Version Description
- continued general cleanup
- continued design improvements
- reorganized menu
- reintroduced beta features
- removed add-ons
Download this release
Release Info
Developer | bhadaway |
Plugin | Stop Spammers |
Version | 7.0.2 |
Comparing to | |
See all releases |
Code changes from version 7.0.1 to 7.0.2
- classes/ss_challenge.php +1 -1
- classes/ss_check_white.php +1 -1
- classes/ss_get_alreq.php +1 -1
- classes/ss_get_bcache.php +1 -1
- classes/ss_get_options.php +3 -4
- classes/ss_log_bad.php +1 -1
- css/admin.css +2 -0
- includes/ss-admin-options.php +1 -1
- includes/stop-spam-utils.php +1 -1
- modules/chkadmin.php +1 -1
- modules/chkbbcode.php +2 -2
- modules/chkdisp.php +1 -1
- modules/chkexploits.php +3 -3
- modules/chklong.php +3 -3
- modules/chkmulti.php +1 -1
- modules/chkscripts.php +1 -1
- modules/chksession.php +1 -1
- modules/chkspamwords.php +1 -1
- modules/chkvalidip.php +2 -2
- modules/chkwlist.php +1 -1
- readme.txt +16 -4
- settings/settings.php +53 -68
- settings/ss_addons.php +0 -94
- settings/ss_allowlist_settings.php +1 -1
- settings/ss_cache.php +1 -1
- settings/ss_network.php +1 -1
- settings/ss_option_maint.php +2 -1
- settings/ss_summary.php +18 -12
- settings/ss_threat_scan.php +1 -0
- settings/ss_webservices_settings.php +1 -1
- stop-spammer-registrations-new.php +6 -5
classes/ss_challenge.php
CHANGED
@@ -337,7 +337,7 @@ User Message: ". $km ."
|
|
337 |
|
338 |
Please be aware that the user has been recognized as a potential spammer.
|
339 |
|
340 |
-
Some spam robots
|
341 |
|
342 |
— Stop Spammers";
|
343 |
$message=wordwrap($message, 70, "\r\n");
|
337 |
|
338 |
Please be aware that the user has been recognized as a potential spammer.
|
339 |
|
340 |
+
Some spam robots fill out the request form with a fake explanation.
|
341 |
|
342 |
— Stop Spammers";
|
343 |
$message=wordwrap($message, 70, "\r\n");
|
classes/ss_check_white.php
CHANGED
@@ -22,7 +22,7 @@ if (!empty($add)&&is_array($add)) {
|
|
22 |
$reason=be_load($add);
|
23 |
if ($reason!==false) {
|
24 |
// need to log a passed hit on post here
|
25 |
-
ss_log_good(ss_get_ip(),$reason,$add[1],$add); //
|
26 |
return $reason;
|
27 |
}
|
28 |
}
|
22 |
$reason=be_load($add);
|
23 |
if ($reason!==false) {
|
24 |
// need to log a passed hit on post here
|
25 |
+
ss_log_good(ss_get_ip(),$reason,$add[1],$add); // added get IP because it might be altered
|
26 |
return $reason;
|
27 |
}
|
28 |
}
|
classes/ss_get_alreq.php
CHANGED
@@ -1,5 +1,5 @@
|
|
1 |
<?php
|
2 |
-
// this does the get for the tbody in
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
class ss_get_alreq {
|
5 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
1 |
<?php
|
2 |
+
// this does the get for the tbody in Allow Requests
|
3 |
if (!defined('ABSPATH')) exit;
|
4 |
class ss_get_alreq {
|
5 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
classes/ss_get_bcache.php
CHANGED
@@ -17,7 +17,7 @@ $show='';
|
|
17 |
foreach ($badips as $key => $value) {
|
18 |
$who="<a title=\"Check WHOIS\" target=\"_stopspam\" href=\"http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=$key\"><img src=\"$whois\" height=\"16px\"/></a>";
|
19 |
$show.="<a href=\"http://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
|
20 |
-
// try
|
21 |
$onclick="onclick=\"sfs_ajax_process('$key','$container','$cachedel','$ajaxurl');return false;\"";
|
22 |
$show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
|
23 |
$onclick="onclick=\"sfs_ajax_process('$key','$container','add_black','$ajaxurl');return false;\"";
|
17 |
foreach ($badips as $key => $value) {
|
18 |
$who="<a title=\"Check WHOIS\" target=\"_stopspam\" href=\"http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=$key\"><img src=\"$whois\" height=\"16px\"/></a>";
|
19 |
$show.="<a href=\"http://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
|
20 |
+
// try AJAX on the delete from bad cache
|
21 |
$onclick="onclick=\"sfs_ajax_process('$key','$container','$cachedel','$ajaxurl');return false;\"";
|
22 |
$show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
|
23 |
$onclick="onclick=\"sfs_ajax_process('$key','$container','add_black','$ajaxurl');return false;\"";
|
classes/ss_get_options.php
CHANGED
@@ -70,7 +70,7 @@ $defaultsCTRL=array(
|
|
70 |
'chkxff'=>'N', // ????
|
71 |
'notify'=>'Y',
|
72 |
'chkspoof'=>'N', // ???
|
73 |
-
'filterregistrations'=>'Y' // filter registration attempts
|
74 |
);
|
75 |
$defaultARRAY=array(
|
76 |
'badagents'=>array(
|
@@ -428,10 +428,9 @@ $defaults=array(
|
|
428 |
'ss_sp_cache_em'=>4,
|
429 |
'redirurl'=>'',
|
430 |
'logfilesize'=>0,
|
431 |
-
'rejectmessage'=>"Access Denied<br/>
|
432 |
-
This site is protected by the Stop Spammer Registrations Plugin.<br/>"
|
433 |
);
|
434 |
-
$defaultCOUNTRY=array( // all
|
435 |
'chkAD'=>'N',
|
436 |
'chkAE'=>'N',
|
437 |
'chkAF'=>'N',
|
70 |
'chkxff'=>'N', // ????
|
71 |
'notify'=>'Y',
|
72 |
'chkspoof'=>'N', // ???
|
73 |
+
'filterregistrations'=>'Y' // filter registration attempts - even if not from post
|
74 |
);
|
75 |
$defaultARRAY=array(
|
76 |
'badagents'=>array(
|
428 |
'ss_sp_cache_em'=>4,
|
429 |
'redirurl'=>'',
|
430 |
'logfilesize'=>0,
|
431 |
+
'rejectmessage'=>"Access Denied<br/>"
|
|
|
432 |
);
|
433 |
+
$defaultCOUNTRY=array( // all yes - changed to no
|
434 |
'chkAD'=>'N',
|
435 |
'chkAE'=>'N',
|
436 |
'chkAF'=>'N',
|
classes/ss_log_bad.php
CHANGED
@@ -36,7 +36,7 @@ $blog=$blog_id;
|
|
36 |
//
|
37 |
$ss_sp_hist=$options['ss_sp_hist'];
|
38 |
while (count($hist)>$ss_sp_hist) array_shift($hist);
|
39 |
-
// if (!empty($pwd)) $author=$author.'/'.$pwd; // show bad
|
40 |
$hist[$now]=array($ip,$email,$author,$sname,$reason,$blog);
|
41 |
$stats['hist']=$hist;
|
42 |
if (array_key_exists('addon',$post)) {
|
36 |
//
|
37 |
$ss_sp_hist=$options['ss_sp_hist'];
|
38 |
while (count($hist)>$ss_sp_hist) array_shift($hist);
|
39 |
+
// if (!empty($pwd)) $author=$author.'/'.$pwd; // show bad passwords?
