Stop Spammers - Version 7.0.2

Version Description

  • continued general cleanup
  • continued design improvements
  • reorganized menu
  • reintroduced beta features
  • removed add-ons
Download this release

Release Info

Developer bhadaway
Plugin Icon 128x128 Stop Spammers
Version 7.0.2
Comparing to
See all releases

Code changes from version 7.0.1 to 7.0.2

classes/ss_challenge.php CHANGED
@@ -337,7 +337,7 @@ User Message: ". $km ."
337
 
338
  Please be aware that the user has been recognized as a potential spammer.
339
 
340
- Some spam robots are already filling out the request form with a fale explanation.
341
 
342
  — Stop Spammers";
343
  $message=wordwrap($message, 70, "\r\n");
337
 
338
  Please be aware that the user has been recognized as a potential spammer.
339
 
340
+ Some spam robots fill out the request form with a fake explanation.
341
 
342
  — Stop Spammers";
343
  $message=wordwrap($message, 70, "\r\n");
classes/ss_check_white.php CHANGED
@@ -22,7 +22,7 @@ if (!empty($add)&&is_array($add)) {
22
  $reason=be_load($add);
23
  if ($reason!==false) {
24
  // need to log a passed hit on post here
25
- ss_log_good(ss_get_ip(),$reason,$add[1],$add); // aded get IP because it might be altered
26
  return $reason;
27
  }
28
  }
22
  $reason=be_load($add);
23
  if ($reason!==false) {
24
  // need to log a passed hit on post here
25
+ ss_log_good(ss_get_ip(),$reason,$add[1],$add); // added get IP because it might be altered
26
  return $reason;
27
  }
28
  }
classes/ss_get_alreq.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- // this does the get for the tbody in allow requests
3
  if (!defined('ABSPATH')) exit;
4
  class ss_get_alreq {
5
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
1
  <?php
2
+ // this does the get for the tbody in Allow Requests
3
  if (!defined('ABSPATH')) exit;
4
  class ss_get_alreq {
5
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
classes/ss_get_bcache.php CHANGED
@@ -17,7 +17,7 @@ $show='';
17
  foreach ($badips as $key => $value) {
18
  $who="<a title=\"Check WHOIS\" target=\"_stopspam\" href=\"http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=$key\"><img src=\"$whois\" height=\"16px\"/></a>";
19
  $show.="<a href=\"http://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
20
- // try ajax on the delete from bad cache
21
  $onclick="onclick=\"sfs_ajax_process('$key','$container','$cachedel','$ajaxurl');return false;\"";
22
  $show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
23
  $onclick="onclick=\"sfs_ajax_process('$key','$container','add_black','$ajaxurl');return false;\"";
17
  foreach ($badips as $key => $value) {
18
  $who="<a title=\"Check WHOIS\" target=\"_stopspam\" href=\"http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=$key\"><img src=\"$whois\" height=\"16px\"/></a>";
19
  $show.="<a href=\"http://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
20
+ // try AJAX on the delete from bad cache
21
  $onclick="onclick=\"sfs_ajax_process('$key','$container','$cachedel','$ajaxurl');return false;\"";
22
  $show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
23
  $onclick="onclick=\"sfs_ajax_process('$key','$container','add_black','$ajaxurl');return false;\"";
classes/ss_get_options.php CHANGED
@@ -70,7 +70,7 @@ $defaultsCTRL=array(
70
  'chkxff'=>'N', // ????
71
  'notify'=>'Y',
72
  'chkspoof'=>'N', // ???
73
- 'filterregistrations'=>'Y' // filter registration attempts, even if not from post.
74
  );
75
  $defaultARRAY=array(
76
  'badagents'=>array(
@@ -428,10 +428,9 @@ $defaults=array(
428
  'ss_sp_cache_em'=>4,
429
  'redirurl'=>'',
430
  'logfilesize'=>0,
431
- 'rejectmessage'=>"Access Denied<br/>
432
- This site is protected by the Stop Spammer Registrations Plugin.<br/>"
433
  );
434
- $defaultCOUNTRY=array( // all Yes!!!!! - changed to no (coward)
435
  'chkAD'=>'N',
436
  'chkAE'=>'N',
437
  'chkAF'=>'N',
70
  'chkxff'=>'N', // ????
71
  'notify'=>'Y',
72
  'chkspoof'=>'N', // ???
73
+ 'filterregistrations'=>'Y' // filter registration attempts - even if not from post
74
  );
75
  $defaultARRAY=array(
76
  'badagents'=>array(
428
  'ss_sp_cache_em'=>4,
429
  'redirurl'=>'',
430
  'logfilesize'=>0,
431
+ 'rejectmessage'=>"Access Denied<br/>"
 
432
  );
433
+ $defaultCOUNTRY=array( // all yes - changed to no
434
  'chkAD'=>'N',
435
  'chkAE'=>'N',
436
  'chkAF'=>'N',
classes/ss_log_bad.php CHANGED
@@ -36,7 +36,7 @@ $blog=$blog_id;
36
  //
37
  $ss_sp_hist=$options['ss_sp_hist'];
38
  while (count($hist)>$ss_sp_hist) array_shift($hist);
39
- // if (!empty($pwd)) $author=$author.'/'.$pwd; // show bad passwwords????
40
  $hist[$now]=array($ip,$email,$author,$sname,$reason,$blog);
41
  $stats['hist']=$hist;
42
  if (array_key_exists('addon',$post)) {
36
  //
37
  $ss_sp_hist=$options['ss_sp_hist'];
38
  while (count($hist)>$ss_sp_hist) array_shift($hist);
39
+ // if (!empty($pwd)) $author=$author.'/'.$pwd; // show bad passwords?
40
  $hist[$now]=array($ip,$email,$author,$sname,$reason,$blog);
41
  $stats['hist']=$hist;
42
  if (array_key_exists('addon',$post)) {
css/admin.css CHANGED
@@ -4,6 +4,8 @@
4
 
5
  #ss-plugin textarea, #ss-plugin input[type="text"]{width:100%;max-width:500px}
6
 
 
 
7
  #ss-plugin input[type="text"]{max-width:400px}
8
 
9
  #ss-plugin fieldset{width:100%;padding:15px;border:1px solid #4aa863;margin:30px 0 0}
4
 
5
  #ss-plugin textarea, #ss-plugin input[type="text"]{width:100%;max-width:500px}
6
 
7
+ #ss-plugin img{margin-right:5px}
8
+
9
  #ss-plugin input[type="text"]{max-width:400px}
10
 
