Stop Spammers - Version 7.1

Version Description

  • fixed IP blacklisting (thanks https://github.com/peterjanes)
  • added SFS reporting from the log page (thanks https://github.com/peterjanes)
  • cleaned up a few typos
  • removed automatic migration of settings from old versions prior to 7.0 (if upgrading from 6.x, start with 7.0.9 then upgrade to the very latest version)
  • removed whitespace from textareas
Download this release

Release Info

Developer bhadaway
Plugin Icon 128x128 Stop Spammers
Version 7.1
Comparing to
See all releases

Code changes from version 7.0.9 to 7.1

Files changed (17) hide show
  1. classes/ss_challenge.php +1 -2
  2. classes/ss_get_options.php +1 -1
  3. includes/ss-admin-options.php +16 -6
  4. js/sfs_handle_ajax.js +8 -5
  5. readme.txt +11 -4
  6. settings/ss_allowlist_settings.php +10 -11
  7. settings/ss_allowreq.php +65 -60
  8. settings/ss_cache.php +245 -229
  9. settings/ss_challenge.php +10 -15
  10. settings/ss_denylist_settings.php +9 -13
  11. settings/ss_option_maint.php +4 -3
  12. settings/ss_options.php +24 -27
  13. settings/ss_reports.php +14 -3
  14. settings/ss_summary.php +4 -4
  15. settings/ss_threat_scan.php +2 -2
  16. settings/ss_webservices_settings.php +3 -3
  17. stop-spammer-registrations-new.php +2 -16
classes/ss_challenge.php CHANGED
@@ -381,10 +381,9 @@ User Message: " . $km . "
381
 
382
  Please be aware that the user has been recognized as a potential spammer.
383
 
384
- Some spam robots fill out the request form with a fake explanation.
385
 
386
  — Stop Spammers";
387
- $message = wordwrap( $message, 70, "\r\n" );
388
  $headers = 'From: ' . get_option( 'admin_email' ) . "\r\n";
389
  wp_mail( $to, $subject, $message, $headers );
390
  $rejectmessage = "<h2>Email sent. Thank you.</h2>";
381
 
382
  Please be aware that the user has been recognized as a potential spammer.
383
 
384
+ Some spam bots fill out the request form with a fake explanation.
385
 
386
  — Stop Spammers";
 
387
  $headers = 'From: ' . get_option( 'admin_email' ) . "\r\n";
388
  wp_mail( $to, $subject, $message, $headers );
389
  $rejectmessage = "<h2>Email sent. Thank you.</h2>";
classes/ss_get_options.php CHANGED
@@ -575,7 +575,7 @@ class ss_get_options {
575
  'chkVN' => 'N',
576
  'chkYE' => 'N'
577
  );
578
- $ansa = array_merge( $defaultWL, $defaultsCTRL, $defaultBL, $defaultARRAY, $defaultSVC, $defaultCOUNTRY, $defaults );
579
  // to keep from getting option creep we then set the options from opts back into the ansa
580
  // had to do this to get rid of obsolete or mistaken options
581
  if ( empty( $options ) || ! is_array( $options ) ) {
575
  'chkVN' => 'N',
576
  'chkYE' => 'N'
577
  );
578
+ $ansa = array_merge( $defaultWL, $defaultsCTRL, $defaultBL, $defaultARRAY, $defaultSVC, $defaultCOUNTRY, $defaults );
579
  // to keep from getting option creep we then set the options from opts back into the ansa
580
  // had to do this to get rid of obsolete or mistaken options
581
  if ( empty( $options ) || ! is_array( $options ) ) {
includes/ss-admin-options.php CHANGED
@@ -183,7 +183,7 @@ function sfs_handle_ajax_sub( $data ) {
183
  echo " No Comment ID Found";
184
  exit();
185
  }
186
- // need to pass the blog id also
187
  $blog = '';
188
  $blog = $_GET['blog_id'];
189
  if ( $blog != '' ) {
@@ -193,9 +193,19 @@ function sfs_handle_ajax_sub( $data ) {
193
  }
194
  // get the comment
195
  $comment = get_comment( $comment_id, ARRAY_A );
196
- if ( empty( $comment ) ) {
197
- echo " No Comment Found for $comment_id";
198
- exit();
 
 
 
 
 
 
 
 
 
 
199
  }
200
  // print_r($comment);
201
  $email = urlencode( $comment['comment_author_email'] );
@@ -247,7 +257,7 @@ function sfs_handle_ajax_sub( $data ) {
247
  } else if ( stripos( $ret, 'recent duplicate entry' ) !== false ) {
248
  echo ' Recent Duplicate Entry ';
249
  } else {
250
- echo ' Returning from AJAX';
251
  }
252
  exit();
253
  }
@@ -467,4 +477,4 @@ function ss_sfs_ip_column( $value, $column_name, $user_id ) {
467
  return $value;
468
  }
469
 
470
- ?>
183
  echo " No Comment ID Found";
184
  exit();
185
  }
186
+ // need to pass the blog ID also
187
  $blog = '';
188
  $blog = $_GET['blog_id'];
189
  if ( $blog != '' ) {
193
  }
194
  // get the comment
195
  $comment = get_comment( $comment_id, ARRAY_A );
196
+ if ( $comment_id == 'registration' ) {
197
+ $comment = array(
198
+ 'comment_author_email' => $_GET['email'],
199
+ 'comment_author' => $_GET['user'],
200
+ 'comment_author_IP' => $_GET['ip'],
201
+ 'comment_content' => 'registration',
202
+ 'comment_author_url' => ''
203
+ );
204
+ } else {
205
+ if ( empty( $comment ) ) {
206
+ echo " No Comment Found for $comment_id";
207
+ exit();
208
+ }
209
  }
210
  // print_r($comment);
211
  $email = urlencode( $comment['comment_author_email'] );
257
  } else if ( stripos( $ret, 'recent duplicate entry' ) !== false ) {
258
  echo ' Recent Duplicate Entry ';
259
  } else {
260
+ echo ' Returning from AJAX: ' . $hget . ' - ' . $ret;
261
  }
262
  exit();
263
  }
477
  return $value;
478
  }
479
 
480
+ ?>
js/sfs_handle_ajax.js CHANGED
@@ -8,7 +8,7 @@ function sfs_ajax_process(sip, contx, sfunc, url) {
8
  cont: contx,
9
  func: sfunc,
10
  ajax_url: url
11
- }
12
  jQuery.get(ajaxurl, data, sfs_ajax_return_process);
13
  }
14
 
@@ -32,14 +32,17 @@ function sfs_ajax_return_process(response) {
32
  return false;
33
  }
34
 
35
- function sfs_ajax_report_spam(t, id, blog, url) {
36
  sfs_ajax_who = t;
37
  var data = {
38
  action: 'sfs_sub',
39
  blog_id: blog,
40
  comment_id: id,
41
- ajax_url: url
42
- }
 
 
 
43
  jQuery.get(ajaxurl, data, sfs_ajax_return_spam);
44
  }
45
 
@@ -61,4 +64,4 @@ function sfs_ajax_return_spam(response) {
61
  sfs_ajax_who.style.fontWeight = "bolder";
62
  alert(response);
63
  return false;
64
- }
8
  cont: contx,
9
  func: sfunc,
10
  ajax_url: url
11
+ };
12
  jQuery.get(ajaxurl, data, sfs_ajax_return_process);
13
  }
14
 
32
  return false;
33
  }
34
 
35
+ function sfs_ajax_report_spam(t, id, blog, url, email, ip, user) {
36
  sfs_ajax_who = t;
37
  var data = {
38
  action: 'sfs_sub',
39
  blog_id: blog,
40
  comment_id: id,
41
+ ajax_url: url,
42
+ email: email,
43
+ ip: ip,
44
+ user: user
45
+ };
46
  jQuery.get(ajaxurl, data, sfs_ajax_return_spam);
47
  }
48
 
64
  sfs_ajax_who.style.fontWeight = "bolder";
65
  alert(response);
66
  return false;
67
+ }
readme.txt CHANGED
@@ -38,6 +38,13 @@ OR
38
 