|
40 |
$hist[$now]=array($ip,$email,$author,$sname,$reason,$blog);
|
41 |
$stats['hist']=$hist;
|
42 |
if (array_key_exists('addon',$post)) {
|
css/admin.css
CHANGED
@@ -4,6 +4,8 @@
|
|
4 |
|
5 |
#ss-plugin textarea, #ss-plugin input[type="text"]{width:100%;max-width:500px}
|
6 |
|
|
|
|
|
7 |
#ss-plugin input[type="text"]{max-width:400px}
|
8 |
|
9 |
#ss-plugin fieldset{width:100%;padding:15px;border:1px solid #4aa863;margin:30px 0 0}
|
4 |
|
5 |
#ss-plugin textarea, #ss-plugin input[type="text"]{width:100%;max-width:500px}
|
6 |
|
7 |
+
#ss-plugin img{margin-right:5px}
|
8 |
+
|
9 |
#ss-plugin input[type="text"]{max-width:400px}
|
10 |
|
11 |
#ss-plugin fieldset{width:100%;padding:15px;border:1px solid #4aa863;margin:30px 0 0}
|
includes/ss-admin-options.php
CHANGED
@@ -235,7 +235,7 @@ if (substr($check,0,4)=="ERR:") {
|
|
235 |
echo "Access to the Stop Forum Spam Database shows errors\r\n";
|
236 |
echo "response was $check\r\n";
|
237 |
}
|
238 |
-
//
|
239 |
$n=strpos($check,'<response success="true">');
|
240 |
if ($n===false) {
|
241 |
echo "Access to the Stop Forum Spam Database is not working\r\n";
|
235 |
echo "Access to the Stop Forum Spam Database shows errors\r\n";
|
236 |
echo "response was $check\r\n";
|
237 |
}
|
238 |
+
// access to the Stop Forum Spam database is working
|
239 |
$n=strpos($check,'<response success="true">');
|
240 |
if ($n===false) {
|
241 |
echo "Access to the Stop Forum Spam Database is not working\r\n";
|
includes/stop-spam-utils.php
CHANGED
@@ -84,7 +84,7 @@ function sfs_ErrorHandler($errno, $errmsg, $filename, $linenum, $vars) {
|
|
84 |
// write the answers to the file
|
85 |
// we are only concerned with the errors and warnings, not the notices
|
86 |
// if ($errno==E_NOTICE || $errno==E_WARNING) return false;
|
87 |
-
// if ($errno==2048) return; //
|
88 |
$serrno="";
|
89 |
if (
|
90 |
(strpos($filename,'ss')===false)
|
84 |
// write the answers to the file
|
85 |
// we are only concerned with the errors and warnings, not the notices
|
86 |
// if ($errno==E_NOTICE || $errno==E_WARNING) return false;
|
87 |
+
// if ($errno==2048) return; // WordPress throws deprecated all over the place
|
88 |
$serrno="";
|
89 |
if (
|
90 |
(strpos($filename,'ss')===false)
|
modules/chkadmin.php
CHANGED
@@ -16,7 +16,7 @@ foreach($blogusers as $u) {
|
|
16 |
if ($u->user_login==$login) return false; // false alarm - really is a person admin
|
17 |
}
|
18 |
// this may cause problems when a legitimate new user wants to include the string admin in their username
|
19 |
-
return "Admin
|
20 |
}
|
21 |
}
|
22 |
?>
|
16 |
if ($u->user_login==$login) return false; // false alarm - really is a person admin
|
17 |
}
|
18 |
// this may cause problems when a legitimate new user wants to include the string admin in their username
|
19 |
+
return "Admin Login or Registration Attempt: $login";
|
20 |
}
|
21 |
}
|
22 |
?>
|
modules/chkbbcode.php
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
if (!defined('ABSPATH')) exit;
|
3 |
class chkbbcode { // change name
|
4 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
5 |
-
// searches for
|
6 |
-
// BBCodes
|
7 |
$bbcodes=array(
|
8 |
'[php','[url','[link','[img','[include','[script'
|
9 |
);
|
2 |
if (!defined('ABSPATH')) exit;
|
3 |
class chkbbcode { // change name
|
4 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
5 |
+
// searches for BBCodes in post data
|
6 |
+
// BBCodes is the tool of common spammers
|
7 |
$bbcodes=array(
|
8 |
'[php','[url','[link','[img','[include','[script'
|
9 |
);
|
modules/chkdisp.php
CHANGED
@@ -106,7 +106,7 @@ $disposables=array(
|
|
106 |
$emdomain=explode('@',$options['em']);
|
107 |
if (count($emdomain)==2&&in_array(strtolower($emdomain[1]),$disposables)) {
|
108 |
// the email is a disposable email address
|
109 |
-
// do you really want this guy
|
110 |
return 'Disposable em:'.$options['em'];
|
111 |
}
|
112 |
return false;
|
106 |
$emdomain=explode('@',$options['em']);
|
107 |
if (count($emdomain)==2&&in_array(strtolower($emdomain[1]),$disposables)) {
|
108 |
// the email is a disposable email address
|
109 |
+
// do you really want this guy?
|
110 |
return 'Disposable em:'.$options['em'];
|
111 |
}
|
112 |
return false;
|
modules/chkexploits.php
CHANGED
@@ -15,19 +15,19 @@ $req=urldecode($req);
|
|
15 |
if (stripos($req,'eval'.'(base64'.'_decode(')!==false) { // dotting the search to not kick off updates, etc.
|
16 |
if (strlen($req)>24) $req=substr($req,24);
|
17 |
$req=htmlentities($req);
|
18 |
-
return "
|
19 |
}
|
20 |
if (stripos($req,'document.write(string.fromcharcode')!==false) {
|
21 |
if (strlen($req)>24) $req=substr($req,24);
|
22 |
$req=htmlentities($req);
|
23 |
-
return "
|
24 |
}
|
25 |
// 'document.write(Stringfromcharcode'
|
26 |
// union all select - this is a common SQL injection string
|
27 |
if (stripos($req,'union all select')!==false) {
|
28 |
if (strlen($req)>24) $req=substr($req,24);
|
29 |
$req=htmlentities($req);
|
30 |
-
return "
|
31 |
}
|
32 |
}
|
33 |
return false;
|
15 |
if (stripos($req,'eval'.'(base64'.'_decode(')!==false) { // dotting the search to not kick off updates, etc.
