Anti-spam Pro</a>'));
172
+ }
173
+ return $links;
174
+ }
175
  add_filter('plugin_row_meta', 'antispam_plugin_meta', 10, 2);
index.php ADDED
@@ -0,0 +1,2 @@
 
 
1
+ <?php
2
+ // Silence is golden.
js/{anti-spam-4.0.js → anti-spam-4.1.js} RENAMED
@@ -1,73 +1,73 @@
1
- /*
2
- Anti-spam plugin
3
- No spam in comments. No captcha.
4
- wordpress.org/plugins/anti-spam/
5
- */
6
-
7
- "use strict";
8
- (function() {
9
- function anti_spam_init() {
10
-
11
- var i,
12
- len,
13
- elements,
14
- answer = '',
15
- current_year = new Date().getFullYear(),
16
- dynamic_control;
17
-
18
- elements = document.querySelectorAll('.antispam-group');
19
- len = elements.length;
20
- for (i = 0; i < len; i++) { // hide inputs from users
21
- elements[i].style.display = 'none';
22
- }
23
-
24
- elements = document.querySelectorAll('.antispam-control-a');
25
- if ((elements) && (elements.length > 0)) { // get the answer
26
- answer = elements[0].value;
27
- }
28
-
29
- elements = document.querySelectorAll('.antispam-control-q');
30
- len = elements.length;
31
- for (i = 0; i < len; i++) { // set answer into other input instead of user
32
- elements[i].value = answer;
33
- }
34
-
35
- // clear value of the empty input because some themes are adding some value for all inputs
36
- elements = document.querySelectorAll('.antispam-control-e');
37
- len = elements.length;
38
- for (i = 0; i < len; i++) {
39
- elements[i].value = '';
40
- }
41
-
42
- //dynamic_control = '<input type="text" name="antspm-d" class="antispam-control antispam-control-d" value="' + current_year + '" />';
43
- dynamic_control = document.createElement('input');
44
- dynamic_control.setAttribute('type', 'hidden');
45
- dynamic_control.setAttribute('name', 'antspm-d');
46
- dynamic_control.setAttribute('class', 'antispam-control antispam-control-d');
47
- dynamic_control.setAttribute('value', current_year);
48
-
49
- // add input for every comment form if there are more than 1 form with IDs: comments, respond or commentform
50
- elements = document.querySelectorAll('form');
51
- len = elements.length;
52
- for (i = 0; i < len; i++) {
53
- if ( (elements[i].id === 'comments') || (elements[i].id === 'respond') || (elements[i].id === 'commentform') ) {
54
- var class_index = elements[i].className.indexOf('anti-spam-form-processed');
55
- if ( class_index == -1 ) { // form is not yet js processed
56
- //elements[i].innerHTML += dynamic_control; // not working
57
- elements[i].appendChild(dynamic_control);
58
- elements[i].className = elements[i].className + ' anti-spam-form-processed';
59
- }
60
- }
61
- }
62
- }
63
-
64
- if (document.addEventListener) {
65
- document.addEventListener('DOMContentLoaded', anti_spam_init, false);
66
- }
67
-
68
- // set 1 second timeout for having form loaded and adding support for browsers which does not support 'DOMContentLoaded' listener
69
- setTimeout(function () {
70
- anti_spam_init();
71
- }, 1000);
72
-
73
  })();
1
+ /*
2
+ Anti-spam plugin
3
+ No spam in comments. No captcha.
4
+ wordpress.org/plugins/anti-spam/
5
+ */
6
+
7
+ "use strict";
8
+ (function() {
9
+ function anti_spam_init() {
10
+
11
+ var i,
12
+ len,
13
+ elements,
14
+ answer = '',
15
+ current_year = new Date().getFullYear(),
16
+ dynamic_control;
17
+
18
+ elements = document.querySelectorAll('.antispam-group');
19
+ len = elements.length;
20
+ for (i = 0; i < len; i++) { // hide inputs from users
21
+ elements[i].style.display = 'none';
22
+ }
23
+
24
+ elements = document.querySelectorAll('.antispam-control-a');
25
+ if ((elements) && (elements.length > 0)) { // get the answer
26
+ answer = elements[0].value;
27
+ }
28
+
29
+ elements = document.querySelectorAll('.antispam-control-q');
30
+ len = elements.length;
31
+ for (i = 0; i < len; i++) { // set answer into other input instead of user
32
+ elements[i].value = answer;
33
+ }
34
+
35
+ // clear value of the empty input because some themes are adding some value for all inputs
36
+ elements = document.querySelectorAll('.antispam-control-e');
37
+ len = elements.length;
38
+ for (i = 0; i < len; i++) {
39
+ elements[i].value = '';
40
+ }
41
+
42
+ //dynamic_control = '<input type="text" name="antspm-d" class="antispam-control antispam-control-d" value="' + current_year + '" />';
43
+ dynamic_control = document.createElement('input');
44
+ dynamic_control.setAttribute('type', 'hidden');
45
+ dynamic_control.setAttribute('name', 'antspm-d');
46
+ dynamic_control.setAttribute('class', 'antispam-control antispam-control-d');
47
+ dynamic_control.setAttribute('value', current_year);
48
+
49
+ // add input for every comment form if there are more than 1 form with IDs: comments, respond or commentform
50
+ elements = document.querySelectorAll('form');
51
+ len = elements.length;
52
+ for (i = 0; i < len; i++) {
53
+ if ( (elements[i].id === 'comments') || (elements[i].id === 'respond') || (elements[i].id === 'commentform') ) {
54
+ var class_index = elements[i].className.indexOf('anti-spam-form-processed');
55
+ if ( class_index == -1 ) { // form is not yet js processed
56
+ //elements[i].innerHTML += dynamic_control; // not working
57
+ elements[i].appendChild(dynamic_control);
58
+ elements[i].className = elements[i].className + ' anti-spam-form-processed';
59
+ }
60
+ }
61
+ }
62
+ }
63
+
64
+ if (document.addEventListener) {
65
+ document.addEventListener('DOMContentLoaded', anti_spam_init, false);
66
+ }
67
+
68
+ // set 1 second timeout for having form loaded and adding support for browsers which does not support 'DOMContentLoaded' listener
69
+ setTimeout(function () {
70
+ anti_spam_init();
71
+ }, 1000);
72
+
73
  })();
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://web-profile.com.ua/donate/
4
  Tags: spam, spammer, comment, comments, comment-spam, antispam, anti-spam, block-spam, spam-free, spambot, spam-bot, bot
5
  Requires at least: 3.3
6
  Tested up to: 4.5
7
- Stable tag: 4.0
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl.html
10
 