11
  #ss-plugin fieldset{width:100%;padding:15px;border:1px solid #4aa863;margin:30px 0 0}
includes/ss-admin-options.php CHANGED
@@ -235,7 +235,7 @@ if (substr($check,0,4)=="ERR:") {
235
  echo "Access to the Stop Forum Spam Database shows errors\r\n";
236
  echo "response was $check\r\n";
237
  }
238
- // Access to the Stop Forum Spam Database is working
239
  $n=strpos($check,'<response success="true">');
240
  if ($n===false) {
241
  echo "Access to the Stop Forum Spam Database is not working\r\n";
235
  echo "Access to the Stop Forum Spam Database shows errors\r\n";
236
  echo "response was $check\r\n";
237
  }
238
+ // access to the Stop Forum Spam database is working
239
  $n=strpos($check,'<response success="true">');
240
  if ($n===false) {
241
  echo "Access to the Stop Forum Spam Database is not working\r\n";
includes/stop-spam-utils.php CHANGED
@@ -84,7 +84,7 @@ function sfs_ErrorHandler($errno, $errmsg, $filename, $linenum, $vars) {
84
  // write the answers to the file
85
  // we are only concerned with the errors and warnings, not the notices
86
  // if ($errno==E_NOTICE || $errno==E_WARNING) return false;
87
- // if ($errno==2048) return; // wordpress throws deprecated all over the place
88
  $serrno="";
89
  if (
90
  (strpos($filename,'ss')===false)
84
  // write the answers to the file
85
  // we are only concerned with the errors and warnings, not the notices
86
  // if ($errno==E_NOTICE || $errno==E_WARNING) return false;
87
+ // if ($errno==2048) return; // WordPress throws deprecated all over the place
88
  $serrno="";
89
  if (
90
  (strpos($filename,'ss')===false)
modules/chkadmin.php CHANGED
@@ -16,7 +16,7 @@ foreach($blogusers as $u) {
16
  if ($u->user_login==$login) return false; // false alarm - really is a person admin
17
  }
18
  // this may cause problems when a legitimate new user wants to include the string admin in their username
19
- return "Admin login/registration attempt: $login";
20
  }
21
  }
22
  ?>
16
  if ($u->user_login==$login) return false; // false alarm - really is a person admin
17
  }
18
  // this may cause problems when a legitimate new user wants to include the string admin in their username
19
+ return "Admin Login or Registration Attempt: $login";
20
  }
21
  }
22
  ?>
modules/chkbbcode.php CHANGED
@@ -2,8 +2,8 @@
2
  if (!defined('ABSPATH')) exit;
3
  class chkbbcode { // change name
4
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
5
- // searches for bbcodes in post data
6
- // BBCodes are the tool of stupid spammers
7
  $bbcodes=array(
8
  '[php','[url','[link','[img','[include','[script'
9
  );
2
  if (!defined('ABSPATH')) exit;
3
  class chkbbcode { // change name
4
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
5
+ // searches for BBCodes in post data
6
+ // BBCodes is the tool of common spammers
7
  $bbcodes=array(
8
  '[php','[url','[link','[img','[include','[script'
9
  );
modules/chkdisp.php CHANGED
@@ -106,7 +106,7 @@ $disposables=array(
106
  $emdomain=explode('@',$options['em']);
107
  if (count($emdomain)==2&&in_array(strtolower($emdomain[1]),$disposables)) {
108
  // the email is a disposable email address
109
- // do you really want this guy????
110
  return 'Disposable em:'.$options['em'];
111
  }
112
  return false;
106
  $emdomain=explode('@',$options['em']);
107
  if (count($emdomain)==2&&in_array(strtolower($emdomain[1]),$disposables)) {
108
  // the email is a disposable email address
109
+ // do you really want this guy?
110
  return 'Disposable em:'.$options['em'];
111
  }
112
  return false;
modules/chkexploits.php CHANGED
@@ -15,19 +15,19 @@ $req=urldecode($req);
15
  if (stripos($req,'eval'.'(base64'.'_decode(')!==false) { // dotting the search to not kick off updates, etc.
16
  if (strlen($req)>24) $req=substr($req,24);
17
  $req=htmlentities($req);
18
- return "eval attack $req";
19
  }
20
  if (stripos($req,'document.write(string.fromcharcode')!==false) {
21
  if (strlen($req)>24) $req=substr($req,24);
22
  $req=htmlentities($req);
23
- return "offset string attack $req";
24
  }
25
  // 'document.write(Stringfromcharcode'
26
  // union all select - this is a common SQL injection string
27
  if (stripos($req,'union all select')!==false) {
28
  if (strlen($req)>24) $req=substr($req,24);
29
  $req=htmlentities($req);
30
- return "sql inject attack $req";
31
  }
32
  }
33
  return false;
15
  if (stripos($req,'eval'.'(base64'.'_decode(')!==false) { // dotting the search to not kick off updates, etc.
16
  if (strlen($req)>24) $req=substr($req,24);
17
  $req=htmlentities($req);
18
+ return "Eval Attack $req";
19
  }
20
  if (stripos($req,'document.write(string.fromcharcode')!==false) {
21
  if (strlen($req)>24) $req=substr($req,24);
22
  $req=htmlentities($req);
23
+ return "Offset String Attack $req";
24
  }
25
  // 'document.write(Stringfromcharcode'
26
  // union all select - this is a common SQL injection string
27
  if (stripos($req,'union all select')!==false) {
28
  if (strlen($req)>24) $req=substr($req,24);
29
  $req=htmlentities($req);
30
+ return "SQL Inject Attack $req";
31
  }
32
  }
33
  return false;
modules/chklong.php CHANGED
@@ -7,7 +7,7 @@ if (array_key_exists('email',$post)) {
7
  $email=$post['email'];
8
  if (!empty($email)) {
9
  if (strlen($email)>64) {
10
- return "Email too long:$email";
11
  }
12
  }
13
  }
@@ -15,7 +15,7 @@ if (array_key_exists('author',$post)) {
15
  if (!empty($post['author'])) {
16
  $author=$post['author'];
17
  if (strlen($post['author'])>64) {
18
- return "Author too long:$author";
19
  }
20
  }
21
  }
@@ -23,7 +23,7 @@ if (array_key_exists('psw',$post)) {
23
  if (!empty($post['psw'])) {
24
  $psw=$post['psw'];
25
  if (strlen($post['psw'])>32) {
26
- return "Password too long: $psw";
27
  }
28
  }
29
  }
7
  $email=$post['email'];
8
  if (!empty($email)) {
9
  if (strlen($email)>64) {
10
+ return "Email Too Long: $email";
11
  }
12
  }
13
  }
15
  if (!empty($post['author'])) {
16
  $author=$post['author'];
17
  if (strlen($post['author'])>64) {
18
+ return "Author Too Long: $author";
19
  }
20
  }
21
  }
23
  if (!empty($post['psw'])) {
24
  $psw=$post['psw'];
25
  if (strlen($post['psw'])>32) {
26
+ return "Password Too Long: $psw";
27
  }
28
  }
29
  }
modules/chkmulti.php CHANGED
@@ -33,7 +33,7 @@ $row[1]++;
33
  $multi[$ip]=$row;
34
  $stats['multi']=$multi;
35
  ss_set_stats($stats);
36
- if ($row[1]>=$multicnt) return "$row[1] Hits in last 3 minutes";
37
  return false;
38
  }
39
  }
33
  $multi[$ip]=$row;
34
  $stats['multi']=$multi;
35
  ss_set_stats($stats);
36
+ if ($row[1]>=$multicnt) return "$row[1] Hits in last 3 minutes";
37
  return false;
38
  }
39
  }
modules/chkscripts.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  if (!defined('ABSPATH')) exit;
3
  class chkscripts extends be_module {
4
- // some scripts need to be Allow Listed - so far wp_cron.php, but maybe some others - ajax?
5
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
6
  $sname=$this->getSname();
7
  if(strpos($sname,'wp-cron.php')!==false) return "allow wp-cron";
1
  <?php
2
  if (!defined('ABSPATH')) exit;
3
  class chkscripts extends be_module {
4
+ // some scripts need to be Allow Listed - so far wp_cron.php, but maybe some others - AJAX?
5
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
6
  $sname=$this->getSname();
7
  if(strpos($sname,'wp-cron.php')!==false) return "allow wp-cron";
modules/chksession.php CHANGED
@@ -24,7 +24,7 @@ $sname=$sname;
24
  } else if (array_key_exists("PHP_SELF",$_SERVER)) {
25
  $sname=substr($_SERVER['PHP_SELF'],1 );
26
  }
27
- //echo "Testing session '$sname'<br />";
28
  if (empty($sname)) return false;
29
  $sesstime=2; // nobody can do it in 3 seconds
30
  if (!defined("WP_CACHE")||(!WP_CACHE)) {
24
  } else if (array_key_exists("PHP_SELF",$_SERVER)) {
25
  $sname=substr($_SERVER['PHP_SELF'],1 );
26
  }
27
+ // echo "Testing Session '$sname'<br />";
28
  if (empty($sname)) return false;
29
  $sesstime=2; // nobody can do it in 3 seconds
30
  if (!defined("WP_CACHE")||(!WP_CACHE)) {
modules/chkspamwords.php CHANGED
@@ -10,7 +10,7 @@ foreach($post as $key=>$data) {
10
  if (!empty($data)) {
11
  foreach($spamwords as $sw) {
12
  if (stripos($data,$sw)!==false) {
13
- return "Spam word: $sw in $key";
14
  }
15
  }
16
  }
10
  if (!empty($data)) {
11
  foreach($spamwords as $sw) {
12
  if (stripos($data,$sw)!==false) {
13
+ return "Spam Word: $sw in $key";
14
  }
15
  }
16
  }
modules/chkvalidip.php CHANGED
@@ -26,7 +26,7 @@ foreach($priv as $ips) {
26
  if ($ip2>=$ips[0] && $ip2<=$ips[1]) return 'Local IP Address:'.$ip;
27
  if ($ip2<$ips[1]) break; // sorted so we can bail
28
  }
29
- // use the experimental check fake ip routine
30
  // doesn't work on older PHPs or some servers without IPv6 support enables
31
  /*
32
  try {
@@ -47,7 +47,7 @@ if ($ip==$lip) return 'IP same as server:'.$ip;
47
  } else if (array_key_exists('LOCAL_ADDR',$_SERVER)) { // IIS 7?
48
  $lip=$_SERVER["LOCAL_ADDR"];
49
  if ($ip==$lip) return 'IP same as server:'.$ip;
50
- } else { // IIS 6 no server address use a gethost by name? Hope we never get here
51
  try {
52
  $lip=@gethostbyname($_SERVER['SERVER_NAME']);
53
  if ($ip==$lip) return 'IP same as server:'.$ip;
26
  if ($ip2>=$ips[0] && $ip2<=$ips[1]) return 'Local IP Address:'.$ip;
27
  if ($ip2<$ips[1]) break; // sorted so we can bail
28
  }
29
+ // use the experimental check fake IP routine
30
  // doesn't work on older PHPs or some servers without IPv6 support enables
31
  /*
32
  try {
47
  } else if (array_key_exists('LOCAL_ADDR',$_SERVER)) { // IIS 7?
48
  $lip=$_SERVER["LOCAL_ADDR"];
49
  if ($ip==$lip) return 'IP same as server:'.$ip;
50
+ } else { // IIS 6 no server address use a gethost by name? hope we never get here
51
  try {
52
  $lip=@gethostbyname($_SERVER['SERVER_NAME']);
53
  if ($ip==$lip) return 'IP same as server:'.$ip;
modules/chkwlist.php CHANGED
@@ -2,7 +2,7 @@
2
  if (!defined('ABSPATH')) exit;
3
  class chkwlist extends be_module { // change name
4
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
5
- // checks the ip from params which has the cache in it
6
  $this->searchname='Allow List IP';
7
  $gcache=$options['wlist'];
8
  return $this->searchList($ip,$gcache);
2
  if (!defined('ABSPATH')) exit;
3
  class chkwlist extends be_module { // change name
4
  public function process($ip,&$stats=array(),&$options=array(),&$post=array()) {
5
+ // checks the IP from params which has the cache in it
6
  $this->searchname='Allow List IP';
7
  $gcache=$options['wlist'];
8
  return $this->searchList($ip,$gcache);
readme.txt CHANGED
@@ -1,6 +1,7 @@
1
  === Stop Spammers ===
2
 