|
16 |
if (strlen($req)>24) $req=substr($req,24);
|
17 |
$req=htmlentities($req);
|
18 |
+
return "Eval Attack $req";
|
19 |
}
|
20 |
if (stripos($req,'document.write(string.fromcharcode')!==false) {
|
21 |
if (strlen($req)>24) $req=substr($req,24);
|
22 |
$req=htmlentities($req);
|
23 |
+
return "Offset String Attack $req";
|
24 |
}
|
25 |
// 'document.write(Stringfromcharcode'
|
26 |
// union all select - this is a common SQL injection string
|
27 |
if (stripos($req,'union all select')!==false) {
|
28 |
if (strlen($req)>24) $req=substr($req,24);
|
29 |
$req=htmlentities($req);
|
30 |
+
return "SQL Inject Attack $req";
|
31 |
}
|
32 |
}
|
33 |
return false;
|
modules/chklong.php
CHANGED
@@ -7,7 +7,7 @@ if (array_key_exists('email',$post)) {
|
|
7 |
$email=$post['email'];
|
8 |
if (!empty($email)) {
|
9 |
if (strlen($email)>64) {
|
10 |
-
return "Email
|
11 |
}
|
12 |
}
|
13 |
}
|
@@ -15,7 +15,7 @@ if (array_key_exists('author',$post)) {
|
|
15 |
if (!empty($post['author'])) {
|
16 |
$author=$post['author'];
|
17 |
if (strlen($post['author'])>64) {
|
18 |
-
return "Author
|
19 |
}
|
20 |
}
|
21 |
}
|
@@ -23,7 +23,7 @@ if (array_key_exists('psw',$post)) {
|
|
23 |
if (!empty($post['psw'])) {
|
24 |
$psw=$post['psw'];
|
25 |
if (strlen($post['psw'])>32) {
|
26 |
-
return "Password
|
27 |
}
|
28 |
}
|
29 |
}
|
7 |
$email=$post['email'];
|
8 |
if (!empty($email)) {
|
9 |
if (strlen($email)>64) {
|
10 |
+
return "Email Too Long: $email";
|
11 |
}
|
12 |
}
|
13 |
}
|
15 |
if (!empty($post['author'])) {
|
16 |
$author=$post['author'];
|
17 |
if (strlen($post['author'])>64) {
|
18 |
+
return "Author Too Long: $author";
|
19 |
}
|
20 |
}
|
21 |
}
|
23 |
if (!empty($post['psw'])) {
|
24 |
$psw=$post['psw'];
|
25 |
if (strlen($post['psw'])>32) {
|
26 |
+
return "Password Too Long: $psw";
|
27 |
}
|
28 |
}
|
29 |
}
|
modules/chkmulti.php
CHANGED
@@ -33,7 +33,7 @@ $row[1]++;
|
|
33 |
$multi[$ip]=$row;
|
34 |
$stats['multi']=$multi;
|
35 |
ss_set_stats($stats);
|
36 |
-
if ($row[1]>=$multicnt) return "$row[1] Hits
|
37 |
return false;
|
38 |
}
|
39 |
}
|
33 |
$multi[$ip]=$row;
|
34 |
$stats['multi']=$multi;
|
35 |
ss_set_stats($stats);
|
36 |
+
if ($row[1]>=$multicnt) return "$row[1] Hits in last 3 minutes";
|
37 |
return false;
|
38 |
}
|
39 |
}
|
modules/chkscripts.php
CHANGED
@@ -1,7 +1,7 @@
|
|
1 |
<?php
|
2 |
if (!defined('ABSPATH')) exit;
|
3 |
class chkscripts extends be_module {
|
4 |
-
// some scripts need to be Allow Listed - so far wp_cron.php, but maybe some others -
|
5 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
6 |
$sname=$this->getSname();
|
7 |
if(strpos($sname,'wp-cron.php')!==false) return "allow wp-cron";
|
1 |
<?php
|
2 |
if (!defined('ABSPATH')) exit;
|
3 |
class chkscripts extends be_module {
|
4 |
+
// some scripts need to be Allow Listed - so far wp_cron.php, but maybe some others - AJAX?
|
5 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
6 |
$sname=$this->getSname();
|
7 |
if(strpos($sname,'wp-cron.php')!==false) return "allow wp-cron";
|
modules/chksession.php
CHANGED
@@ -24,7 +24,7 @@ $sname=$sname;
|
|
24 |
} else if (array_key_exists("PHP_SELF",$_SERVER)) {
|
25 |
$sname=substr($_SERVER['PHP_SELF'],1 );
|
26 |
}
|
27 |
-
//echo "Testing
|
28 |
if (empty($sname)) return false;
|
29 |
$sesstime=2; // nobody can do it in 3 seconds
|
30 |
if (!defined("WP_CACHE")||(!WP_CACHE)) {
|
24 |
} else if (array_key_exists("PHP_SELF",$_SERVER)) {
|
25 |
$sname=substr($_SERVER['PHP_SELF'],1 );
|
26 |
}
|
27 |
+
// echo "Testing Session '$sname'<br />";
|
28 |
if (empty($sname)) return false;
|
29 |
$sesstime=2; // nobody can do it in 3 seconds
|
30 |
if (!defined("WP_CACHE")||(!WP_CACHE)) {
|
modules/chkspamwords.php
CHANGED
@@ -10,7 +10,7 @@ foreach($post as $key=>$data) {
|
|
10 |
if (!empty($data)) {
|
11 |
foreach($spamwords as $sw) {
|
12 |
if (stripos($data,$sw)!==false) {
|
13 |
-
return "Spam
|
14 |
}
|
15 |
}
|
16 |
}
|
10 |
if (!empty($data)) {
|
11 |
foreach($spamwords as $sw) {
|
12 |
if (stripos($data,$sw)!==false) {
|
13 |
+
return "Spam Word: $sw in $key";
|
14 |
}
|
15 |
}
|
16 |
}
|
modules/chkvalidip.php
CHANGED
@@ -26,7 +26,7 @@ foreach($priv as $ips) {
|
|
26 |
if ($ip2>=$ips[0] && $ip2<=$ips[1]) return 'Local IP Address:'.$ip;
|
27 |
if ($ip2<$ips[1]) break; // sorted so we can bail
|
28 |
}
|
29 |
-
// use the experimental check fake
|
30 |
// doesn't work on older PHPs or some servers without IPv6 support enables
|
31 |
/*
|
32 |
try {
|
@@ -47,7 +47,7 @@ if ($ip==$lip) return 'IP same as server:'.$ip;
|
|
47 |
} else if (array_key_exists('LOCAL_ADDR',$_SERVER)) { // IIS 7?
|
48 |
$lip=$_SERVER["LOCAL_ADDR"];
|
49 |
if ($ip==$lip) return 'IP same as server:'.$ip;
|
50 |
-
} else { // IIS 6 no server address use a gethost by name?
|
51 |
try {
|
52 |
$lip=@gethostbyname($_SERVER['SERVER_NAME']);
|
53 |
if ($ip==$lip) return 'IP same as server:'.$ip;
|
26 |
if ($ip2>=$ips[0] && $ip2<=$ips[1]) return 'Local IP Address:'.$ip;
|
27 |
if ($ip2<$ips[1]) break; // sorted so we can bail
|
28 |
}
|
29 |
+
// use the experimental check fake IP routine
|
30 |
// doesn't work on older PHPs or some servers without IPv6 support enables
|
31 |
/*
|
32 |
try {
|
47 |
} else if (array_key_exists('LOCAL_ADDR',$_SERVER)) { // IIS 7?
|
48 |
$lip=$_SERVER["LOCAL_ADDR"];
|
49 |
if ($ip==$lip) return 'IP same as server:'.$ip;
|
50 |
+
} else { // IIS 6 no server address use a gethost by name? hope we never get here
|
51 |
try {
|
52 |
$lip=@gethostbyname($_SERVER['SERVER_NAME']);
|
53 |
if ($ip==$lip) return 'IP same as server:'.$ip;
|
modules/chkwlist.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
if (!defined('ABSPATH')) exit;
|
3 |
class chkwlist extends be_module { // change name
|
4 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
5 |
-
// checks the
|
6 |
$this->searchname='Allow List IP';
|
7 |
$gcache=$options['wlist'];
|
8 |
return $this->searchList($ip,$gcache);
|
2 |
if (!defined('ABSPATH')) exit;
|
3 |
class chkwlist extends be_module { // change name
|
4 |
public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
|
5 |
+
// checks the IP from params which has the cache in it
|
6 |
$this->searchname='Allow List IP';
|
7 |
$gcache=$options['wlist'];
|
8 |
return $this->searchList($ip,$gcache);
|
readme.txt
CHANGED
@@ -1,6 +1,7 @@
|
|
1 |
=== Stop Spammers ===
|
2 |
|
3 |
-
Contributors: Keith Graham
|
|
|
4 |
Tags: spam, antispam, anti-spam, spam blocker, block spam, signup spam, comment spam, spam filter, registration spam, spammer, spammers, spamming, xss, malware, virus, captcha, comment, comments, contact, contact form, contact forms, form, forms, login, multisite, protection, register, registration, security, signup, trackback, trackbacks, user registration spam, widget
|
5 |
Tested up to: 4.7.4
|
6 |
Stable tag: trunk
|
@@ -10,13 +11,17 @@ Aggressive anti-spam plugin that eliminates comment spam, trackback spam, contac
|
|
10 |
|
11 |
== Description ==
|
12 |
|
13 |
-
Stop Spammers is an aggressive website
|
14 |
|
15 |
Stop Spammers uses multiple methods for detecting spam and may be too aggressive for some websites.