@@ -14,7 +14,14 @@ No spam in comments. No captcha.
14
 
15
  > **[Anti-spam Pro](http://codecanyon.net/item/antispam-pro/6491169?ref=webvitaly "Upgrade to Pro")** |
16
  > **[Anti-spam](http://web-profile.com.ua/wordpress/plugins/anti-spam/ "Plugin page")** |
17
- > **[Donate](http://web-profile.com.ua/donate/ "Support the development")**
 
 
 
 
 
 
 
18
 
19
  **Why humans should prove that they are humans by filling captchas? Lets bots prove that they are not bots with adding javascript to their user-agents!**
20
 
@@ -24,6 +31,7 @@ Anti-spam plugin blocks spam in comments automatically, invisibly for users and
24
  * **no moderation queues**, because spam is not administrators' problem
25
  * **no settings page**, because it is great to forget about spam completely and keep admin section clean
26
 
 
27
  Plugin is easy to use: just install it and it just works.
28
 
29
  **Plugin blocks spam only in comments section**.
@@ -60,7 +68,7 @@ You can use [Anti-spam Pro](http://codecanyon.net/item/antispam-pro/6491169?ref=
60
 
61
  The blocking algorithm is based on 2 methods: 'invisible js-captcha' and 'invisible input trap' (aka honeypot technique).
62
 
63
- = How does 'invisible js-captcha' method work? =
64
 
65
  The 'invisible js-captcha' method is based on fact that bots does not have javascript on their user-agents.
66
  Extra hidden field is added to comments form.
@@ -76,12 +84,22 @@ This field is hidden for the user and user will not fill it.
76
  But this field is visible for the spammer.
77
  If the spammer will fill this trap-field with anything - the comment will be blocked because it is spam.
78
 
79
- = How to test what spam comments are rejected? =
 
 
 
 
 
 
80
 
81
  You may enable sending all rejected spam comments to admin email.
82
  Edit [anti-spam.php](http://plugins.trac.wordpress.org/browser/anti-spam/trunk/anti-spam.php) file and find "$antispam_send_spam_comment_to_admin" and make it "true".
83
- You can also find the info block with total spam blocked counter in the admin comments section.
84
- You can hide or show this info block in the "Screen Options" section. The info block visibility option is saved per user.
 