3
- Contributors: Keith Graham, bhadaway
 
4
  Tags: spam, antispam, anti-spam, spam blocker, block spam, signup spam, comment spam, spam filter, registration spam, spammer, spammers, spamming, xss, malware, virus, captcha, comment, comments, contact, contact form, contact forms, form, forms, login, multisite, protection, register, registration, security, signup, trackback, trackbacks, user registration spam, widget
5
  Tested up to: 4.7.4
6
  Stable tag: trunk
@@ -10,13 +11,17 @@ Aggressive anti-spam plugin that eliminates comment spam, trackback spam, contac
10
 
11
  == Description ==
12
 
13
- Stop Spammers is an aggressive website spam defence against comment spam and login attempts. It is capable of performing more than 20 different checks for spam and malicious events and can block spam from over 100 different countries.
14
 
15
  Stop Spammers uses multiple methods for detecting spam and may be too aggressive for some websites.
16
 
17
- In cases where spam is detected, users are offered a second chance to post their comments or login. Denied requests are presented with a CAPTCHA screen in order to prevent users from being blocked. The CAPTCHA can be configured as OpenCaptcha, Google reCaptcha, or SolveMedia CAPTCHA. The CAPTCHA will only appear when a user is denied access as a spammer.
18
 
19
- Created and maintained by Keith P. Graham (since 2010). Maintained by Bryan Hadaway (since 2017).
 