|
16 |
|
17 |
-
In cases where spam is detected, users are offered a second chance to post their comments or login. Denied requests are presented with a CAPTCHA screen in order to prevent users from being blocked. The CAPTCHA can be configured as OpenCaptcha, Google
|
18 |
|
19 |
-
Created and maintained by Keith P. Graham (
|
|
|
|
|
|
|
|
|
20 |
|
21 |
== Installation ==
|
22 |
|
@@ -31,6 +36,13 @@ OR
|
|
31 |
|
32 |
== Changelog ==
|
33 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
34 |
= 7.0.1 =
|
35 |
* continued general cleanup
|
36 |
* continued design improvements
|
1 |
=== Stop Spammers ===
|
2 |
|
3 |
+
Contributors: bhadaway, Keith Graham
|
4 |
+
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DTRTUYSPKJN8N
|
5 |
Tags: spam, antispam, anti-spam, spam blocker, block spam, signup spam, comment spam, spam filter, registration spam, spammer, spammers, spamming, xss, malware, virus, captcha, comment, comments, contact, contact form, contact forms, form, forms, login, multisite, protection, register, registration, security, signup, trackback, trackbacks, user registration spam, widget
|
6 |
Tested up to: 4.7.4
|
7 |
Stable tag: trunk
|
11 |
|
12 |
== Description ==
|
13 |
|
14 |
+
Stop Spammers is an aggressive website defence against comment spam and login attempts. It is capable of performing more than 20 different checks for spam and malicious events and can block spam from over 100 different countries.
|
15 |
|
16 |
Stop Spammers uses multiple methods for detecting spam and may be too aggressive for some websites.
|
17 |
|
18 |
+
In cases where spam is detected, users are offered a second chance to post their comments or login. Denied requests are presented with a CAPTCHA screen in order to prevent users from being blocked. The CAPTCHA can be configured as OpenCaptcha, Google reCAPTCHA or SolveMedia CAPTCHA. The CAPTCHA will only appear when a user is denied access as a spammer.
|
19 |
|
20 |
+
*Created with a lot of hard work and maintained by Keith P. Graham (from 2010-2017). Thank you Keith.*
|
21 |
+
|
22 |
+
*Maintained (because I love this plugin and want to keep it alive) by Bryan Hadaway (since 2017).*
|
23 |
+
|
24 |
+
***If you also love this plugin and want to see it live on, you can help me maintain it [on GitHub](https://github.com/bhadaway/stop-spammers).***
|
25 |
|
26 |
== Installation ==
|
27 |
|
36 |
|
37 |
== Changelog ==
|
38 |
|
39 |
+
= 7.0.2 =
|
40 |
+
* continued general cleanup
|
41 |
+
* continued design improvements
|
42 |
+
* reorganized menu
|
43 |
+
* reintroduced beta features
|
44 |
+
* removed add-ons
|
45 |
+
|
46 |
= 7.0.1 =
|
47 |
* continued general cleanup
|
48 |
* continued design improvements
|
settings/settings.php
CHANGED
@@ -13,7 +13,7 @@ add_menu_page(
|
|
13 |
'ss_summary', // $function
|
14 |
$iconpng, // $icon_url,
|
15 |
78.92 // $position
|
16 |
-
);
|
17 |
if (class_exists('Jetpack') && Jetpack::is_module_active('protect')) {
|
18 |
return;
|
19 |
}
|
@@ -24,41 +24,7 @@ add_submenu_page(
|
|
24 |
'manage_options', // $capability,
|
25 |
'stop_spammers', // $menu_slug,
|
26 |
'ss_summary' // $function
|
27 |
-
);
|
28 |
-
add_submenu_page(
|
29 |
-
'stop_spammers', // plugins parent
|
30 |
-
"Allow Requests — Stop Spammers", // $page_title,
|
31 |
-
"Allow Requests", // $menu_title,
|
32 |
-
'manage_options', // $capability,
|
33 |
-
'ss_allowrequests', // $menu_slug,
|
34 |
-
'ss_allowreq' // $function
|
35 |
-
);
|
36 |
-
add_submenu_page(
|
37 |
-
'stop_spammers', // plugins parent
|
38 |
-
"Log Report — Stop Spammers", // $page_title,
|
39 |
-
'Log Report', // $menu_title,
|
40 |
-
'manage_options', // $capability,
|
41 |
-
'ss_reports', // $menu_slug,
|
42 |
-
'ss_reports' // function
|
43 |
-
);
|
44 |
-
add_submenu_page(
|
45 |
-
'stop_spammers', // plugins parent
|
46 |
-
"Cache — Stop Spammers", // $page_title,
|
47 |
-
'Cache', // $menu_title,
|
48 |
-
'manage_options', // $capability,
|
49 |
-
'ss_cache', // $menu_slug,
|
50 |
-
'ss_cache' // function
|
51 |
-
);
|
52 |
-
if (function_exists('is_multisite') && is_multisite()) {
|
53 |
-
add_submenu_page(
|
54 |
-
'stop_spammers', // plugins parent
|
55 |
-
"Multisite — Stop Spammers", // $page_title,
|
56 |
-
'Network', // $menu_title,
|
57 |
-
'manage_options', // $capability,
|
58 |
-
'ss_network', // $menu_slug,
|
59 |
-
'ss_network'
|
60 |
-
);
|
61 |
-
}
|
62 |
add_submenu_page(
|
63 |
'stop_spammers', // plugins parent
|
64 |
"Protection Options — Stop Spammers", // $page_title,
|
@@ -66,7 +32,7 @@ add_submenu_page(
|
|
66 |
'manage_options', // $capability,
|
67 |
'ss_options', // $menu_slug,
|
68 |
'ss_options' // function
|
69 |
-
);
|
70 |
add_submenu_page(
|
71 |
'stop_spammers', // plugins parent
|
72 |
"Allow Lists — Stop Spammers", // $page_title,
|
@@ -74,7 +40,7 @@ add_submenu_page(
|
|
74 |
'manage_options', // $capability,
|
75 |
'ss_allow_list', // $menu_slug,
|
76 |
'ss_allowlist_settings' // function
|
77 |
-
);
|
78 |
add_submenu_page(
|
79 |
'stop_spammers', // plugins parent
|
80 |
"Block Lists — Stop Spammers", // $page_title,
|
@@ -82,7 +48,23 @@ add_submenu_page(
|
|
82 |
'manage_options', // $capability,
|
83 |
'ss_deny_list', // $menu_slug,
|
84 |
'ss_denylist_settings' // function
|
85 |
-
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
86 |
add_submenu_page(
|
87 |
'stop_spammers', // plugins parent
|
88 |
"Web Services — Stop Spammers", // $page_title,
|
@@ -90,52 +72,58 @@ add_submenu_page(
|
|
90 |
'manage_options', // $capability,
|
91 |
'ss_webservices_settings', // $menu_slug,
|
92 |
'ss_webservices_settings'
|
93 |
-
);
|
94 |
add_submenu_page(
|
95 |
'stop_spammers', // plugins parent
|
96 |
-
"
|
97 |
-
'
|
98 |
'manage_options', // $capability,
|
99 |
-
'
|
100 |
-
'
|
101 |
-
);
|
102 |
-
/*
|
103 |
add_submenu_page(
|
104 |
'stop_spammers', // plugins parent
|
105 |
-
"
|
106 |
-
'
|
107 |
'manage_options', // $capability,
|
108 |
-
'
|
109 |
-
'
|
110 |
-
);
|
111 |
-
*/
|
112 |
-
/*
|
113 |
add_submenu_page(
|
114 |
'stop_spammers', // plugins parent
|
115 |
-
"
|
116 |
-
'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
'manage_options', // $capability,
|
118 |
'ss_option_maint', // $menu_slug,
|
119 |
'ss_option_maint' // function
|
120 |
-
);
|
121 |
-
*/
|
122 |
add_submenu_page(
|
123 |
'stop_spammers', // plugins parent
|
124 |
-
"
|
125 |
-
'
|
126 |
'manage_options', // $capability,
|
127 |
-
'
|
128 |
-
'
|
129 |
);
|