39
  == Changelog ==
40
 
 
 
 
 
 
 
 
41
  = 7.0.9 =
42
  * encrypted all external links
43
 
@@ -45,13 +52,13 @@ OR
45
  * formatted code according to WP PHP coding standards (https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/) — it's no where near perfect, but it's a step in the right direction
46
 
47
  = 7.0.7 =
48
- * less memory used for wp-login.php checks (thanks https://github.com/stodorovic)
49
  * fixed MySQL errors for threat scan (thanks https://github.com/stodorovic)
 
50
 
51
  = 7.0.6 =
52
  * fixed issue with menu icon
53
- * removed debug submission form (not needed)
54
  * added link to new FAQs (https://github.com/bhadaway/stop-spammers/wiki/faqs)
 
55
 
56
  = 7.0.5 =
57
  * fixed SFS reporting
@@ -60,9 +67,9 @@ OR
60
  * fixed login issue
61
 
62
  = 7.0.3 =
 
63
  * continued general cleanup
64
  * continued design improvements
65
- * fixed SFS report messages
66
  * removed email notifications for admin logins
67
 
68
  = 7.0.2 =
@@ -79,7 +86,7 @@ OR
79
  * better menu icon
80
 
81
  = 7.0 =
 
82
  * general cleanup
83
  * design improvements
84
- * fixed XSS error
85
  * transferred control to new developer
38
 
39
  == Changelog ==
40
 
41
+ = 7.1 =
42
+ * fixed IP blacklisting (thanks https://github.com/peterjanes)
43
+ * added SFS reporting from the log page (thanks https://github.com/peterjanes)
44
+ * cleaned up a few typos
45
+ * removed automatic migration of settings from old versions prior to 7.0 (if upgrading from 6.x, start with 7.0.9 — then upgrade to the very latest version)
46
+ * removed whitespace from textareas
47
+
48
  = 7.0.9 =
49
  * encrypted all external links
50
 
52
  * formatted code according to WP PHP coding standards (https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/) — it's no where near perfect, but it's a step in the right direction
53
 
54
  = 7.0.7 =
 
55
  * fixed MySQL errors for threat scan (thanks https://github.com/stodorovic)
56
+ * less memory used for wp-login.php checks (thanks https://github.com/stodorovic)
57
 
58
  = 7.0.6 =
59
  * fixed issue with menu icon
 
60
  * added link to new FAQs (https://github.com/bhadaway/stop-spammers/wiki/faqs)
61
+ * removed debug submission form (not needed)
62
 
63
  = 7.0.5 =
64
  * fixed SFS reporting
67
  * fixed login issue
68
 
69
  = 7.0.3 =
70
+ * fixed SFS report messages
71
  * continued general cleanup
72
  * continued design improvements
 
73
  * removed email notifications for admin logins
74
 
75
  = 7.0.2 =
86
  * better menu icon
87
 
88
  = 7.0 =
89
+ * fixed XSS error
90
  * general cleanup
91
  * design improvements
 
92
  * transferred control to new developer
settings/ss_allowlist_settings.php CHANGED
@@ -69,9 +69,9 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
69
  <legend><span style="font-weight:bold;font-size:1.2em">Allow List</span></legend>
70
  <p>Put IP addresses or emails here that you don't want blocked.
71
  One email or IP to a line. You can use wild cards here for emails.</p>
72
- <p>You may put user ids here, but this is dangerous because spammers can easily find a user's id from
73
  previous comments, and add comments using it.
74
- I don't recommend using this. Normally user id checking is turned off so you must check this box to use
75
  it.
76
  <input name="chkwluserid" type="checkbox" value="Y" <?php if ( $chkwluserid == 'Y' ) {
77
  echo "checked=\"checked\"";
@@ -81,13 +81,12 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
81
  for ( $k = 0; $k < count( $wlist ); $k ++ ) {
82
  echo $wlist[ $k ] . "\r\n";
83
  }
84
- ?>
85
- </textarea>
86
  </fieldset>
87
  <br />
88
  <h2>Allow Options</h2>
89
  <p>These options will be checked first and will allow some users to continue without being checked further.<br />
90
- You can prevent Google, PayPal and other services from ever being blocked.</p>
91
  <fieldset>
92
  <legend><span style="font-weight:bold;font-size:1.2em">Google</span></legend>
93
  <p><input name="chkgoogle" type="checkbox" value="Y" <?php if ( $chkgoogle == 'Y' ) {
@@ -102,11 +101,11 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
102
  <p><input name="chkgenallowlist" type="checkbox" value="Y" <?php if ( $chkgenallowlist == 'Y' ) {
103
  echo "checked=\"checked\"";
104
  } ?> />
105
- I generate an Allow List of well-behaved and responsible IP blocks in North America, Western Europe, and
106
  Australia.
107
  These are a major source of spam, but also a major source of paying customers.
108
  Checking this will let in some spam, but will not block residential ISP customers from
109
- industrialized countries. I don't use this feature.</p>
110
  </fieldset>
111
  <br />
112
  <fieldset>
@@ -114,10 +113,10 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
114
  <p><input name="chkmiscallowlist" type="checkbox" value="Y" <?php if ( $chkmiscallowlist == 'Y' ) {
115
  echo "checked=\"checked\"";
116
  } ?> />
117
- I am trying to get a list of small web services providers that can be accidentally blocked as bad
118
- actors.
119
- This includes RssGrafitti and VaultPress for now. If you need to white-list another service please let
120
- me know.</p>
121
  </fieldset>
122
  <br />
123
  <fieldset>
69
  <legend><span style="font-weight:bold;font-size:1.2em">Allow List</span></legend>
70
  <p>Put IP addresses or emails here that you don't want blocked.
71
  One email or IP to a line. You can use wild cards here for emails.</p>
72
+ <p>You may put user IDs here, but this is dangerous because spammers can easily find a user's ID from
73
  previous comments, and add comments using it.
74
+ I don't recommend using this. Normally user ID checking is turned off so you must check this box to use
75
  it.
76
  <input name="chkwluserid" type="checkbox" value="Y" <?php if ( $chkwluserid == 'Y' ) {
77
  echo "checked=\"checked\"";
81
  for ( $k = 0; $k < count( $wlist ); $k ++ ) {
82
  echo $wlist[ $k ] . "\r\n";
83
  }
84
+ ?></textarea>
 
85
  </fieldset>
86
  <br />
87
  <h2>Allow Options</h2>
88
  <p>These options will be checked first and will allow some users to continue without being checked further.<br />
89
+ You can prevent Google, PayPal, and other services from ever being blocked.</p>
90
  <fieldset>
91
  <legend><span style="font-weight:bold;font-size:1.2em">Google</span></legend>
92
  <p><input name="chkgoogle" type="checkbox" value="Y" <?php if ( $chkgoogle == 'Y' ) {
101
  <p><input name="chkgenallowlist" type="checkbox" value="Y" <?php if ( $chkgenallowlist == 'Y' ) {
102
  echo "checked=\"checked\"";
103
  } ?> />
104
+ An Allow List of well-behaved and responsible IP blocks in North America, Western Europe, and
105
  Australia.
106
  These are a major source of spam, but also a major source of paying customers.
107
  Checking this will let in some spam, but will not block residential ISP customers from
108
+ industrialized countries.</p>
109
  </fieldset>
110
  <br />
111
  <fieldset>
113
  <p><input name="chkmiscallowlist" type="checkbox" value="Y" <?php if ( $chkmiscallowlist == 'Y' ) {
114
  echo "checked=\"checked\"";
115
  } ?> />
116
+ A list of small web service providers that can be accidentally blocked as bad actors.
117
+ Currently on the list: VaultPress.
118
+ Request other services be added to this whitelist
119
+ <a href="https://github.com/bhadaway/stop-spammers/issues" target="_blank">on GitHub</a>.</p>
120
  </fieldset>
121
  <br />
122
  <fieldset>
settings/ss_allowreq.php CHANGED
@@ -1,85 +1,90 @@
1
  <?php
2
- if ( !defined( 'ABSPATH' ) ) {
3
- exit;
4
  } // just in case
5
- if ( !current_user_can( 'manage_options' ) ) {
6
- die( 'Access Denied' );
7
  }
8
 