 
 
 
20
 
21
  == Installation ==
22
 
@@ -31,6 +36,13 @@ OR
31
 
32
  == Changelog ==
33
 
 
 
 
 
 
 
 
34
  = 7.0.1 =
35
  * continued general cleanup
36
  * continued design improvements
1
  === Stop Spammers ===
2
 
3
+ Contributors: bhadaway, Keith Graham
4
+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DTRTUYSPKJN8N
5
  Tags: spam, antispam, anti-spam, spam blocker, block spam, signup spam, comment spam, spam filter, registration spam, spammer, spammers, spamming, xss, malware, virus, captcha, comment, comments, contact, contact form, contact forms, form, forms, login, multisite, protection, register, registration, security, signup, trackback, trackbacks, user registration spam, widget
6
  Tested up to: 4.7.4
7
  Stable tag: trunk
11
 
12
  == Description ==
13
 
14
+ Stop Spammers is an aggressive website defence against comment spam and login attempts. It is capable of performing more than 20 different checks for spam and malicious events and can block spam from over 100 different countries.
15
 
16
  Stop Spammers uses multiple methods for detecting spam and may be too aggressive for some websites.
17
 
18
+ In cases where spam is detected, users are offered a second chance to post their comments or login. Denied requests are presented with a CAPTCHA screen in order to prevent users from being blocked. The CAPTCHA can be configured as OpenCaptcha, Google reCAPTCHA or SolveMedia CAPTCHA. The CAPTCHA will only appear when a user is denied access as a spammer.
19
 
20
+ *Created with a lot of hard work and maintained by Keith P. Graham (from 2010-2017). Thank you Keith.*
21
+
22
+ *Maintained (because I love this plugin and want to keep it alive) by Bryan Hadaway (since 2017).*
23
+
24
+ ***If you also love this plugin and want to see it live on, you can help me maintain it [on GitHub](https://github.com/bhadaway/stop-spammers).***
25
 
26
  == Installation ==
27
 
36
 
37
  == Changelog ==
38
 
39
+ = 7.0.2 =
40
+ * continued general cleanup
41
+ * continued design improvements
42
+ * reorganized menu
43
+ * reintroduced beta features
44
+ * removed add-ons
45
+
46
  = 7.0.1 =
47
  * continued general cleanup
48
  * continued design improvements
settings/settings.php CHANGED
@@ -13,7 +13,7 @@ add_menu_page(
13
  'ss_summary', // $function
14
  $iconpng, // $icon_url,
15
  78.92 // $position
16
- );
17
  if (class_exists('Jetpack') && Jetpack::is_module_active('protect')) {
18
  return;
19
  }
@@ -24,41 +24,7 @@ add_submenu_page(
24
  'manage_options', // $capability,
25
  'stop_spammers', // $menu_slug,
26
  'ss_summary' // $function
27
- );
28
- add_submenu_page(
29
- 'stop_spammers', // plugins parent
30
- "Allow Requests — Stop Spammers", // $page_title,
31
- "Allow Requests", // $menu_title,
32
- 'manage_options', // $capability,
33
- 'ss_allowrequests', // $menu_slug,
34
- 'ss_allowreq' // $function
35
- );
36
- add_submenu_page(
37
- 'stop_spammers', // plugins parent
38
- "Log Report — Stop Spammers", // $page_title,
39
- 'Log Report', // $menu_title,
40
- 'manage_options', // $capability,
41
- 'ss_reports', // $menu_slug,
42
- 'ss_reports' // function
43
- );
44
- add_submenu_page(
45
- 'stop_spammers', // plugins parent
46
- "Cache — Stop Spammers", // $page_title,
47
- 'Cache', // $menu_title,
48
- 'manage_options', // $capability,
49
- 'ss_cache', // $menu_slug,
50
- 'ss_cache' // function
51
- );
52
- if (function_exists('is_multisite') && is_multisite()) {
53
- add_submenu_page(
54
- 'stop_spammers', // plugins parent
55
- "Multisite — Stop Spammers", // $page_title,
56
- 'Network', // $menu_title,
57
- 'manage_options', // $capability,
58
- 'ss_network', // $menu_slug,
59
- 'ss_network'
60
- );
61
- }
62
  add_submenu_page(
63
  'stop_spammers', // plugins parent
64
  "Protection Options — Stop Spammers", // $page_title,
@@ -66,7 +32,7 @@ add_submenu_page(
66
  'manage_options', // $capability,
67
  'ss_options', // $menu_slug,
68
  'ss_options' // function
69
- );
70
  add_submenu_page(
71
  'stop_spammers', // plugins parent
72
  "Allow Lists — Stop Spammers", // $page_title,
@@ -74,7 +40,7 @@ add_submenu_page(
74
  'manage_options', // $capability,
75
  'ss_allow_list', // $menu_slug,
76
  'ss_allowlist_settings' // function
77
- );
78
  add_submenu_page(
79
  'stop_spammers', // plugins parent
80
  "Block Lists — Stop Spammers", // $page_title,
@@ -82,7 +48,23 @@ add_submenu_page(
82
  'manage_options', // $capability,
83
  'ss_deny_list', // $menu_slug,
84
  'ss_denylist_settings' // function
85
- );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
86
  add_submenu_page(
87
  'stop_spammers', // plugins parent
88
  "Web Services — Stop Spammers", // $page_title,
@@ -90,52 +72,58 @@ add_submenu_page(
90
  'manage_options', // $capability,
91
  'ss_webservices_settings', // $menu_slug,
92
  'ss_webservices_settings'
93
- );
94
  add_submenu_page(
95
  'stop_spammers', // plugins parent
96
- "Challenge and Deny — Stop Spammers", // $page_title,
97
- 'Challenge &amp; Deny', // $menu_title,
98
  'manage_options', // $capability,
99
- 'ss_challenge', // $menu_slug,
100
- 'ss_challenges' // function
101
- );
102
- /*
103
  add_submenu_page(
104
  'stop_spammers', // plugins parent
105
- "Threat Scan — Stop Spammers", // $page_title,
106
- 'Threat Scan', // $menu_title,
107
  'manage_options', // $capability,
108
- 'ss_threat_scan', // $menu_slug,
109
- 'ss_threat_scan' // function
110
- );
111
- */
112
- /*
113
  add_submenu_page(
114
  'stop_spammers', // plugins parent
115
- "Maintenance — Stop Spammers", // $page_title,
116
- 'Maintenance', // $menu_title,
 
 
 
 
 
 
 
 
117
  'manage_options', // $capability,
118
  'ss_option_maint', // $menu_slug,
119
  'ss_option_maint' // function
120
- );
121
- */
122
  add_submenu_page(
123
  'stop_spammers', // plugins parent
124
- "Diagnostics — Stop Spammers", // $page_title,
125
- 'Diagnostics', // $menu_title,
126
  'manage_options', // $capability,
127
- 'ss_diagnostics', // $menu_slug,
128
- 'ss_diagnostics' // function
129
  );
 
130
  add_submenu_page(
131
  'stop_spammers', // plugins parent
132
- "Add-ons — Stop Spammers", // $page_title,
133
- 'Add-ons', // $menu_title,
134
  'manage_options', // $capability,
135
- 'ss_addons', // $menu_slug,
136
- 'ss_addons' // function
137
  );
138
  }
 