|
|
130 |
add_submenu_page(
|
131 |
'stop_spammers', // plugins parent
|
132 |
-
"
|
133 |
-
'
|
134 |
'manage_options', // $capability,
|
135 |
-
'
|
136 |
-
'
|
137 |
);
|
138 |
}
|
|
|
139 |
function ss_summary() {
|
140 |
include_setting("ss_summary.php");
|
141 |
}
|
@@ -181,9 +169,6 @@ include_setting("ss_contribute.php");
|
|
181 |
function ss_diagnostics() {
|
182 |
include_setting("ss_diagnostics.php");
|
183 |
}
|
184 |
-
function ss_addons() {
|
185 |
-
include_setting("ss_addons.php");
|
186 |
-
}
|
187 |
function ss_allowreq() {
|
188 |
include_setting("ss_allowreq.php");
|
189 |
}
|
13 |
'ss_summary', // $function
|
14 |
$iconpng, // $icon_url,
|
15 |
78.92 // $position
|
16 |
+
);
|
17 |
if (class_exists('Jetpack') && Jetpack::is_module_active('protect')) {
|
18 |
return;
|
19 |
}
|
24 |
'manage_options', // $capability,
|
25 |
'stop_spammers', // $menu_slug,
|
26 |
'ss_summary' // $function
|
27 |
+
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
28 |
add_submenu_page(
|
29 |
'stop_spammers', // plugins parent
|
30 |
"Protection Options — Stop Spammers", // $page_title,
|
32 |
'manage_options', // $capability,
|
33 |
'ss_options', // $menu_slug,
|
34 |
'ss_options' // function
|
35 |
+
);
|
36 |
add_submenu_page(
|
37 |
'stop_spammers', // plugins parent
|
38 |
"Allow Lists — Stop Spammers", // $page_title,
|
40 |
'manage_options', // $capability,
|
41 |
'ss_allow_list', // $menu_slug,
|
42 |
'ss_allowlist_settings' // function
|
43 |
+
);
|
44 |
add_submenu_page(
|
45 |
'stop_spammers', // plugins parent
|
46 |
"Block Lists — Stop Spammers", // $page_title,
|
48 |
'manage_options', // $capability,
|
49 |
'ss_deny_list', // $menu_slug,
|
50 |
'ss_denylist_settings' // function
|
51 |
+
);
|
52 |
+
add_submenu_page(
|
53 |
+
'stop_spammers', // plugins parent
|
54 |
+
"Challenge and Deny — Stop Spammers", // $page_title,
|
55 |
+
'Challenge & Deny', // $menu_title,
|
56 |
+
'manage_options', // $capability,
|
57 |
+
'ss_challenge', // $menu_slug,
|
58 |
+
'ss_challenges' // function
|
59 |
+
);
|
60 |
+
add_submenu_page(
|
61 |
+
'stop_spammers', // plugins parent
|
62 |
+
"Allow Requests — Stop Spammers", // $page_title,
|
63 |
+
"Allow Requests", // $menu_title,
|
64 |
+
'manage_options', // $capability,
|
65 |
+
'ss_allowrequests', // $menu_slug,
|
66 |
+
'ss_allowreq' // $function
|
67 |
+
);
|
68 |
add_submenu_page(
|
69 |
'stop_spammers', // plugins parent
|
70 |
"Web Services — Stop Spammers", // $page_title,
|
72 |
'manage_options', // $capability,
|
73 |
'ss_webservices_settings', // $menu_slug,
|
74 |
'ss_webservices_settings'
|
75 |
+
);
|
76 |
add_submenu_page(
|
77 |
'stop_spammers', // plugins parent
|
78 |
+
"Cache — Stop Spammers", // $page_title,
|
79 |
+
'Cache', // $menu_title,
|
80 |
'manage_options', // $capability,
|
81 |
+
'ss_cache', // $menu_slug,
|
82 |
+
'ss_cache' // function
|
83 |
+
);
|
|
|
84 |
add_submenu_page(
|
85 |
'stop_spammers', // plugins parent
|
86 |
+
"Log Report — Stop Spammers", // $page_title,
|
87 |
+
'Log Report', // $menu_title,
|
88 |
'manage_options', // $capability,
|
89 |
+
'ss_reports', // $menu_slug,
|
90 |
+
'ss_reports' // function
|
91 |
+
);
|
|
|
|
|
92 |
add_submenu_page(
|
93 |
'stop_spammers', // plugins parent
|
94 |
+
"Diagnostics — Stop Spammers", // $page_title,
|
95 |
+
'Diagnostics', // $menu_title,
|
96 |
+
'manage_options', // $capability,
|
97 |
+
'ss_diagnostics', // $menu_slug,
|
98 |
+
'ss_diagnostics' // function
|
99 |
+
);
|
100 |
+
add_submenu_page(
|
101 |
+
'stop_spammers', // plugins parent
|
102 |
+
"Beta: DB Cleanup — Stop Spammers", // $page_title,
|
103 |
+
'Beta: DB Cleanup', // $menu_title,
|
104 |
'manage_options', // $capability,
|
105 |
'ss_option_maint', // $menu_slug,
|
106 |
'ss_option_maint' // function
|
107 |
+
);
|
|
|
108 |
add_submenu_page(
|
109 |
'stop_spammers', // plugins parent
|
110 |
+
"Beta: Threat Scan — Stop Spammers", // $page_title,
|
111 |
+
'Beta: Threat Scan', // $menu_title,
|
112 |
'manage_options', // $capability,
|
113 |
+
'ss_threat_scan', // $menu_slug,
|
114 |
+
'ss_threat_scan' // function
|
115 |
);
|
116 |
+
if (function_exists('is_multisite') && is_multisite()) {
|
117 |
add_submenu_page(
|
118 |
'stop_spammers', // plugins parent
|
119 |
+
"Multisite — Stop Spammers", // $page_title,
|
120 |
+
'Network', // $menu_title,
|
121 |
'manage_options', // $capability,
|
122 |
+
'ss_network', // $menu_slug,
|
123 |
+
'ss_network'
|
124 |
);
|
125 |
}
|
126 |
+
}
|
127 |
function ss_summary() {
|
128 |
include_setting("ss_summary.php");
|
129 |
}
|
169 |
function ss_diagnostics() {
|
170 |
include_setting("ss_diagnostics.php");
|
171 |
}
|
|
|
|
|
|
|
172 |
function ss_allowreq() {
|
173 |
include_setting("ss_allowreq.php");
|
174 |
}
|
settings/ss_addons.php
DELETED
@@ -1,94 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
if (!defined('ABSPATH')) exit; // just in case
|
3 |
-
if (!current_user_can('manage_options')) {
|
4 |
-
die('Access Denied');
|
5 |
-
}
|
6 |
-
ss_fix_post_vars();
|
7 |
-
$updateable=array("beta-updater","RedHerring","multicheck","LogReport","TorList","SFSToxicList");
|
8 |
-
if (array_key_exists("ss_nonce",$_POST)&&wp_verify_nonce($_POST['ss_nonce'],'ss') ) {
|
9 |
-
if (!function_exists('ss_install_update')) { // adding update function to main plugin?
|
10 |
-
include("ss_install_update.php");
|
11 |
-
}
|
12 |
-
// go through the possible updates
|
13 |
-
foreach($updateable as $key) {
|
14 |
-
if (array_key_exists($key,$_POST)) {
|
15 |
-
ss_install_update($key);
|
16 |
-
break;
|
17 |
-
}
|
18 |
-
}
|
19 |
-
}
|
20 |
-
?>
|
21 |
-
<div id="ss-plugin" class="wrap">
|
22 |
-
<h1>Stop Spammers — Add-ons</h1>
|
23 |
-
<p>These add-ons will soon come packaged with Stop Spammers, but disabled by default.</p>
|
24 |
-
<form method="post" action="#">
|
25 |
-
<?php wp_nonce_field( 'ss', 'ss_nonce' ) ?>
|
26 |
-
<table width="80%" align="center" bgcolor="#d0d0d0" cellspacing="2px">
|
27 |
-
<tr bgcolor="#f0f0f0">
|
28 |
-
<td>Beta Updater</td>
|
29 |
-
<td><input type="submit" name="beta-updater" value="Install/Update Beta Updater" class="button-primary" /></td>
|
30 |
-
<td>Update Stop Spammers from the beta version. The plugin goes through frequent changes. I update the WordPress repository infrequently. The latest stable version is always available for download.<br />
|
31 |
-
Install the add-on so that you can update Stop Spammers whenever you like.