9
  ss_fix_post_vars();
10
  $stats = ss_get_stats();
11
  extract( $stats );
12
- $now = date( 'Y/m/d H:i:s', time() + ( get_option( 'gmt_offset' ) * 3600 ) );
13
  $options = ss_get_options();
14
  extract( $options );
15
  $stats = ss_get_stats();
16
  extract( $stats );
17
- $trash = SS_PLUGIN_URL . 'images/trash.png';
18
- $tdown = SS_PLUGIN_URL . 'images/tdown.png';
19
- $tup = SS_PLUGIN_URL . 'images/tup.png'; // fix this
20
- $whois = SS_PLUGIN_URL . 'images/whois.png'; // fix this
21
- $nonce = "";
22
  $ajaxurl = admin_url( 'admin-ajax.php' );
23
 
24
  // update options
25
  if ( array_key_exists( 'ss_stop_spammers_control', $_POST ) ) {
26
- $nonce = $_POST['ss_stop_spammers_control'];
27
  }
28
 
29
- if ( !empty( $nonce ) && wp_verify_nonce( $nonce, 'ss_stopspam_update' ) ) {
30
- if ( array_key_exists( 'ss_stop_clear_wlreq', $_POST ) ) {
31
- $wlrequests = array();
32
- $stats['wlrequests'] = $wlrequests;
33
- ss_set_stats( $stats );
34
- }
35
 
36
- $msg = '<div class="notice notice-success"><p>Requests Cleared</p></div>';
37
  }
38
 
39
  $nonce = wp_create_nonce( 'ss_stopspam_update' );
40
  ?>
41
  <div id="ss-plugin" class="wrap">
42
- <h1>Stop Spammers — Allow Requests</h1>
43
- <?php
44
- if ( !empty( $msg ) ) {
45
- echo "$msg";
46
- } ?>
47
- <p>When users are blocked they can fill out a form asking to be added to the allow list. Any users that have filled out the form will appear below. Some spam robots fill in any form that they find so their may be some garbage here.</p>
48
- <?php
49
- if ( count( $wlrequests ) == 0 ) {
50
- echo "<p>No requests.</p>";
51
- }
52
- else {
53
- ?>
54
- <h2>Allow List Requests</h2>
55
- <form method="post" action="">
56
- <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>" />
57
- <input type="hidden" name="ss_stop_clear_wlreq" value="true" />
58
- <p class="submit"><input class="button-primary" value="Clear the Requests" type="submit" /></p>
59
- </form>
60
- <?php
61
- ?>
62
- <table width="100%" style="background-color:#eee" cellspacing="2">
63
- <thead>
64
- <tr style="background-color:ivory;text-align:center"><th>Time</th><th>IP</th><th>Email</th><th>Reason</th><th>URL</th></tr>
65
- </thead>
66
- <tbody id="wlreq">
67
- <?php
68
- $show = '';
69
- $cont = 'wlreqs';
 
 
 
 
 
70
 
71
- // wlrequs has an array of arrays
72
- // time,ip,email,author,reason,info,sname
73
- // time,ip,email,author,reason,info,sname
74
- // use the be_load to get badips
75
- $options = ss_get_options();
76
- $stats = ss_get_stats();
77
- $show = be_load( 'ss_get_alreq', 'x', $stats, $options );
78
- echo $show;
79
- ?>
80
- </tbody>
81
- </table>
82
- <?php
83
- }
84
 
85
- ?>
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
  } // just in case
5
+ if ( ! current_user_can( 'manage_options' ) ) {
6
+ die( 'Access Denied' );
7
  }
8
 
9
  ss_fix_post_vars();
10
  $stats = ss_get_stats();
11
  extract( $stats );
12
+ $now = date( 'Y/m/d H:i:s', time() + ( get_option( 'gmt_offset' ) * 3600 ) );
13
  $options = ss_get_options();
14
  extract( $options );
15
  $stats = ss_get_stats();
16
  extract( $stats );
17
+ $trash = SS_PLUGIN_URL . 'images/trash.png';
18
+ $tdown = SS_PLUGIN_URL . 'images/tdown.png';
19
+ $tup = SS_PLUGIN_URL . 'images/tup.png'; // fix this
20
+ $whois = SS_PLUGIN_URL . 'images/whois.png'; // fix this
21
+ $nonce = "";
22
  $ajaxurl = admin_url( 'admin-ajax.php' );
23
 
24
  // update options
25
  if ( array_key_exists( 'ss_stop_spammers_control', $_POST ) ) {
26
+ $nonce = $_POST['ss_stop_spammers_control'];
27
  }
28
 
29
+ if ( ! empty( $nonce ) && wp_verify_nonce( $nonce, 'ss_stopspam_update' ) ) {
30
+ if ( array_key_exists( 'ss_stop_clear_wlreq', $_POST ) ) {
31
+ $wlrequests = array();
32
+ $stats['wlrequests'] = $wlrequests;
33
+ ss_set_stats( $stats );
34
+ }
35
 
36
+ $msg = '<div class="notice notice-success"><p>Requests Cleared</p></div>';
37
  }
38
 
39
  $nonce = wp_create_nonce( 'ss_stopspam_update' );
40
  ?>
41
  <div id="ss-plugin" class="wrap">
42
+ <h1>Stop Spammers — Allow Requests</h1>
43
+ <?php
44
+ if ( ! empty( $msg ) ) {
45
+ echo "$msg";
46
+ } ?>
47
+ <p>When users are blocked they can fill out a form asking to be added to the allow list. Any users that have filled out the form will appear below. Some spam robots fill in any form that they find so their may be some garbage here.</p>
48
+ <?php
49
+ if ( count( $wlrequests ) == 0 ) {
50
+ echo "<p>No requests.</p>";
51
+ } else {
52
+ ?>
53
+ <h2>Allow List Requests</h2>
54
+ <form method="post" action="">
55
+ <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>"/>
56
+ <input type="hidden" name="ss_stop_clear_wlreq" value="true"/>
57
+ <p class="submit"><input class="button-primary" value="Clear the Requests" type="submit"/></p>
58
+ </form>
59
+ <?php
60
+ ?>
61
+ <table width="100%" style="background-color:#eee" cellspacing="2">
62
+ <thead>
63
+ <tr style="background-color:ivory;text-align:center">
64
+ <th>Time</th>
65
+ <th>IP</th>
66
+ <th>Email</th>
67
+ <th>Reason</th>
68
+ <th>URL</th>
69
+ </tr>
70
+ </thead>
71
+ <tbody id="wlreq">
72
+ <?php
73
+ $show = '';
74
+ $cont = 'wlreqs';
75
 
76
+ // wlrequs has an array of arrays
77
+ // time,ip,email,author,reason,info,sname
78
+ // time,ip,email,author,reason,info,sname
79
+ // use the be_load to get badips
80
+ $options = ss_get_options();
81
+ $stats = ss_get_stats();
82
+ $show = be_load( 'ss_get_alreq', 'x', $stats, $options );
83
+ echo $show;
84
+ ?>
85
+ </tbody>
86
+ </table>
87
+ <?php
88
+ }
89
 
90
+ ?>
settings/ss_cache.php CHANGED
@@ -1,265 +1,281 @@
1
  <?php
2
- if ( !defined( 'ABSPATH' ) ) {
3
- exit;
4
  } // just in case
5
- if ( !current_user_can( 'manage_options' ) ) {
6
- die( 'Access Denied' );
7
  }
8
 
9
  ss_fix_post_vars();
10
  $stats = ss_get_stats();
11
  extract( $stats );
12
- $now = date( 'Y/m/d H:i:s', time() + ( get_option( 'gmt_offset' ) * 3600 ) );
13
  $options = ss_get_options();
14
  extract( $options );
15
- $trash = SS_PLUGIN_URL . 'images/trash.png';
16
- $tdown = SS_PLUGIN_URL . 'images/tdown.png';
17
- $tup = SS_PLUGIN_URL . 'images/tup.png'; // fix this
18
- $whois = SS_PLUGIN_URL . 'images/whois.png'; // fix this
19
- $nonce = "";
20
  $ajaxurl = admin_url( 'admin-ajax.php' );
21
 