139
  function ss_summary() {
140
  include_setting("ss_summary.php");
141
  }
@@ -181,9 +169,6 @@ include_setting("ss_contribute.php");
181
  function ss_diagnostics() {
182
  include_setting("ss_diagnostics.php");
183
  }
184
- function ss_addons() {
185
- include_setting("ss_addons.php");
186
- }
187
  function ss_allowreq() {
188
  include_setting("ss_allowreq.php");
189
  }
13
  'ss_summary', // $function
14
  $iconpng, // $icon_url,
15
  78.92 // $position
16
+ );
17
  if (class_exists('Jetpack') && Jetpack::is_module_active('protect')) {
18
  return;
19
  }
24
  'manage_options', // $capability,
25
  'stop_spammers', // $menu_slug,
26
  'ss_summary' // $function
27
+ );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  add_submenu_page(
29
  'stop_spammers', // plugins parent
30
  "Protection Options — Stop Spammers", // $page_title,
32
  'manage_options', // $capability,
33
  'ss_options', // $menu_slug,
34
  'ss_options' // function
35
+ );
36
  add_submenu_page(
37
  'stop_spammers', // plugins parent
38
  "Allow Lists — Stop Spammers", // $page_title,
40
  'manage_options', // $capability,
41
  'ss_allow_list', // $menu_slug,
42
  'ss_allowlist_settings' // function
43
+ );
44
  add_submenu_page(
45
  'stop_spammers', // plugins parent
46
  "Block Lists — Stop Spammers", // $page_title,
48
  'manage_options', // $capability,
49
  'ss_deny_list', // $menu_slug,
50
  'ss_denylist_settings' // function
51
+ );
52
+ add_submenu_page(
53
+ 'stop_spammers', // plugins parent
54
+ "Challenge and Deny — Stop Spammers", // $page_title,
55
+ 'Challenge &amp; Deny', // $menu_title,
56
+ 'manage_options', // $capability,
57
+ 'ss_challenge', // $menu_slug,
58
+ 'ss_challenges' // function
59
+ );
60
+ add_submenu_page(
61
+ 'stop_spammers', // plugins parent
62
+ "Allow Requests — Stop Spammers", // $page_title,
63
+ "Allow Requests", // $menu_title,
64
+ 'manage_options', // $capability,
65
+ 'ss_allowrequests', // $menu_slug,
66
+ 'ss_allowreq' // $function
67
+ );
68
  add_submenu_page(
69
  'stop_spammers', // plugins parent
70
  "Web Services — Stop Spammers", // $page_title,
72
  'manage_options', // $capability,
73
  'ss_webservices_settings', // $menu_slug,
74
  'ss_webservices_settings'
75
+ );
76
  add_submenu_page(
77
  'stop_spammers', // plugins parent
78
+ "Cache — Stop Spammers", // $page_title,
79
+ 'Cache', // $menu_title,
80
  'manage_options', // $capability,
81
+ 'ss_cache', // $menu_slug,
82
+ 'ss_cache' // function
83
+ );
 
84
  add_submenu_page(
85
  'stop_spammers', // plugins parent
86
+ "Log Report — Stop Spammers", // $page_title,
87
+ 'Log Report', // $menu_title,
88
  'manage_options', // $capability,
89
+ 'ss_reports', // $menu_slug,
90
+ 'ss_reports' // function
91
+ );
 
 
92
  add_submenu_page(
93
  'stop_spammers', // plugins parent
94
+ "Diagnostics — Stop Spammers", // $page_title,
95
+ 'Diagnostics', // $menu_title,
96
+ 'manage_options', // $capability,
97
+ 'ss_diagnostics', // $menu_slug,
98
+ 'ss_diagnostics' // function
99
+ );
100
+ add_submenu_page(
101
+ 'stop_spammers', // plugins parent
102
+ "Beta: DB Cleanup — Stop Spammers", // $page_title,
103
+ 'Beta: DB Cleanup', // $menu_title,
104
  'manage_options', // $capability,
105
  'ss_option_maint', // $menu_slug,
106
  'ss_option_maint' // function
107
+ );
 
108
  add_submenu_page(
109
  'stop_spammers', // plugins parent
110
+ "Beta: Threat Scan — Stop Spammers", // $page_title,
111
+ 'Beta: Threat Scan', // $menu_title,
112
  'manage_options', // $capability,
113
+ 'ss_threat_scan', // $menu_slug,
114
+ 'ss_threat_scan' // function
115
  );
116
+ if (function_exists('is_multisite') && is_multisite()) {
117
  add_submenu_page(
118
  'stop_spammers', // plugins parent
119
+ "Multisite — Stop Spammers", // $page_title,
120
+ 'Network', // $menu_title,
121
  'manage_options', // $capability,
122
+ 'ss_network', // $menu_slug,
123
+ 'ss_network'
124
  );
125
  }
126
+ }
127
  function ss_summary() {
128
  include_setting("ss_summary.php");
129
  }
169
  function ss_diagnostics() {
170
  include_setting("ss_diagnostics.php");
171
  }
 
 
 