 
 
 
85
 
86
  = Does plugin block spam from Contact or other forms? =
87
 
@@ -118,6 +136,13 @@ The plugin is pretty small and easy to read.
118
 
119
  == Changelog ==
120
 
 
 
 
 
 
 
 
121
  = 4.0 - 2015-10-11 =
122
  * dropped jQuery dependency (huge thanks to [Guti](http://www.javiergutierrezchamorro.com/ "Javier Gutiérrez Chamorro") for rewriting javascript code from scratch. Força Barça! )
123
  * fixed issue with empty blocked spam counter (showing zero instead of nothing)
4
  Tags: spam, spammer, comment, comments, comment-spam, antispam, anti-spam, block-spam, spam-free, spambot, spam-bot, bot
5
  Requires at least: 3.3
6
  Tested up to: 4.5
7
+ Stable tag: 4.1
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl.html
10
 
14
 
15
  > **[Anti-spam Pro](http://codecanyon.net/item/antispam-pro/6491169?ref=webvitaly "Upgrade to Pro")** |
16
  > **[Anti-spam](http://web-profile.com.ua/wordpress/plugins/anti-spam/ "Plugin page")** |
17
+ > **[Donate](http://web-profile.com.ua/donate/ "Support the development")** |
18
+ > **[Github](https://github.com/webvitaly/anti-spam "Fork")**
19
+
20
+
21
+ **Captcha madness:**
22
+
23
+ [youtube https://www.youtube.com/watch?v=WqnXp6Saa8Y]
24
+
25
 
26
  **Why humans should prove that they are humans by filling captchas? Lets bots prove that they are not bots with adding javascript to their user-agents!**
27
 
31
  * **no moderation queues**, because spam is not administrators' problem
32
  * **no settings page**, because it is great to forget about spam completely and keep admin section clean
33
 
34
+
35
  Plugin is easy to use: just install it and it just works.
36
 
37
  **Plugin blocks spam only in comments section**.
68
 
69
  The blocking algorithm is based on 2 methods: 'invisible js-captcha' and 'invisible input trap' (aka honeypot technique).
70
 
71
+ = How does 'invisible js-captcha' method (aka honeypot) work? =
72
 
73
  The 'invisible js-captcha' method is based on fact that bots does not have javascript on their user-agents.
74
  Extra hidden field is added to comments form.
84
  But this field is visible for the spammer.
85
  If the spammer will fill this trap-field with anything - the comment will be blocked because it is spam.
86
 
87
+ = How to know the counter of blocked spam comments? =
88
+
89
+ You can find the info block with total spam blocked counter in the admin comments section.
90
+ You can hide or show this info block in the "Screen Options" section.
91
+ The visibility option for this info block is saved per user.
92
+
93
+ = How to test what spam comments were blocked? =
94
 
95
  You may enable sending all rejected spam comments to admin email.
96
  Edit [anti-spam.php](http://plugins.trac.wordpress.org/browser/anti-spam/trunk/anti-spam.php) file and find "$antispam_send_spam_comment_to_admin" and make it "true".
97
+ Or you may log all blocked spam comments to log files.
98
+ Edit [anti-spam.php](http://plugins.trac.wordpress.org/browser/anti-spam/trunk/anti-spam.php) file and find "$antispam_log_spam_comment" and make it "true".
99
+ Spam comments will be saved in the file: http://site.com/wp-content/plugins/anti-spam/log/anti-spam-2015-12.log (where "site.com" is the domain and "2015-12" is year and month).
100
+ Spam log is stored in files per month and history will be saved for 1 year and older log files will be deleted automatically.
101
+ These features are made for debug purposes and values for these flags will be overwritten after plugin's update.
102
+ These features are disabled by default.
103
 
104
  = Does plugin block spam from Contact or other forms? =
105
 
136
 
137
  == Changelog ==
138
 
139
+ = 4.1 - 2015-10-25 =
140
+ * added log spam to file feature (huge thanks to [Guti](http://www.javiergutierrezchamorro.com/ "Javier Gutiérrez Chamorro")
141
+ * prevent full path disclosure
142
+ * added empty index.php file
143
+ * publish plugin to Github
144
+ * added Text Domain for translation.wordpress.org
145
+
146
  = 4.0 - 2015-10-11 =
147
  * dropped jQuery dependency (huge thanks to [Guti](http://www.javiergutierrezchamorro.com/ "Javier Gutiérrez Chamorro") for rewriting javascript code from scratch. Força Barça! )
148
  * fixed issue with empty blocked spam counter (showing zero instead of nothing)