22
  // update options
23
  if ( array_key_exists( 'ss_stop_spammers_control', $_POST ) ) {
24
- $nonce = $_POST['ss_stop_spammers_control'];
25
  }
26
 
27
- if ( !empty( $nonce ) && wp_verify_nonce( $nonce, 'ss_stopspam_update' ) ) {
28
- if ( array_key_exists( 'update_options', $_POST ) ) {
29
- if ( array_key_exists( 'ss_sp_cache', $_POST ) ) {
30
- $ss_sp_cache = stripslashes( $_POST['ss_sp_cache'] );
31
- $options['ss_sp_cache'] = $ss_sp_cache;
32
- }
33
 
34
- if ( array_key_exists( 'ss_sp_good', $_POST ) ) {
35
- $ss_sp_good = stripslashes( $_POST['ss_sp_good'] );
36
- $options['ss_sp_good'] = $ss_sp_good;
37
- }
38
 
39
- ss_set_options( $options );
40
- }
41
  }
42
 
43
  // clear the cache
44
  if ( array_key_exists( 'ss_stop_spammers_control', $_POST ) ) {
45
- $nonce = $_POST['ss_stop_spammers_control'];
46
  }
47
 
48
  if ( wp_verify_nonce( $nonce, 'ss_stopspam_update' ) ) {
49
- if ( array_key_exists( 'ss_stop_clear_cache', $_POST ) ) {
50
 
51
- // clear the cache
52
- $badips = array();
53
- $goodips = array();
54
- $stats['badips'] = $badips;
55
- $stats['goodips'] = $goodips;
56
- ss_set_stats( $stats );
57
- echo "<div class='notice notice-success'><p>Cache Cleared</p></div>";
58
- }
59
 
60
- $msg = '<div class="notice notice-success"><p>Options Updated</p></div>';
61
  }
62
 
63
  $nonce = wp_create_nonce( 'ss_stopspam_update' );
64
  ?>
65
  <div id="ss-plugin" class="wrap">
66
- <h1>Stop Spammers — Cache</h1>
67
- <?php
68
- if ( !empty( $msg ) ) {
69
- echo "$msg";
70
- } ?>
71
- <p>Whenever a user tries to leave a comment, register, or login, they are recorded in the Good Cache if they pass or the Bad Cache if they fail. If a user is blocked from access, they are added to the Bad Cache. You can see the caches here. The caches clear themselves over time, but if you are getting lots of spam it is a good idea to clear these out manually by pressing the "Clear Cache" button.</p>
72
- <form method="post" action="">
73
- <input type="hidden" name="update_options" value="update" />
74
- <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>" />
75
- <fieldset>
76
- <legend><span style="font-weight:bold;font-size:1.2em">Bad Cache Size</span></legend>
77
- <p>You can change the number of entries to keep in your history and cache. The size of these items is an issue and will cause problems with some WordPress installations. It is best to keep these small.</p>
78
- Bad IP Cache Size: <select name="ss_sp_cache">
79
- <option value="0" <?php
80
- if ($ss_sp_cache == '0') {
81
- echo "selected=\"true\"";
82
- } ?>>0</option>
83
- <option value="10" <?php
84
- if ($ss_sp_cache == '10') {
85
- echo "selected=\"true\"";
86
- } ?>>10</option>
87
- <option value="25" <?php
88
- if ($ss_sp_cache == '25') {
89
- echo "selected=\"true\"";
90
- } ?>>25</option>
91
- <option value="50" <?php
92
- if ($ss_sp_cache == '50') {
93
- echo "selected=\"true\"";
94
- } ?>>50</option>
95
- <option value="75" <?php
96
- if ($ss_sp_cache == '75') {
97
- echo "selected=\"true\"";
98
- } ?>>75</option>
99
- <option value="100" <?php
100
- if ($ss_sp_cache == '100') {
101
- echo "selected=\"true\"";
102
- } ?>>100</option>
103
- <option value="200" <?php
104
- if ($ss_sp_cache == '200') {
105
- echo "selected=\"true\"";
106
- } ?>>200</option>
107
- </select>
108
- <p>Select the number of items to save in the bad IP cache. Avoid making this too big as it can cause the plugin to run out of memory.</p>
109
- </fieldset>
110
- <br />
111
- <fieldset>
112
- <legend><span style="font-weight:bold;font-size:1.2em">Good Cache Size</span></legend>
113
- <p>The good cache should be set to just a few entries. The first time a spammer hits your site he may not be well-known and once he gets in the Good Cache he can hit your site without being checked again. Increasing the size of the cache means a spammer has more opportunities to hit your site without a new check.</p>
114
- Good Cache Size:
115
- <select name="ss_sp_good">
116
- <option value="1" <?php
117
- if ($ss_sp_good == '1') {
118
- echo "selected=\"true\"";
119
- } ?>>1</option>
120
- <option value="2" <?php
121
- if ($ss_sp_good == '2') {
122
- echo "selected=\"true\"";
123
- } ?>>2</option>
124
- <option value="3" <?php
125
- if ($ss_sp_good == '3') {
126
- echo "selected=\"true\"";
127
- } ?>>3</option>
128
- <option value="4" <?php
129
- if ($ss_sp_good == '4') {
130
- echo "selected=\"true\"";
131
- } ?>>4</option>
132
- <option value="10" <?php
133
- if ($ss_sp_good == '10') {
134
- echo "selected=\"true\"";
135
- } ?>>10</option>
136
- <option value="25" <?php
137
- if ($ss_sp_good == '25') {
138
- echo "selected=\"true\"";
139
- } ?>>25</option>
140
- <option value="50" <?php
141
- if ($ss_sp_good == '50') {
142
- echo "selected=\"true\"";
143
- } ?>>50</option>
144
- <option value="75" <?php
145
- if ($ss_sp_good == '75') {
146
- echo "selected=\"true\"";
147
- } ?>>75</option>
148
- <option value="100" <?php
149
- if ($ss_sp_good == '100') {
150
- echo "selected=\"true\"";
151
- } ?>>100</option>
152
- <option value="200" <?php
153
- if ($ss_sp_good == '200') {
154
- echo "selected=\"true\"";
155
- } ?>>200</option>
156
- </select>
157
- </fieldset>
158
- <br />
159
- <p class="submit"><input class="button-primary" value="Save Changes" type="submit" /></p>
160
- </form>
161
- <?php
162
- if ( count( $badips ) == 0 && count( $goodips ) == 0 ) {
163
- echo "Nothing in the cache.";
164
- }
165
- else {
166
- ?>
167
- <h2>Cached Values</h2>
168
- <form method="post" action="">
169
- <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>" />
170
- <input type="hidden" name="ss_stop_clear_cache" value="true" />
171
- <p class="submit"><input class="button-primary" value="Clear the Cache" type="submit" /></p>
172
- </form>
173
- <table>
174
- <tr>
175
- <?php
176
- if ( count( $badips ) > 0 ) {
177
- arsort( $badips );
178
- ?>
179
- <td width="30%">Rejected IPs</td>
180
- <?php
181
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
182
 
183
- ?>
184
- <?php
185
- if ( count( $goodips ) > 0 ) {
186
- ?>
187
- <td width="30%">Good IPs</td>
188
- <?php
189
- }
190
 