|
32 |
-
<p>
|
33 |
-
This allows your to update Stop Spammers directly from my website.
|
34 |
-
</p></td>
|
35 |
-
</tr>
|
36 |
-
<tr bgcolor="#f0f0f0">
|
37 |
-
<td>Red Herring</td>
|
38 |
-
<td><input type="submit" name="RedHerring" value="Install/Update Red Herring" class="button-primary" /></td>
|
39 |
-
<td>The Red Herring plugin places a dummy form on your web pages. Spammers see the Red Herring Form and try to leave spam, login or register using the dummy form. Their request is ignored by WordPress and their IP address is added to the bad cache so they will be blocked in the future.<br />
|
40 |
-
This is an effective way to stop spam.</td>
|
41 |
-
</tr>
|
42 |
-
<tr bgcolor="#f0f0f0">
|
43 |
-
<td>Check system.multicall</td>
|
44 |
-
<td><input type="submit" name="multicheck" value="Install/Update system.multicall checker" class="button-primary" /></td>
|
45 |
-
<td>Spammers use the system.multicall option of xmlrpc.php to check thousands of login ids and passwords at a time. This protects against this.</td>
|
46 |
-
</tr>
|
47 |
-
<tr bgcolor="#f0f0f0">
|
48 |
-
<td>Log Reporter</td>
|
49 |
-
<td><input type="submit" name="LogReport" value="Install/Update Log Reporter" class="button-primary" /></td>
|
50 |
-
<td>Saves spammers in a CVS file and provides a download link in Excel format. Useful for seeing all log events and not just the last few.</td>
|
51 |
-
</tr>
|
52 |
-
<tr bgcolor="#f0f0f0">
|
53 |
-
<td>Tor Check</td>
|
54 |
-
<td><input type="submit" name="TorList" value="Install/Update Tor List Checker" class="button-primary" /></td>
|
55 |
-
<td>Check users IP against a list of Tor exit nodes. Rejects comments and login attempts from users coming from Tor.</td>
|
56 |
-
</tr>
|
57 |
-
<tr bgcolor="#f0f0f0">
|
58 |
-
<td>SFS Toxic List</td>
|
59 |
-
<td><input type="submit" name="SFSToxicList" value="Install/Update SFS Toxic List" class="button-primary" /></td>
|
60 |
-
<td>Stop Forum Spam keeps a master list of toxic IP addesses. These can be downloaded once a day and Stop Spammers will use the list to check for spam. This will let you check for spammers before hitting the SFS site.</td>
|
61 |
-
</tr>
|
62 |
-
</table>
|
63 |
-
</form>
|
64 |
-
<hr />
|
65 |
-
<?php
|
66 |
-
// get a list of all the addons using the filter
|
67 |
-
$addons=array();
|
68 |
-
$a1=apply_filters('ss_addons_allow',$addons);
|
69 |
-
$a3=apply_filters('ss_addons_deny',$addons);
|
70 |
-
$a5=apply_filters('ss_addons_get',$addons);
|
71 |
-
$addons=array_merge($a1,$a3,$a5);
|
72 |
-
if (empty($addons)) {
|
73 |
-
echo "<p>No add-ons installed.</p>";
|
74 |
-
} else {
|
75 |
-
?>
|
76 |
-
<fieldset>
|
77 |
-
<legend><span style="font-weight:bold;font-size:1.2em">Installed Addons</span></legend>
|
78 |
-
<ol>
|
79 |
-
<?php
|
80 |
-
foreach($addons as $add) {
|
81 |
-
$ad0=$add[0];
|
82 |
-
$ad1=$add[1];
|
83 |
-
$ad2=$add[2];
|
84 |
-
$ad3=$add[3];
|
85 |
-
$reason=be_load($add,$ad1);
|
86 |
-
echo "<li>$ad1: by $ad2, $ad3</li>";
|
87 |
-
}
|
88 |
-
?>
|
89 |
-
</ol>
|
90 |
-
</fieldset>
|
91 |
-
<?php
|
92 |
-
}
|
93 |
-
?>
|
94 |
-
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
settings/ss_allowlist_settings.php
CHANGED
@@ -7,7 +7,7 @@ ss_fix_post_vars();
|
|
7 |
$now=date('Y/m/d H:i:s',time() + ( get_option( 'gmt_offset' ) * 3600 ));
|
8 |
$options=ss_get_options();
|
9 |
extract($options);
|
10 |
-
$chkcloudflare='Y'; // force back to on - always fix
|
11 |
$nonce='';
|
12 |
if (array_key_exists('ss_stop_spammers_control',$_POST)) $nonce=$_POST['ss_stop_spammers_control'];
|
13 |
if (!empty($nonce) && wp_verify_nonce($nonce,'ss_stopspam_update')) {
|
7 |
$now=date('Y/m/d H:i:s',time() + ( get_option( 'gmt_offset' ) * 3600 ));
|
8 |
$options=ss_get_options();
|
9 |
extract($options);
|
10 |
+
$chkcloudflare='Y'; // force back to on - always fix Cloudflare if the plugin is not present and Cloudflare detected
|
11 |
$nonce='';
|
12 |
if (array_key_exists('ss_stop_spammers_control',$_POST)) $nonce=$_POST['ss_stop_spammers_control'];
|
13 |
if (!empty($nonce) && wp_verify_nonce($nonce,'ss_stopspam_update')) {
|
settings/ss_cache.php
CHANGED
@@ -87,7 +87,7 @@ Good Cache Size:
|
|
87 |
<p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
|
88 |
</form>
|
89 |
<?php
|
90 |
-
if (count($badips)==0&&count($goodips)==0) echo "Nothing in the cache";
|
91 |
else {
|
92 |
?>
|
93 |
<h2>Cached Values</h2>
|
87 |
<p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
|
88 |
</form>
|
89 |
<?php
|
90 |
+
if (count($badips)==0&&count($goodips)==0) echo "Nothing in the cache.";
|
91 |
else {
|
92 |
?>
|
93 |
<h2>Cached Values</h2>
|
settings/ss_network.php
CHANGED
@@ -33,7 +33,7 @@ $nonce=wp_create_nonce('ss_stopspam_update');
|
|
33 |
<fieldset>
|
34 |
<legend><span style="font-weight:bold;font-size:1.2em">Network Blog Option</span></legend>
|
35 |
<p>Networked ON: <input name="muswitch" type="radio" value='Y' <?php if ($muswitch=='Y') echo "checked=\"true\""; ?> /><br />
|
36 |
-
Networked OFF
|
37 |
If you are running WPMU and want to control options and history through the main login admin panel, select ON. If you select OFF, each blog will have to configure the plugin separately, and each blog will have a separte history.</p>
|
38 |
<p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
|
39 |
</fieldset>
|
33 |
<fieldset>
|
34 |
<legend><span style="font-weight:bold;font-size:1.2em">Network Blog Option</span></legend>
|
35 |
<p>Networked ON: <input name="muswitch" type="radio" value='Y' <?php if ($muswitch=='Y') echo "checked=\"true\""; ?> /><br />
|
36 |
+
Networked OFF: <input name="muswitch" type="radio" value='N' <?php if ($muswitch!='Y') echo "checked=\"true\""; ?> /><br />
|
37 |
If you are running WPMU and want to control options and history through the main login admin panel, select ON. If you select OFF, each blog will have to configure the plugin separately, and each blog will have a separte history.</p>
|
38 |
<p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
|
39 |
</fieldset>
|
settings/ss_option_maint.php
CHANGED
@@ -7,7 +7,8 @@ die('Access Denied');
|
|
7 |
ss_fix_post_vars();
|
8 |
?>
|
9 |
<div id="ss-plugin" class="wrap">
|
10 |
-
<h1>Stop Spammers —
|
|
|
11 |
<p>Plugins often don't clean up their mess when they are uninstalled. Some malicious themes and plugins use WordPress options to store some information.</p>
|
12 |
<p>This function allows you inspect and delete orphan or suspicious options and to change plugin options so that they don´t autoload. </p>
|
13 |
<p>In WordPress, some options are loaded whenever WordPress loads a page. These are marked as autoload options. This is done to speed up WordPress and prevent the programs from hitting the database every time some plugin needs to look up an option. Automatic loading of options at startup makes WordPress fast, but it can also use up memory for options that will seldom or never be used.</p>