172
  function ss_allowreq() {
173
  include_setting("ss_allowreq.php");
174
  }
settings/ss_addons.php DELETED
@@ -1,94 +0,0 @@
1
- <?php
2
- if (!defined('ABSPATH')) exit; // just in case
3
- if (!current_user_can('manage_options')) {
4
- die('Access Denied');
5
- }
6
- ss_fix_post_vars();
7
- $updateable=array("beta-updater","RedHerring","multicheck","LogReport","TorList","SFSToxicList");
8
- if (array_key_exists("ss_nonce",$_POST)&&wp_verify_nonce($_POST['ss_nonce'],'ss') ) {
9
- if (!function_exists('ss_install_update')) { // adding update function to main plugin?
10
- include("ss_install_update.php");
11
- }
12
- // go through the possible updates
13
- foreach($updateable as $key) {
14
- if (array_key_exists($key,$_POST)) {
15
- ss_install_update($key);
16
- break;
17
- }
18
- }
19
- }
20
- ?>
21
- <div id="ss-plugin" class="wrap">
22
- <h1>Stop Spammers — Add-ons</h1>
23
- <p>These add-ons will soon come packaged with Stop Spammers, but disabled by default.</p>
24
- <form method="post" action="#">
25
- <?php wp_nonce_field( 'ss', 'ss_nonce' ) ?>
26
- <table width="80%" align="center" bgcolor="#d0d0d0" cellspacing="2px">
27
- <tr bgcolor="#f0f0f0">
28
- <td>Beta Updater</td>
29
- <td><input type="submit" name="beta-updater" value="Install/Update Beta Updater" class="button-primary" /></td>
30
- <td>Update Stop Spammers from the beta version. The plugin goes through frequent changes. I update the WordPress repository infrequently. The latest stable version is always available for download.<br />
31
- Install the add-on so that you can update Stop Spammers whenever you like.
32
- <p>
33
- This allows your to update Stop Spammers directly from my website.
34
- </p></td>
35
- </tr>
36
- <tr bgcolor="#f0f0f0">
37
- <td>Red Herring</td>
38
- <td><input type="submit" name="RedHerring" value="Install/Update Red Herring" class="button-primary" /></td>
39
- <td>The Red Herring plugin places a dummy form on your web pages. Spammers see the Red Herring Form and try to leave spam, login or register using the dummy form. Their request is ignored by WordPress and their IP address is added to the bad cache so they will be blocked in the future.<br />
40
- This is an effective way to stop spam.</td>
41
- </tr>
42
- <tr bgcolor="#f0f0f0">
43
- <td>Check system.multicall</td>
44
- <td><input type="submit" name="multicheck" value="Install/Update system.multicall checker" class="button-primary" /></td>
45
- <td>Spammers use the system.multicall option of xmlrpc.php to check thousands of login ids and passwords at a time. This protects against this.</td>
46
- </tr>
47
- <tr bgcolor="#f0f0f0">
48
- <td>Log Reporter</td>
49
- <td><input type="submit" name="LogReport" value="Install/Update Log Reporter" class="button-primary" /></td>
50
- <td>Saves spammers in a CVS file and provides a download link in Excel format. Useful for seeing all log events and not just the last few.</td>
51
- </tr>
52
- <tr bgcolor="#f0f0f0">
53
- <td>Tor Check</td>
54
- <td><input type="submit" name="TorList" value="Install/Update Tor List Checker" class="button-primary" /></td>
55
- <td>Check users IP against a list of Tor exit nodes. Rejects comments and login attempts from users coming from Tor.</td>
56
- </tr>
57
- <tr bgcolor="#f0f0f0">
58
- <td>SFS Toxic List</td>
59
- <td><input type="submit" name="SFSToxicList" value="Install/Update SFS Toxic List" class="button-primary" /></td>
60
- <td>Stop Forum Spam keeps a master list of toxic IP addesses. These can be downloaded once a day and Stop Spammers will use the list to check for spam. This will let you check for spammers before hitting the SFS site.</td>
61
- </tr>
62
- </table>
63
- </form>
64
- <hr />
65
- <?php
66
- // get a list of all the addons using the filter
67
- $addons=array();
68
- $a1=apply_filters('ss_addons_allow',$addons);
69
- $a3=apply_filters('ss_addons_deny',$addons);
70
- $a5=apply_filters('ss_addons_get',$addons);
71
- $addons=array_merge($a1,$a3,$a5);
72
- if (empty($addons)) {
73
- echo "<p>No add-ons installed.</p>";
74
- } else {
75
- ?>
76
- <fieldset>
77
- <legend><span style="font-weight:bold;font-size:1.2em">Installed Addons</span></legend>
78
- <ol>
79
- <?php
80
- foreach($addons as $add) {
81
- $ad0=$add[0];
82
- $ad1=$add[1];
83
- $ad2=$add[2];
84
- $ad3=$add[3];
85
- $reason=be_load($add,$ad1);
86
- echo "<li>$ad1: by $ad2, $ad3</li>";
87
- }
88
- ?>
89
- </ol>
90
- </fieldset>
91
- <?php
92
- }
93
- ?>
94
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
settings/ss_allowlist_settings.php CHANGED
@@ -7,7 +7,7 @@ ss_fix_post_vars();
7
  $now=date('Y/m/d H:i:s',time() + ( get_option( 'gmt_offset' ) * 3600 ));
8
  $options=ss_get_options();
9
  extract($options);
10
- $chkcloudflare='Y'; // force back to on - always fix cloudflare if the plugin is not present and cloudflare detected
11
  $nonce='';
12
  if (array_key_exists('ss_stop_spammers_control',$_POST)) $nonce=$_POST['ss_stop_spammers_control'];
13
  if (!empty($nonce) && wp_verify_nonce($nonce,'ss_stopspam_update')) {
7
  $now=date('Y/m/d H:i:s',time() + ( get_option( 'gmt_offset' ) * 3600 ));
8
  $options=ss_get_options();
9
  extract($options);
10
+ $chkcloudflare='Y'; // force back to on - always fix Cloudflare if the plugin is not present and Cloudflare detected
11
  $nonce='';
12
  if (array_key_exists('ss_stop_spammers_control',$_POST)) $nonce=$_POST['ss_stop_spammers_control'];
13
  if (!empty($nonce) && wp_verify_nonce($nonce,'ss_stopspam_update')) {
settings/ss_cache.php CHANGED
@@ -87,7 +87,7 @@ Good Cache Size:
87
  <p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
88
  </form>
89
  <?php
90
- if (count($badips)==0&&count($goodips)==0) echo "Nothing in the cache";
91
  else {
92
  ?>
93
  <h2>Cached Values</h2>
87
  <p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
88
  </form>
89
  <?php
90
+ if (count($badips)==0&&count($goodips)==0) echo "Nothing in the cache.";
91
  else {
92
  ?>
93
  <h2>Cached Values</h2>
settings/ss_network.php CHANGED
@@ -33,7 +33,7 @@ $nonce=wp_create_nonce('ss_stopspam_update');
33
  <fieldset>
34
  <legend><span style="font-weight:bold;font-size:1.2em">Network Blog Option</span></legend>
35
  <p>Networked ON: <input name="muswitch" type="radio" value='Y' <?php if ($muswitch=='Y') echo "checked=\"true\""; ?> /><br />
36
- Networked OFF:<input name="muswitch" type="radio" value='N' <?php if ($muswitch!='Y') echo "checked=\"true\""; ?> /><br />
37
  If you are running WPMU and want to control options and history through the main login admin panel, select ON. If you select OFF, each blog will have to configure the plugin separately, and each blog will have a separte history.</p>
38
  <p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
39
  </fieldset>
33
  <fieldset>
34
  <legend><span style="font-weight:bold;font-size:1.2em">Network Blog Option</span></legend>
35
  <p>Networked ON: <input name="muswitch" type="radio" value='Y' <?php if ($muswitch=='Y') echo "checked=\"true\""; ?> /><br />
36
+ Networked OFF: <input name="muswitch" type="radio" value='N' <?php if ($muswitch!='Y') echo "checked=\"true\""; ?> /><br />
37
  If you are running WPMU and want to control options and history through the main login admin panel, select ON. If you select OFF, each blog will have to configure the plugin separately, and each blog will have a separte history.</p>
38
  <p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
39
  </fieldset>
settings/ss_option_maint.php CHANGED
@@ -7,7 +7,8 @@ die('Access Denied');
7
  ss_fix_post_vars();
8
  ?>
9
  <div id="ss-plugin" class="wrap">
10
- <h1>Stop Spammers — Maintenance</h1>
 