191
- ?>
192
- </tr>
193
- <tr>
194
- <?php
195
- if ( count( $badips ) > 0 ) {
196
- ?>
197
- <td valign="top" id="badips"><?php
198
- // use the be_load to get badips
199
- $options = ss_get_options();
200
- $stats = ss_get_stats();
201
- $show = be_load( 'ss_get_bcache', 'x', $stats, $options );
202
- /*
203
- $show='';
204
- $cont='badips';
205
- foreach ( $badips as $key => $value ) {
206
- $show.="<a href=\"https://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
207
-
208
- // try ajax on the delete from bad cache
209
-
210
- $onclick="onclick=\"sfs_ajax_process( '$key','$cont','delete_bcache','$ajaxurl' );return false;\"";
211
- $show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
212
- $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_black','$ajaxurl' );return false;\"";
213
- $show.=" <a href=\"\" $onclick title=\"Add to $key Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" height=\"16px\" /></a> ";
214
- $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_white','$ajaxurl' );return false;\"";
215
- $show.=" <a href=\"\" $onclick title=\"Add to $key Allow List\" alt=\"Add to Allow List\" ><img src=\"$tup\" height=\"16px\" /></a> ";
216
- $who="<a title=\"Look Up WHOIS\" target=\"_stopspam\" href=\"https://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=$key\"><img src=\"$whois\" height=\"16px\" /></a> ";
217
- $show.=$who;
218
- $show.="<br />";
219
- }
220
-
221
- */
222
- echo $show;
223
- ?></td>
224
- <?php
225
- }
226
 
227
- ?>
228
- <?php
229
- if ( count( $goodips ) > 0 ) {
230
- arsort( $goodips );
231
- ?>
232
- <td valign="top" id="goodips"><?php
233
- // use the be_load to get badips
234
- $options = ss_get_options();
235
- $stats = ss_get_stats();
236
- $show = be_load( 'ss_get_gcache', 'x', $stats, $options );
237
- /*$show='';
238
- $cont='goodips';
239
- foreach ( $goodips as $key => $value ) {
240
- $show.="<a href=\"https://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
241
-
242
- // try ajax on the delete from bad cache
243
-
244
- $onclick="onclick=\"sfs_ajax_process( '$key','$cont','delete_gcache','$ajaxurl' );return false;\"";
245
- $show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
246
- $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_black','$ajaxurl' );return false;\"";
247
- $show.=" <a href=\"\" $onclick title=\"Add to $key Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" height=\"16px\" /></a> ";
248
- $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_white','$ajaxurl' );return false;\"";
249
- $show.=" <a href=\"\" $onclick title=\"Add to $key Allow List\" alt=\"Add to Allow List\" ><img src=\"$tup\" height=\"16px\" /></a> ";
250
- $show.="<br />";
251
- }
252
-
253
- */
254
- echo $show;
255
- ?></td>
256
- <?php
257
- }
258
 
259
- ?>
260
- </tr>
261
- </table>
262
- <?php
263
- }
264
 
265
- ?>
1
  <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
  } // just in case
5
+ if ( ! current_user_can( 'manage_options' ) ) {
6
+ die( 'Access Denied' );
7
  }
8
 
9
  ss_fix_post_vars();
10
  $stats = ss_get_stats();
11
  extract( $stats );
12
+ $now = date( 'Y/m/d H:i:s', time() + ( get_option( 'gmt_offset' ) * 3600 ) );
13
  $options = ss_get_options();
14
  extract( $options );
15
+ $trash = SS_PLUGIN_URL . 'images/trash.png';
16
+ $tdown = SS_PLUGIN_URL . 'images/tdown.png';
17
+ $tup = SS_PLUGIN_URL . 'images/tup.png'; // fix this
18
+ $whois = SS_PLUGIN_URL . 'images/whois.png'; // fix this
19
+ $nonce = "";
20
  $ajaxurl = admin_url( 'admin-ajax.php' );
21
 
22
  // update options
23
  if ( array_key_exists( 'ss_stop_spammers_control', $_POST ) ) {
24
+ $nonce = $_POST['ss_stop_spammers_control'];
25
  }
26
 
27
+ if ( ! empty( $nonce ) && wp_verify_nonce( $nonce, 'ss_stopspam_update' ) ) {
28
+ if ( array_key_exists( 'update_options', $_POST ) ) {
29
+ if ( array_key_exists( 'ss_sp_cache', $_POST ) ) {
30
+ $ss_sp_cache = stripslashes( $_POST['ss_sp_cache'] );
31
+ $options['ss_sp_cache'] = $ss_sp_cache;
32
+ }
33
 
34
+ if ( array_key_exists( 'ss_sp_good', $_POST ) ) {
35
+ $ss_sp_good = stripslashes( $_POST['ss_sp_good'] );
36
+ $options['ss_sp_good'] = $ss_sp_good;
37
+ }
38
 
39
+ ss_set_options( $options );
40
+ }
41
  }
42
 
43
  // clear the cache
44
  if ( array_key_exists( 'ss_stop_spammers_control', $_POST ) ) {
45
+ $nonce = $_POST['ss_stop_spammers_control'];
46
  }
47
 
48
  if ( wp_verify_nonce( $nonce, 'ss_stopspam_update' ) ) {
49
+ if ( array_key_exists( 'ss_stop_clear_cache', $_POST ) ) {
50
 
51
+ // clear the cache
52
+ $badips = array();
53
+ $goodips = array();
54
+ $stats['badips'] = $badips;
55
+ $stats['goodips'] = $goodips;
56
+ ss_set_stats( $stats );
57
+ echo "<div class='notice notice-success'><p>Cache Cleared</p></div>";
58
+ }
59
 
60
+ $msg = '<div class="notice notice-success"><p>Options Updated</p></div>';
61
  }
62
 
63
  $nonce = wp_create_nonce( 'ss_stopspam_update' );
64
  ?>
65
  <div id="ss-plugin" class="wrap">
66
+ <h1>Stop Spammers — Cache</h1>
67
+ <?php
68
+ if ( ! empty( $msg ) ) {
69
+ echo "$msg";
70
+ } ?>
71
+ <p>Whenever a user tries to leave a comment, register, or login, they are recorded in the Good Cache if they pass or the Bad Cache if they fail. If a user is blocked from access, they are added to the Bad Cache. You can see the caches here. The caches clear themselves over time, but if you are getting lots of spam it is a good idea to clear these out manually by pressing the "Clear Cache" button.</p>
72
+ <form method="post" action="">
73
+ <input type="hidden" name="update_options" value="update"/>
74
+ <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>"/>
75
+ <fieldset>
76
+ <legend><span style="font-weight:bold;font-size:1.2em">Bad Cache Size</span></legend>
77
+ <p>You can change the number of entries to keep in your history and cache. The size of these items is an issue and will cause problems with some WordPress installations. It is best to keep these small.</p>
78
+ Bad IP Cache Size: <select name="ss_sp_cache">
79
+ <option value="0" <?php
80
+ if ( $ss_sp_cache == '0' ) {
81
+ echo "selected=\"true\"";
82
+ } ?>>0
83
+ </option>
84
+ <option value="10" <?php
85
+ if ( $ss_sp_cache == '10' ) {
86
+ echo "selected=\"true\"";
87
+ } ?>>10
88
+ </option>
89
+ <option value="25" <?php
90
+ if ( $ss_sp_cache == '25' ) {
91
+ echo "selected=\"true\"";
92
+ } ?>>25
93
+ </option>
94
+ <option value="50" <?php
95
+ if ( $ss_sp_cache == '50' ) {
96
+ echo "selected=\"true\"";
97
+ } ?>>50
98
+ </option>
99
+ <option value="75" <?php
100
+ if ( $ss_sp_cache == '75' ) {
101
+ echo "selected=\"true\"";
102
+ } ?>>75
103
+ </option>
104
+ <option value="100" <?php
105
+ if ( $ss_sp_cache == '100' ) {
106
+ echo "selected=\"true\"";
107
+ } ?>>100
108
+ </option>
109
+ <option value="200" <?php
110
+ if ( $ss_sp_cache == '200' ) {
111
+ echo "selected=\"true\"";
112
+ } ?>>200
113
+ </option>
114
+ </select>
115
+ <p>Select the number of items to save in the bad IP cache. Avoid making this too big as it can cause the plugin to run out of memory.</p>
116
+ </fieldset>
117
+ <br />
118
+ <fieldset>
119
+ <legend><span style="font-weight:bold;font-size:1.2em">Good Cache Size</span></legend>
120
+ <p>The good cache should be set to just a few entries. The first time a spammer hits your site he may not be well-known and once he gets in the Good Cache he can hit your site without being checked again. Increasing the size of the cache means a spammer has more opportunities to hit your site without a new check.</p>
121
+ Good Cache Size:
122
+ <select name="ss_sp_good">
123
+ <option value="1" <?php
124
+ if ( $ss_sp_good == '1' ) {
125
+ echo "selected=\"true\"";
126
+ } ?>>1
127
+ </option>
128
+ <option value="2" <?php
129
+ if ( $ss_sp_good == '2' ) {
130
+ echo "selected=\"true\"";
131
+ } ?>>2
132
+ </option>
133
+ <option value="3" <?php
134
+ if ( $ss_sp_good == '3' ) {
135
+ echo "selected=\"true\"";
136
+ } ?>>3
137
+ </option>
138
+ <option value="4" <?php
139
+ if ( $ss_sp_good == '4' ) {
140
+ echo "selected=\"true\"";
141
+ } ?>>4
142
+ </option>
143
+ <option value="10" <?php
144
+ if ( $ss_sp_good == '10' ) {
145
+ echo "selected=\"true\"";
146
+ } ?>>10
147
+ </option>
148
+ <option value="25" <?php
149
+ if ( $ss_sp_good == '25' ) {
150
+ echo "selected=\"true\"";
151
+ } ?>>25
152
+ </option>
153
+ <option value="50" <?php
154
+ if ( $ss_sp_good == '50' ) {
155
+ echo "selected=\"true\"";
156
+ } ?>>50
157
+ </option>
158
+ <option value="75" <?php
159
+ if ( $ss_sp_good == '75' ) {
160
+ echo "selected=\"true\"";
161
+ } ?>>75
162
+ </option>
163
+ <option value="100" <?php
164
+ if ( $ss_sp_good == '100' ) {
165
+ echo "selected=\"true\"";
166
+ } ?>>100
167
+ </option>
168
+ <option value="200" <?php
169
+ if ( $ss_sp_good == '200' ) {
170
+ echo "selected=\"true\"";
171
+ } ?>>200
172
+ </option>
173
+ </select>
174
+ </fieldset>
175
+ <br />
176
+ <p class="submit"><input class="button-primary" value="Save Changes" type="submit"/></p>
177
+ </form>
178
+ <?php
179
+ if ( count( $badips ) == 0 && count( $goodips ) == 0 ) {
180
+ echo "Nothing in the cache.";
181
+ } else {
182
+ ?>
183
+ <h2>Cached Values</h2>
184
+ <form method="post" action="">
185
+ <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>"/>
186
+ <input type="hidden" name="ss_stop_clear_cache" value="true"/>
187
+ <p class="submit"><input class="button-primary" value="Clear the Cache" type="submit"/></p>
188
+ </form>
189
+ <table>
190
+ <tr>
191
+ <?php
192
+ if ( count( $badips ) > 0 ) {
193
+ arsort( $badips );
194
+ ?>
195
+ <td width="30%">Rejected IPs</td>
196
+ <?php
197
+ }
198
 