|
7 |
ss_fix_post_vars();
|
8 |
?>
|
9 |
<div id="ss-plugin" class="wrap">
|
10 |
+
<h1>Stop Spammers — DB Cleanup</h1>
|
11 |
+
<p class="notice notice-warning">This feature is to be considered experimental. Use with caution and at your own risk.</p>
|
12 |
<p>Plugins often don't clean up their mess when they are uninstalled. Some malicious themes and plugins use WordPress options to store some information.</p>
|
13 |
<p>This function allows you inspect and delete orphan or suspicious options and to change plugin options so that they don´t autoload. </p>
|
14 |
<p>In WordPress, some options are loaded whenever WordPress loads a page. These are marked as autoload options. This is done to speed up WordPress and prevent the programs from hitting the database every time some plugin needs to look up an option. Automatic loading of options at startup makes WordPress fast, but it can also use up memory for options that will seldom or never be used.</p>
|
settings/ss_summary.php
CHANGED
@@ -4,8 +4,8 @@ if (!current_user_can('manage_options')) {
|
|
4 |
die('Access Denied');
|
5 |
}
|
6 |
if ( class_exists( 'Jetpack' ) && Jetpack::is_module_active( 'protect' ) ) {
|
7 |
-
echo "<div>
|
8 |
-
Please turn off
|
9 |
return;
|
10 |
}
|
11 |
ss_fix_post_vars();
|
@@ -213,7 +213,7 @@ $stats[$v1]=0;
|
|
213 |
}
|
214 |
$addonstats=array();
|
215 |
$stats['addonstats']=$addonstats;
|
216 |
-
$msg='<
|
217 |
ss_set_stats($stats);
|
218 |
extract($stats); // extract again to get the new options
|
219 |
}
|
@@ -228,7 +228,7 @@ $nonce=wp_create_nonce('ss_stopspam_update');
|
|
228 |
?>
|
229 |
<div id="ss-plugin" class="wrap">
|
230 |
<h1>Stop Spammers — Summary</h1>
|
231 |
-
<p>Version <?php echo SS_VERSION
|
232 |
<?php
|
233 |
if (!empty($msg)) echo "<h2>$msg</h2>";
|
234 |
$current_user_name=wp_get_current_user()->user_login;
|
@@ -344,19 +344,25 @@ $sname=$_SERVER["SCRIPT_NAME"];
|
|
344 |
}
|
345 |
if (strpos($sname,'?')!==false) $sname=substr($sname,0,strpos($sname,'?'));
|
346 |
?>
|
347 |
-
<h2>Support</h2>
|
348 |
-
<p>Please post all issues, bugs, questions, suggestions, requests, and complaints <a href="https://github.com/bhadaway/stop-spammers/issues" target="_blank">on GitHub</a>. Thank you.</p>
|
349 |
<h2>Plugin Options</h2>
|
350 |
-
<
|
351 |
<li><a href="?page=stop_spammers">Summary</a>: This checks to see if there may be problems from your current incoming IP address and displays a summary of events.</li>
|
352 |
-
<li><a href="?page=ss_allowrequests">Allow Requests</a>: Displays users who were denied and filled out the form requesting access to your site.</li>
|
353 |
-
<li><a href="?page=ss_reports">Log Report</a>: Shows details of the most recent events detected by Stop Spammers.</li>
|
354 |
-
<li><a href="?page=ss_cache">Cache</a>: Shows the cache of recently detected events.</li>
|
355 |
<li><a href="?page=ss_options">Protection Options</a>: This has all the options for checking for spam and logins. You can also block whole countries.</li>
|
356 |
<li><a href="?page=ss_allow_list">Allow Lists</a>: Here you can set up your Allow List to allow IP addresses to login and leave comments on your site, without being checked for spam. It also sets up the options which you can use to allow certain kinds of users into your site, even though they may trigger spam detection.</li>
|
357 |
<li><a href="?page=ss_deny_list">Block Lists</a>: This is where you set up your Deny List for IPs and email. It also allows you to enter spam words and phrases that trigger spam.</li>
|
|
|
|
|
358 |
<li><a href="?page=ss_webservices_settings">Web Services</a>: This is where you enter the API keys for StopForumSpam.com and other web checking services. You don't need to have these set for the plugin to work, but if you do, you will have better protection and the ability to report spam.</li>
|
359 |
-
<li><a href="?page=
|
|
|
360 |
<li><a href="?page=ss_diagnostics">Diagnostics</a>: You can use this to test an IP, email or, comment against all of the options. This can tell you more about why an IP address might fail. It will also show you any options that might crash the plugin on your site due to system settings.</li>
|
361 |
-
</
|
|
|
|
|
|
|
|
|
|
|
|
|
362 |
</div>
|
4 |
die('Access Denied');
|
5 |
}
|
6 |
if ( class_exists( 'Jetpack' ) && Jetpack::is_module_active( 'protect' ) ) {
|
7 |
+
echo "<div>Jetpack Protect has been detected. Stop Spammers has disabled itself.<br />
|
8 |
+
Please turn off Jetpack Protect or uninstall Stop Spammers.</div>";
|
9 |
return;
|
10 |
}
|
11 |
ss_fix_post_vars();
|
213 |
}
|
214 |
$addonstats=array();
|
215 |
$stats['addonstats']=$addonstats;
|
216 |
+
$msg='<p class="notice notice-success">Summary Cleared</p>';
|
217 |
ss_set_stats($stats);
|
218 |
extract($stats); // extract again to get the new options
|
219 |
}
|
228 |
?>
|
229 |
<div id="ss-plugin" class="wrap">
|
230 |
<h1>Stop Spammers — Summary</h1>
|
231 |
+
<p>Version <?php echo SS_VERSION; ?></p>
|
232 |
<?php
|
233 |
if (!empty($msg)) echo "<h2>$msg</h2>";
|
234 |
$current_user_name=wp_get_current_user()->user_login;
|
344 |
}
|
345 |
if (strpos($sname,'?')!==false) $sname=substr($sname,0,strpos($sname,'?'));
|
346 |
?>
|
347 |
+
<h2>Support and Help Improve Stop Spammers</h2>
|
348 |
+
<p>Please post all issues, bugs, typos, questions, suggestions, requests, and complaints <a href="https://github.com/bhadaway/stop-spammers/issues" target="_blank">on GitHub</a>. Thank you.</p>
|
349 |
<h2>Plugin Options</h2>
|
350 |
+
<ul>
|
351 |
<li><a href="?page=stop_spammers">Summary</a>: This checks to see if there may be problems from your current incoming IP address and displays a summary of events.</li>
|
|
|
|
|
|
|
352 |
<li><a href="?page=ss_options">Protection Options</a>: This has all the options for checking for spam and logins. You can also block whole countries.</li>
|
353 |
<li><a href="?page=ss_allow_list">Allow Lists</a>: Here you can set up your Allow List to allow IP addresses to login and leave comments on your site, without being checked for spam. It also sets up the options which you can use to allow certain kinds of users into your site, even though they may trigger spam detection.</li>
|
354 |
<li><a href="?page=ss_deny_list">Block Lists</a>: This is where you set up your Deny List for IPs and email. It also allows you to enter spam words and phrases that trigger spam.</li>
|
355 |
+
<li><a href="?page=ss_challenge">Challenge & Deny</a>: This sets up CAPTCHA and notification options. You can give users who trigger the plugin a second chance to use a CAPTCHA. Supports Google ReCaptcha and Solve Media CAPTCHA.</li>
|
356 |
+
<li><a href="?page=ss_allowrequests">Allow Requests</a>: Displays users who were denied and filled out the form requesting access to your site.</li>
|
357 |