11
  <p>Plugins often don't clean up their mess when they are uninstalled. Some malicious themes and plugins use WordPress options to store some information.</p>
12
  <p>This function allows you inspect and delete orphan or suspicious options and to change plugin options so that they don&acute;t autoload. </p>
13
  <p>In WordPress, some options are loaded whenever WordPress loads a page. These are marked as autoload options. This is done to speed up WordPress and prevent the programs from hitting the database every time some plugin needs to look up an option. Automatic loading of options at startup makes WordPress fast, but it can also use up memory for options that will seldom or never be used.</p>
7
  ss_fix_post_vars();
8
  ?>
9
  <div id="ss-plugin" class="wrap">
10
+ <h1>Stop Spammers — DB Cleanup</h1>
11
+ <p class="notice notice-warning">This feature is to be considered experimental. Use with caution and at your own risk.</p>
12
  <p>Plugins often don't clean up their mess when they are uninstalled. Some malicious themes and plugins use WordPress options to store some information.</p>
13
  <p>This function allows you inspect and delete orphan or suspicious options and to change plugin options so that they don&acute;t autoload. </p>
14
  <p>In WordPress, some options are loaded whenever WordPress loads a page. These are marked as autoload options. This is done to speed up WordPress and prevent the programs from hitting the database every time some plugin needs to look up an option. Automatic loading of options at startup makes WordPress fast, but it can also use up memory for options that will seldom or never be used.</p>
settings/ss_summary.php CHANGED
@@ -4,8 +4,8 @@ if (!current_user_can('manage_options')) {
4
  die('Access Denied');
5
  }
6
  if ( class_exists( 'Jetpack' ) && Jetpack::is_module_active( 'protect' ) ) {
7
- echo "<div>JetPack Protect has been detected. Stop Spammers has disabled itself.<br />
8
- Please turn off JetPack Protect or uninstall Stop Spammers.</div>";
9
  return;
10
  }
11
  ss_fix_post_vars();
@@ -213,7 +213,7 @@ $stats[$v1]=0;
213
  }
214
  $addonstats=array();
215
  $stats['addonstats']=$addonstats;
216
- $msg='<span style="color:#4aa863">Summary Cleared</span>';
217
  ss_set_stats($stats);
218
  extract($stats); // extract again to get the new options
219
  }
@@ -228,7 +228,7 @@ $nonce=wp_create_nonce('ss_stopspam_update');
228
  ?>
229
  <div id="ss-plugin" class="wrap">
230
  <h1>Stop Spammers — Summary</h1>
231
- <p>Version <?php echo SS_VERSION;?></p>
232
  <?php
233
  if (!empty($msg)) echo "<h2>$msg</h2>";
234
  $current_user_name=wp_get_current_user()->user_login;
@@ -344,19 +344,25 @@ $sname=$_SERVER["SCRIPT_NAME"];
344
  }
345
  if (strpos($sname,'?')!==false) $sname=substr($sname,0,strpos($sname,'?'));
346
  ?>
347
- <h2>Support</h2>
348
- <p>Please post all issues, bugs, questions, suggestions, requests, and complaints <a href="https://github.com/bhadaway/stop-spammers/issues" target="_blank">on GitHub</a>. Thank you.</p>
349
  <h2>Plugin Options</h2>
350
- <ol>
351
  <li><a href="?page=stop_spammers">Summary</a>: This checks to see if there may be problems from your current incoming IP address and displays a summary of events.</li>
352
- <li><a href="?page=ss_allowrequests">Allow Requests</a>: Displays users who were denied and filled out the form requesting access to your site.</li>
353
- <li><a href="?page=ss_reports">Log Report</a>: Shows details of the most recent events detected by Stop Spammers.</li>
354
- <li><a href="?page=ss_cache">Cache</a>: Shows the cache of recently detected events.</li>
355
  <li><a href="?page=ss_options">Protection Options</a>: This has all the options for checking for spam and logins. You can also block whole countries.</li>
356
  <li><a href="?page=ss_allow_list">Allow Lists</a>: Here you can set up your Allow List to allow IP addresses to login and leave comments on your site, without being checked for spam. It also sets up the options which you can use to allow certain kinds of users into your site, even though they may trigger spam detection.</li>
357
  <li><a href="?page=ss_deny_list">Block Lists</a>: This is where you set up your Deny List for IPs and email. It also allows you to enter spam words and phrases that trigger spam.</li>
 
 
358
  <li><a href="?page=ss_webservices_settings">Web Services</a>: This is where you enter the API keys for StopForumSpam.com and other web checking services. You don't need to have these set for the plugin to work, but if you do, you will have better protection and the ability to report spam.</li>
359
- <li><a href="?page=ss_challenge">Challenge and Deny</a>: This sets up CAPTCHA and notification options. You can give users who trigger the plugin a second chance to use a CAPTCHA. Supports Google ReCaptcha and Solve Media CAPTCHA.</li>
 
360
  <li><a href="?page=ss_diagnostics">Diagnostics</a>: You can use this to test an IP, email or, comment against all of the options. This can tell you more about why an IP address might fail. It will also show you any options that might crash the plugin on your site due to system settings.</li>
361
- </ol>
 
 
 
 
 
 
362
  </div>
4
  die('Access Denied');
5
  }
6
  if ( class_exists( 'Jetpack' ) && Jetpack::is_module_active( 'protect' ) ) {
7
+ echo "<div>Jetpack Protect has been detected. Stop Spammers has disabled itself.<br />
8
+ Please turn off Jetpack Protect or uninstall Stop Spammers.</div>";
9
  return;
10
  }
11
  ss_fix_post_vars();
213
  }
214
  $addonstats=array();
215
  $stats['addonstats']=$addonstats;
216
+ $msg='<p class="notice notice-success">Summary Cleared</p>';
217
  ss_set_stats($stats);
218
  extract($stats); // extract again to get the new options
219
  }
228
  ?>
229
  <div id="ss-plugin" class="wrap">
230
  <h1>Stop Spammers — Summary</h1>
231
+ <p>Version <?php echo SS_VERSION; ?></p>
232
  <?php
233
  if (!empty($msg)) echo "<h2>$msg</h2>";
234
  $current_user_name=wp_get_current_user()->user_login;
344
  }
345
  if (strpos($sname,'?')!==false) $sname=substr($sname,0,strpos($sname,'?'));
346
  ?>
347
+ <h2>Support and Help Improve Stop Spammers</h2>
348
+ <p>Please post all issues, bugs, typos, questions, suggestions, requests, and complaints <a href="https://github.com/bhadaway/stop-spammers/issues" target="_blank">on GitHub</a>. Thank you.</p>
349
  <h2>Plugin Options</h2>
350
+ <ul>
351
  <li><a href="?page=stop_spammers">Summary</a>: This checks to see if there may be problems from your current incoming IP address and displays a summary of events.</li>
 
 
 