199
+ ?>
200
+ <?php
201
+ if ( count( $goodips ) > 0 ) {
202
+ ?>
203
+ <td width="30%">Good IPs</td>
204
+ <?php
205
+ }
206
 
207
+ ?>
208
+ </tr>
209
+ <tr>
210
+ <?php
211
+ if ( count( $badips ) > 0 ) {
212
+ ?>
213
+ <td valign="top" id="badips"><?php
214
+ // use the be_load to get badips
215
+ $options = ss_get_options();
216
+ $stats = ss_get_stats();
217
+ $show = be_load( 'ss_get_bcache', 'x', $stats, $options );
218
+ /*
219
+ $show='';
220
+ $cont='badips';
221
+ foreach ( $badips as $key => $value ) {
222
+ $show.="<a href=\"https://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
223
+
224
+ // try ajax on the delete from bad cache
225
+
226
+ $onclick="onclick=\"sfs_ajax_process( '$key','$cont','delete_bcache','$ajaxurl' );return false;\"";
227
+ $show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
228
+ $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_black','$ajaxurl' );return false;\"";
229
+ $show.=" <a href=\"\" $onclick title=\"Add to $key Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" height=\"16px\" /></a> ";
230
+ $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_white','$ajaxurl' );return false;\"";
231
+ $show.=" <a href=\"\" $onclick title=\"Add to $key Allow List\" alt=\"Add to Allow List\" ><img src=\"$tup\" height=\"16px\" /></a> ";
232
+ $who="<a title=\"Look Up WHOIS\" target=\"_stopspam\" href=\"https://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query=$key\"><img src=\"$whois\" height=\"16px\" /></a> ";
233
+ $show.=$who;
234
+ $show.="<br />";
235
+ }
236
+
237
+ */
238
+ echo $show;
239
+ ?></td>
240
+ <?php
241
+ }
242
 
243
+ ?>
244
+ <?php
245
+ if ( count( $goodips ) > 0 ) {
246
+ arsort( $goodips );
247
+ ?>
248
+ <td valign="top" id="goodips"><?php
249
+ // use the be_load to get badips
250
+ $options = ss_get_options();
251
+ $stats = ss_get_stats();
252
+ $show = be_load( 'ss_get_gcache', 'x', $stats, $options );
253
+ /*$show='';
254
+ $cont='goodips';
255
+ foreach ( $goodips as $key => $value ) {
256
+ $show.="<a href=\"https://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
257
+
258
+ // try ajax on the delete from bad cache
259
+
260
+ $onclick="onclick=\"sfs_ajax_process( '$key','$cont','delete_gcache','$ajaxurl' );return false;\"";
261
+ $show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" height=\"16px\" /></a> ";
262
+ $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_black','$ajaxurl' );return false;\"";
263
+ $show.=" <a href=\"\" $onclick title=\"Add to $key Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" height=\"16px\" /></a> ";
264
+ $onclick="onclick=\"sfs_ajax_process( '$key','$cont','add_white','$ajaxurl' );return false;\"";
265
+ $show.=" <a href=\"\" $onclick title=\"Add to $key Allow List\" alt=\"Add to Allow List\" ><img src=\"$tup\" height=\"16px\" /></a> ";
266
+ $show.="<br />";
267
+ }
268
+
269
+ */
270
+ echo $show;
271
+ ?></td>
272
+ <?php
273
+ }
274
 
275
+ ?>
276
+ </tr>
277
+ </table>
278
+ <?php
279
+ }
280
 
281
+ ?>
settings/ss_challenge.php CHANGED
@@ -109,7 +109,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
109
  } ?> />
110
  <br />
111
  <p>If you want you can send the spammer to a web page. This can be a custom page explaining terms of
112
- service, or a nasty message.</p>
113
  Redirect URL:
114
  <input size="77" name="redirurl" type="text" value="<?php echo $redirurl; ?>"/>
115
  </fieldset>
@@ -119,14 +119,15 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
119
  </legend>
120
  <p>Users can see the form to add themselves to the request list, but lots of spammers fill it out randomly.
121
  This hides the request form.</p>
122
- Blocked users see the Allow request form:
123
  <input type="checkbox" name="wlreq" value="Y" <?php if ( $wlreq == 'Y' ) {
124
  echo "checked=\"checked\"";
125
  } ?> />
126
  </fieldset>
127
  <br />
128
  <fieldset>
129
- <legend><span style="font-weight:bold;font-size:1.2em">Notify Webmaster When a User Requests to be Added to the Allow List</span>
 