<li><a href="?page=ss_webservices_settings">Web Services</a>: This is where you enter the API keys for StopForumSpam.com and other web checking services. You don't need to have these set for the plugin to work, but if you do, you will have better protection and the ability to report spam.</li>
|
358 |
+
<li><a href="?page=ss_cache">Cache</a>: Shows the cache of recently detected events.</li>
|
359 |
+
<li><a href="?page=ss_reports">Log Report</a>: Shows details of the most recent events detected by Stop Spammers.</li>
|
360 |
<li><a href="?page=ss_diagnostics">Diagnostics</a>: You can use this to test an IP, email or, comment against all of the options. This can tell you more about why an IP address might fail. It will also show you any options that might crash the plugin on your site due to system settings.</li>
|
361 |
+
</ul>
|
362 |
+
<h2>Beta Options</h2>
|
363 |
+
<p class="notice notice-warning">These features are to be considered experimental. Use with caution and at your own risk.</p>
|
364 |
+
<ul>
|
365 |
+
<li><a href="?page=ss_option_maint">DB Cleanup</a>: Delete leftover options from deleted plugins or anything that appears suspicious.</li>
|
366 |
+
<li><a href="?page=ss_threat_scan">Threat Scan</a>: A simple scan to find possibly malicious code.</li>
|
367 |
+
</ul>
|
368 |
</div>
|
settings/ss_threat_scan.php
CHANGED
@@ -19,6 +19,7 @@ $nonce=wp_create_nonce('ss_stopspam_update');
|
|
19 |
?>
|
20 |
<div id="ss-plugin" class="wrap">
|
21 |
<h1>Stop Spammers — Threat Scan</h1>
|
|
|
22 |
<p>This is a very simple threat scan that looks for things out of place in the content directory as well as the database.</p>
|
23 |
<p>The process searches PHP files for the occurrence of the eval() function, which, although a valuable part of PHP is also the door that hackers use in order to infect systems. The eval() function is avoided by many programmers unless there is a real need. It is often used by hackers to hide their malicious code or to inject future threats into infected systems. If you find a theme or a plugin that uses the eval() function it is safer to delete it and ask the author to provide a new version that does not use this function.</p>
|
24 |
<p>The scan can take a few seconds and on larger or slower systems can time-out.</p>
|
19 |
?>
|
20 |
<div id="ss-plugin" class="wrap">
|
21 |
<h1>Stop Spammers — Threat Scan</h1>
|
22 |
+
<p class="notice notice-warning">This feature is to be considered experimental. Use with caution and at your own risk.</p>
|
23 |
<p>This is a very simple threat scan that looks for things out of place in the content directory as well as the database.</p>
|
24 |
<p>The process searches PHP files for the occurrence of the eval() function, which, although a valuable part of PHP is also the door that hackers use in order to infect systems. The eval() function is avoided by many programmers unless there is a real need. It is often used by hackers to hide their malicious code or to inject future threats into infected systems. If you find a theme or a plugin that uses the eval() function it is safer to delete it and ask the author to provide a new version that does not use this function.</p>
|
25 |
<p>The scan can take a few seconds and on larger or slower systems can time-out.</p>
|
settings/ss_webservices_settings.php
CHANGED
@@ -126,7 +126,7 @@ incidents.</td>
|
|
126 |
<br />
|
127 |
<fieldset>
|
128 |
<legend><span style="font-weight:bold;font-size:1.2em">Check Against DNSBL Lists Such as Spamhaus.org</span></legend>
|
129 |
-
<input name="chkdnsbl" type="checkbox" value="Y" <?php if ($chkdnsbl=='Y') echo "checked=\"checked\""; ?> />
|
130 |
</fieldset>
|
131 |
<br />
|
132 |
<fieldset>
|
126 |
<br />
|
127 |
<fieldset>
|
128 |
<legend><span style="font-weight:bold;font-size:1.2em">Check Against DNSBL Lists Such as Spamhaus.org</span></legend>
|
129 |
+
<input name="chkdnsbl" type="checkbox" value="Y" <?php if ($chkdnsbl=='Y') echo "checked=\"checked\""; ?> /> Checks the IP on Spamhaus.org. This is primarily used for email spam, but the same bots sending out email spam are probably running comment spam and other exploits.
|
130 |
</fieldset>
|
131 |
<br />
|
132 |
<fieldset>
|
stop-spammer-registrations-new.php
CHANGED
@@ -3,12 +3,13 @@
|
|
3 |
Plugin Name: Stop Spammers Spam Control
|
4 |
Plugin URI: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
|
5 |
Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
|
6 |
-
Author:
|
7 |
-
|
|
|
8 |
License: https://www.gnu.org/licenses/gpl.html
|
9 |
*/
|
10 |
// networking requires a couple of globals
|
11 |
-
define('SS_VERSION', '7.0.
|
12 |
define('SS_PLUGIN_URL', plugin_dir_url( __FILE__ ));
|
13 |
define('SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ));
|
14 |
define('SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ).'data/');
|
@@ -500,7 +501,7 @@ return $config;
|
|
500 |
function ss_caught_action($ip='',$post=array()) {
|
501 |
// this is hit on spam detect for addons - added this for a template for testing - not needed
|
502 |
// $post has all the standardized post variables plus reason and the chk that found the problem
|
503 |
-
// good
|
504 |
}
|
505 |
function ss_stop_spam_OK($ip='',$post=array()) {
|
506 |
// dummy function for testing
|
@@ -567,7 +568,7 @@ remove_filter( 'pre_user_login', ss_user_reg_filter, 1);
|
|
567 |
sfs_errorsonoff('off');
|
568 |
return $user_login;
|
569 |
}
|
570 |
-
// if the suspect is already in the
|
571 |
// prevents looping
|
572 |
$reason=be_load('chkbcache',ss_get_ip(),$stats,$options,$post);
|
573 |
sfs_errorsonoff();
|
3 |
Plugin Name: Stop Spammers Spam Control
|
4 |
Plugin URI: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
|
5 |
Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
|
6 |
+
Author: Bryan Hadaway
|
7 |
+
Author URI: https://calmestghost.com/
|
8 |
+
Version: 7.0.2
|
9 |
License: https://www.gnu.org/licenses/gpl.html
|
10 |
*/
|
11 |
// networking requires a couple of globals
|
12 |
+
define('SS_VERSION', '7.0.2');
|
13 |
define('SS_PLUGIN_URL', plugin_dir_url( __FILE__ ));
|
14 |
define('SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ));
|
15 |
define('SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ).'data/');
|
501 |
function ss_caught_action($ip='',$post=array()) {
|
502 |
// this is hit on spam detect for addons - added this for a template for testing - not needed
|
503 |
// $post has all the standardized post variables plus reason and the chk that found the problem
|
504 |
+
// good add-on would be a plugin to manage an SQL table where this stuff is stored
|
505 |
}
|
506 |
function ss_stop_spam_OK($ip='',$post=array()) {
|
507 |
// dummy function for testing
|
568 |
sfs_errorsonoff('off');
|
569 |
return $user_login;
|
570 |
}
|
571 |
+
// if the suspect is already in the Bad Cache he does not get a second chance?
|
572 |
// prevents looping
|
573 |
$reason=be_load('chkbcache',ss_get_ip(),$stats,$options,$post);
|
574 |
sfs_errorsonoff();
|