352
  <li><a href="?page=ss_options">Protection Options</a>: This has all the options for checking for spam and logins. You can also block whole countries.</li>
353
  <li><a href="?page=ss_allow_list">Allow Lists</a>: Here you can set up your Allow List to allow IP addresses to login and leave comments on your site, without being checked for spam. It also sets up the options which you can use to allow certain kinds of users into your site, even though they may trigger spam detection.</li>
354
  <li><a href="?page=ss_deny_list">Block Lists</a>: This is where you set up your Deny List for IPs and email. It also allows you to enter spam words and phrases that trigger spam.</li>
355
+ <li><a href="?page=ss_challenge">Challenge &amp; Deny</a>: This sets up CAPTCHA and notification options. You can give users who trigger the plugin a second chance to use a CAPTCHA. Supports Google ReCaptcha and Solve Media CAPTCHA.</li>
356
+ <li><a href="?page=ss_allowrequests">Allow Requests</a>: Displays users who were denied and filled out the form requesting access to your site.</li>
357
  <li><a href="?page=ss_webservices_settings">Web Services</a>: This is where you enter the API keys for StopForumSpam.com and other web checking services. You don't need to have these set for the plugin to work, but if you do, you will have better protection and the ability to report spam.</li>
358
+ <li><a href="?page=ss_cache">Cache</a>: Shows the cache of recently detected events.</li>
359
+ <li><a href="?page=ss_reports">Log Report</a>: Shows details of the most recent events detected by Stop Spammers.</li>
360
  <li><a href="?page=ss_diagnostics">Diagnostics</a>: You can use this to test an IP, email or, comment against all of the options. This can tell you more about why an IP address might fail. It will also show you any options that might crash the plugin on your site due to system settings.</li>
361
+ </ul>
362
+ <h2>Beta Options</h2>
363
+ <p class="notice notice-warning">These features are to be considered experimental. Use with caution and at your own risk.</p>
364
+ <ul>
365
+ <li><a href="?page=ss_option_maint">DB Cleanup</a>: Delete leftover options from deleted plugins or anything that appears suspicious.</li>
366
+ <li><a href="?page=ss_threat_scan">Threat Scan</a>: A simple scan to find possibly malicious code.</li>
367
+ </ul>
368
  </div>
settings/ss_threat_scan.php CHANGED
@@ -19,6 +19,7 @@ $nonce=wp_create_nonce('ss_stopspam_update');
19
  ?>
20
  <div id="ss-plugin" class="wrap">
21
  <h1>Stop Spammers — Threat Scan</h1>
 
22
  <p>This is a very simple threat scan that looks for things out of place in the content directory as well as the database.</p>
23
  <p>The process searches PHP files for the occurrence of the eval() function, which, although a valuable part of PHP is also the door that hackers use in order to infect systems. The eval() function is avoided by many programmers unless there is a real need. It is often used by hackers to hide their malicious code or to inject future threats into infected systems. If you find a theme or a plugin that uses the eval() function it is safer to delete it and ask the author to provide a new version that does not use this function.</p>
24
  <p>The scan can take a few seconds and on larger or slower systems can time-out.</p>
19
  ?>
20
  <div id="ss-plugin" class="wrap">
21
  <h1>Stop Spammers — Threat Scan</h1>
22
+ <p class="notice notice-warning">This feature is to be considered experimental. Use with caution and at your own risk.</p>
23
  <p>This is a very simple threat scan that looks for things out of place in the content directory as well as the database.</p>
24
  <p>The process searches PHP files for the occurrence of the eval() function, which, although a valuable part of PHP is also the door that hackers use in order to infect systems. The eval() function is avoided by many programmers unless there is a real need. It is often used by hackers to hide their malicious code or to inject future threats into infected systems. If you find a theme or a plugin that uses the eval() function it is safer to delete it and ask the author to provide a new version that does not use this function.</p>
25
  <p>The scan can take a few seconds and on larger or slower systems can time-out.</p>
settings/ss_webservices_settings.php CHANGED
@@ -126,7 +126,7 @@ incidents.</td>
126
  <br />
127
  <fieldset>
128
  <legend><span style="font-weight:bold;font-size:1.2em">Check Against DNSBL Lists Such as Spamhaus.org</span></legend>
129
- <input name="chkdnsbl" type="checkbox" value="Y" <?php if ($chkdnsbl=='Y') echo "checked=\"checked\""; ?> /> Checks the IP on Spamhaus.org. This is primarily used for email spam, but the same bots sending out email spam are probably running comment spam and other exploits.
130
  </fieldset>
131
  <br />
132
  <fieldset>
126
  <br />
127
  <fieldset>
128
  <legend><span style="font-weight:bold;font-size:1.2em">Check Against DNSBL Lists Such as Spamhaus.org</span></legend>
129
+ <input name="chkdnsbl" type="checkbox" value="Y" <?php if ($chkdnsbl=='Y') echo "checked=\"checked\""; ?> /> Checks the IP on Spamhaus.org. This is primarily used for email spam, but the same bots sending out email spam are probably running comment spam and other exploits.
130
  </fieldset>
131
  <br />
132
  <fieldset>
stop-spammer-registrations-new.php CHANGED
@@ -3,12 +3,13 @@
3
  Plugin Name: Stop Spammers Spam Control
4
  Plugin URI: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
5
  Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
6
- Author: Keith P. Graham
7
- Version: 7.0.1
 
8
  License: https://www.gnu.org/licenses/gpl.html
9
  */
10
  // networking requires a couple of globals
11
- define('SS_VERSION', '7.0.1');
12
  define('SS_PLUGIN_URL', plugin_dir_url( __FILE__ ));
13
  define('SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ));
14
  define('SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ).'data/');
@@ -500,7 +501,7 @@ return $config;
500
  function ss_caught_action($ip='',$post=array()) {
501
  // this is hit on spam detect for addons - added this for a template for testing - not needed
502
  // $post has all the standardized post variables plus reason and the chk that found the problem
503
- // good addon would be a plugin to manage an SQL table where this stuff is stored
504
  }
505
  function ss_stop_spam_OK($ip='',$post=array()) {
506
  // dummy function for testing
@@ -567,7 +568,7 @@ remove_filter( 'pre_user_login', ss_user_reg_filter, 1);
567
  sfs_errorsonoff('off');
568
  return $user_login;
569
  }
570
- // if the suspect is already in the bad cache he does not get a second chance?
571
  // prevents looping
572
  $reason=be_load('chkbcache',ss_get_ip(),$stats,$options,$post);
573
  sfs_errorsonoff();
3
  Plugin Name: Stop Spammers Spam Control
4
  Plugin URI: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
5
  Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
6
+ Author: Bryan Hadaway
7
+ Author URI: https://calmestghost.com/
8
+ Version: 7.0.2
9
  License: https://www.gnu.org/licenses/gpl.html
10
  */
11
  // networking requires a couple of globals
12
+ define('SS_VERSION', '7.0.2');
13
  define('SS_PLUGIN_URL', plugin_dir_url( __FILE__ ));
14
  define('SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ));
15
  define('SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ).'data/');
501
  function ss_caught_action($ip='',$post=array()) {
502
  // this is hit on spam detect for addons - added this for a template for testing - not needed
503
  // $post has all the standardized post variables plus reason and the chk that found the problem
504
+ // good add-on would be a plugin to manage an SQL table where this stuff is stored
505
  }
506
  function ss_stop_spam_OK($ip='',$post=array()) {
507
  // dummy function for testing
568
  sfs_errorsonoff('off');
569
  return $user_login;
570
  }
571
+ // if the suspect is already in the Bad Cache he does not get a second chance?
572
  // prevents looping
573
  $reason=be_load('chkbcache',ss_get_ip(),$stats,$options,$post);
574
  sfs_errorsonoff();