130
  </legend>
131
  <p>Blocked users can add their email addresses to the the Allow List request. This will also send you an
132
  email notification.</p>
@@ -150,9 +151,8 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
150
  give users a second chance by displaying a CAPTCHA image and asking them to type in the letters that
151
  they see. This prevents lockouts.<br />
152
  This option will override the email notification option above.<br />
153
- By default the plugin will support the arithmetic question which is OK. For better results, I have
154
- included the ability to use Google's reCAPTCHA, or you can try SolveMedia's CAPTCHA using ads which can
155
- provide a revenue stream.<br />
156
  <input type="radio" value="N" name="chkcaptcha" <?php if ( $chkcaptcha == 'N' ) {
157
  echo "checked=\"checked\"";
158
  } ?>/>
@@ -168,7 +168,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
168
  <input type="radio" value="A" name="chkcaptcha" <?php if ( $chkcaptcha == 'A' ) {
169
  echo "checked=\"checked\"";
170
  } ?>/>
171
- Really stupid arithmetic question</p>
172
  <p>In order to use Solve Media or Google reCAPTCHA you will need to get an API key. Open CAPTCHA is no
173
  longer supported so the arithmetic question will be used for those that had it set.</p>
174
  </fieldset>
@@ -206,12 +206,9 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
206
  <input size="64" name="solvmediaapiverify" type="text" value="<?php echo $solvmediaapiverify; ?>"/>
207
  <br />
208
  <p>This API key is used for displaying a Solve Media CAPTCHA on your site.
209
- This CAPTCHA has the added advantage that you can make a little money by having your CAPTCHA also be an
210
- ad.
211
- (It is unlikely that spammers will click through on an ad, but hey, you never know!)
212
  You can display the CAPTCHA in case a real user is blocked, so they can still leave a comment.
213
  You can register and get an API key at <a href="https://portal.solvemedia.com/portal/public/signup"
214
- target="_blank">portal.solvemedia.com/portal/public/signup</a>.
215
  If the keys are correct you should see the CAPTCHA here:</p>
216
  <?php
217
  if ( ! empty( $solvmediaapivchallenge ) ) {
@@ -219,10 +216,8 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
219
  <script type="text/javascript"
220
  src="https://api-secure.solvemedia.com/papi/challenge.script?k=<?php echo $solvmediaapivchallenge; ?>">
221
  </script>
222
- <p>If the CAPTCHA form looks good you need to enable the CAPTCHA on the Challenge &amp; Deny options
223
- page. (see left)
224
- (Solve Media has a plugin that can be used for registrations and logins that you could use as a
225
- revenue stream.)</p>
226
  <?php
227
  }
228
  ?>
109
  } ?> />
110
  <br />
111
  <p>If you want you can send the spammer to a web page. This can be a custom page explaining terms of
112
+ service for example.</p>
113
  Redirect URL:
114
  <input size="77" name="redirurl" type="text" value="<?php echo $redirurl; ?>"/>
115
  </fieldset>
119
  </legend>
120
  <p>Users can see the form to add themselves to the request list, but lots of spammers fill it out randomly.
121
  This hides the request form.</p>
122
+ Blocked users see the Allow Request form:
123
  <input type="checkbox" name="wlreq" value="Y" <?php if ( $wlreq == 'Y' ) {
124
  echo "checked=\"checked\"";
125
  } ?> />
126
  </fieldset>
127
  <br />
128
  <fieldset>
129
+ <legend><span
130
+ style="font-weight:bold;font-size:1.2em">Notify Webmaster When a User Requests to be Added to the Allow List</span>
131
  </legend>
132
  <p>Blocked users can add their email addresses to the the Allow List request. This will also send you an
133
  email notification.</p>
151
  give users a second chance by displaying a CAPTCHA image and asking them to type in the letters that
152
  they see. This prevents lockouts.<br />
153
  This option will override the email notification option above.<br />
154
+ By default, the plugin will support the arithmetic question, which is okay. For better results,
155
+ use Google's reCAPTCHA, or you can try SolveMedia's CAPTCHA<br />
 
156
  <input type="radio" value="N" name="chkcaptcha" <?php if ( $chkcaptcha == 'N' ) {
157
  echo "checked=\"checked\"";
158
  } ?>/>
168
  <input type="radio" value="A" name="chkcaptcha" <?php if ( $chkcaptcha == 'A' ) {
169
  echo "checked=\"checked\"";
170
  } ?>/>
171
+ Arithmetic Question</p>
172
  <p>In order to use Solve Media or Google reCAPTCHA you will need to get an API key. Open CAPTCHA is no
173
  longer supported so the arithmetic question will be used for those that had it set.</p>
174
  </fieldset>
206
  <input size="64" name="solvmediaapiverify" type="text" value="<?php echo $solvmediaapiverify; ?>"/>
207
  <br />
208
  <p>This API key is used for displaying a Solve Media CAPTCHA on your site.
 
 
 
209
  You can display the CAPTCHA in case a real user is blocked, so they can still leave a comment.
210
  You can register and get an API key at <a href="https://portal.solvemedia.com/portal/public/signup"
211
+ target="_blank">https://portal.solvemedia.com/portal/public/signup</a>.
212
  If the keys are correct you should see the CAPTCHA here:</p>
213
  <?php
214
  if ( ! empty( $solvmediaapivchallenge ) ) {
216
  <script type="text/javascript"
217
  src="https://api-secure.solvemedia.com/papi/challenge.script?k=<?php echo $solvmediaapivchallenge; ?>">
218
  </script>
219
+ <p>If the CAPTCHA form looks good, you need to enable the CAPTCHA on the Challenge &amp; Deny options
220
+ page. (see left)</p>
 
 
221
  <?php
222
  }
223
  ?>
settings/ss_denylist_settings.php CHANGED
@@ -114,12 +114,12 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
114
  <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>"/>
115
  <fieldset>
116
  <legend><span style="font-weight:bold;font-size:1.2em">Block List</span></legend>
117
- <p>Put IP addresses or emails here that you want blocked. One email or IP to a line.<br />
118
- You can mix email addresses and IP numbers. You can use IPV4 or IPV6 numbers. You can use CIDR format to
119
- block a range (e.g. 1.2.3.4/16) or you can use wild cards (e.g. spammer@spam.* or 1.2.3.*).<br />
120
- You can also use this to deny user ids. This is usually not useful as spammers can change the user id
121
  that they use.<br />
122
- To block userids in this list, check this box.
123
  <input name="chkbluserid" type="checkbox" value="Y" <?php if ( $chkbluserid == 'Y' ) {
124
  echo "checked=\"checked\"";
125
  } ?> /></p>
@@ -128,8 +128,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
128
  foreach ( $blist as $p ) {
129
  echo $p . "\r\n";
130
  }
131
- ?>
132
- </textarea>
133
  </fieldset>
134
  <br />
135
  <fieldset>
@@ -145,8 +144,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
145
  foreach ( $spamwords as $p ) {
146
  echo $p . "\r\n";
147
  }
148
- ?>
149
- </textarea>
150
  </fieldset>
151
  <br />
152
  <fieldset>
@@ -163,8 +161,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
163
  foreach ( $badagents as $p ) {
164
  echo $p . "\r\n";
165
  }
166
- ?>
167
- </textarea>
168
  <br />
169
  <p>This is a string search so that all you have to enter is enough of the agent to match. Telesoft matches
170
  Telesoft Spider or Telesoft 3.2.</p>
@@ -184,8 +181,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
184
  foreach ( $badTLDs as $p ) {
185
  echo $p . "\r\n";
186
  }
187
- ?>
188
- </textarea><br />
189
  <p>A TLD is the last part of a domain like .COM or .NET. You can block emails from various countries this
190
  way by adding a TLD such as .CN or .RU (these will block Russia and China). It will not block the whole
191
  country.<br />
114
  <input type="hidden" name="ss_stop_spammers_control" value="<?php echo $nonce; ?>"/>
115
  <fieldset>
116
  <legend><span style="font-weight:bold;font-size:1.2em">Block List</span></legend>
117
+ <p>Put IP addresses or emails here that you want blocked. One email or IP to a line.
118
+ You can mix email addresses and IP numbers. You can use IPv4 or IPv6 numbers. You can use CIDR format to
119
+ block a range (e.g. 1.2.3.4/16) or you can use wild cards (e.g. spammer@spam.* or 1.2.3.*).
120
+ You can also use this to deny user IDs. This is usually not useful as spammers can change the user ID
121
  that they use.<br />
122
+ To block usernames in this list, check this box.
123
  <input name="chkbluserid" type="checkbox" value="Y" <?php if ( $chkbluserid == 'Y' ) {
124
  echo "checked=\"checked\"";
125
  } ?> /></p>
128
  foreach ( $blist as $p ) {
129
  echo $p . "\r\n";
130
  }
131
+ ?></textarea>
 
132
  </fieldset>
133
  <br />
134
  <fieldset>
144
  foreach ( $spamwords as $p ) {
145
  echo $p . "\r\n";
146
  }
147
+ ?></textarea>
 
148
  </fieldset>
149
  <br />
150
  <fieldset>
161
  foreach ( $badagents as $p ) {
162
  echo $p . "\r\n";
163
  }
164
+ ?></textarea>
 
165
  <br />
166
  <p>This is a string search so that all you have to enter is enough of the agent to match. Telesoft matches
167
  Telesoft Spider or Telesoft 3.2.</p>
181
  foreach ( $badTLDs as $p ) {
182
  echo $p . "\r\n";
183
  }
184
+ ?></textarea><br />
 
185
  <p>A TLD is the last part of a domain like .COM or .NET. You can block emails from various countries this
186
  way by adding a TLD such as .CN or .RU (these will block Russia and China). It will not block the whole
187
  country.<br />
settings/ss_option_maint.php CHANGED
@@ -28,7 +28,7 @@ ss_fix_post_vars();
28
  happen is that the page will paint a little slower because the option is retrieved separately from other
29
  options. The best thing that can happen is there is a lower demand on memory because the unused options are
30
  not loaded when WordPress starts loading a page.</p>
31
- <p>When plugins are uninstalled they are supposed to clean up their options. Many options do not do any clean-up
32
  during uninstall. It is quite possible that you have many orphan options from plugins that you deleted long
33
  ago. These are autoloaded on every page, slowing down your pages and eating up memory. These options can be
34
  safely marked so that they will not autoload. If you are sure they are not needed you can delete them.</p>
@@ -297,7 +297,8 @@ ss_fix_post_vars();
297
  }
298
  ?>
299
  </table>
300
- <p class="submit"><input class="button-primary" value="Update" type="submit" onclick="return confirm('Are you sure? There is not undo for this.');"></p>
 
301
  </form>
302
  <?php
303
  $m1 = memory_get_usage();
@@ -309,7 +310,7 @@ ss_fix_post_vars();
309
  $showtransients = false; // change to true to clean up transients
310
  if ( $showtransients && countTransients() > 0 ) { // personal use - probably too dangerous for casual users.
311
  ?>
312
- <hr />
313
  <p>WordPress creates temporary objects in the database called transients.<br />
314
  WordPress is not good about cleaning them up afterwards. You can clean these up safely and it might
315
  speed things up.</p>
28
  happen is that the page will paint a little slower because the option is retrieved separately from other
29
  options. The best thing that can happen is there is a lower demand on memory because the unused options are
30
  not loaded when WordPress starts loading a page.</p>
31
+ <p>When plugins are uninstalled they are supposed to clean up their options. Many plugins do not do any cleanup
32
  during uninstall. It is quite possible that you have many orphan options from plugins that you deleted long
33
  ago. These are autoloaded on every page, slowing down your pages and eating up memory. These options can be
34
  safely marked so that they will not autoload. If you are sure they are not needed you can delete them.</p>
297
  }
298
  ?>
299
  </table>
300
+ <p class="submit"><input class="button-primary" value="Update" type="submit"
301
+ onclick="return confirm('Are you sure? There is not undo for this.');"></p>
302
  </form>
303
  <?php
304
  $m1 = memory_get_usage();
310
  $showtransients = false; // change to true to clean up transients
311
  if ( $showtransients && countTransients() > 0 ) { // personal use - probably too dangerous for casual users.
312
  ?>
313
+ <hr/>
314
  <p>WordPress creates temporary objects in the database called transients.<br />
315
  WordPress is not good about cleaning them up afterwards. You can clean these up safely and it might
316
  speed things up.</p>
settings/ss_options.php CHANGED
@@ -240,12 +240,12 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
240
  option
241
  if you are running an ecommerce site or a specialized site that has forms that are blocked by Stop
242
  Spammers.
243
- This is a new option and is off by default.</p>
244
  </fieldset>
245
  <fieldset>
246
  <legend><span style="font-weight:bold;font-size:1.5em">Prevent Lockouts</span></legend>
247
  <p>This plugin aggressively checks for spammers and is unforgiving to the point where even you may get
248
- locked out of your own blog when you log off and try to log back in. There are two options which help
249
  prevent this, but these options can make it easier for a spammer to hack your site.<br />
250
  When you are confident that the plugin is working you can uncheck these boxes.</p>
251
  <fieldset>
@@ -267,8 +267,8 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
267
  echo "checked=\"checked\"";
268
  } ?> />
269
  Normally the plugin checks for spammers before WordPress can try to log in a user.
270
- If you check this box, every attempt to login will be tested for a valid user.
271
- This may allow a hacker to guess your user id and password by making thousands of attempts to login.
272
  This is turned on initially to prevent you from being locked out of your own blog,
273
  but should be unchecked after you verify that the plugin does not think you are a spammer.</p>
274
  </fieldset>
@@ -276,7 +276,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
276
  <br />
277
  <fieldset>
278
  <legend><span style="font-weight:bold;font-size:1.5em">Validate Requests</span></legend>
279
- <p>Spam robots do not always follow rules. They don't provide the proper request headers or are too quick.
280
  These items can be quickly checked. These rules are the most economical way of detecting spammers.</p>
281
  <fieldset>
282
  <legend><span style="font-weight:bold;font-size:1.2em">Block Spam Missing the HTTP_ACCEPT Header</span>
@@ -285,7 +285,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
285
  echo "checked=\"checked\"";
286
  } ?> />
287
  Blocks users who have a missing or incomplete HTTP_ACCEPT header. All browsers provide this header.
288
- If a hit on your site is missing the HTTP_ACCEPT header it is because a poorly written robot is
289
  trying access your site.</p>
290
  </fieldset>
291
  <br />
@@ -295,8 +295,8 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
295
  echo "checked=\"checked\"";
296
  } ?> />
297
  When you submit a form, all browsers provide the web page that submitted the form. If this referring
298
- page is missing or does not match your website then the submit is probably from a program accessing
299
- your site. Some cell phone apps try to log in without the correct header. You may want to disable
300
  this function if you log into your website from your mobile device. Test it first - the better
301
  written apps provide the referring page.</p>
302
  </fieldset>
@@ -319,7 +319,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
319
  <p><input name="chklong" type="checkbox" value="Y" <?php if ( $chklong == 'Y' ) {
320
  echo "checked=\"checked\"";
321
  } ?> />
322
- Spammers can't resist using very long names and emails. This rejects these if the are over 64
323
  characters in length.</p>
324
  </fieldset>
325
  <fieldset>
@@ -352,13 +352,13 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
352
  <em>(disabled if caching is active)</em> The plugin will drop a cookie with the current time in it.
353
  When the user enters a comment or tries to log into the system, the time is checked. If the user
354
  responds too fast, he is a spammer. If cookies are not supported, this is disabled. Use the timeout
355
- value below to control the speed. (Stops the most spammers of all the methods listed here.)<br />
356
  Response Timeout Value:
357
  <input name="sesstime" type="text" value="<?php echo $sesstime; ?>" size="2"/>
358
  This is the time used to determine if a spammer has filled out a form too quickly. Humans take more
359
  than 10 seconds, at least, to fill out forms. The default is 4 seconds. If a user takes 4 seconds or
360
  less to fill out a form they are not human and are denied. Users who use automatic passwords may
361
- show up as false positives so keep this low.</p>
362
  </fieldset>
363
  <br />
364
  <fieldset>
@@ -366,7 +366,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
366
  <p><input name="chk404" type="checkbox" value="Y" <?php if ( $chk404 == 'Y' ) {
367
  echo "checked=\"checked\"";
368
  } ?> />
369
- Robots often search your site for exploitable files. If there is a match to a known exploit URL,
370
  this will automatically add the IP address to the Deny List.</p>
371
  </fieldset>
372
  <br />
@@ -375,9 +375,9 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
375
  <p><input name="chkakismet" type="checkbox" value="Y" <?php if ( $chkakismet == 'Y' ) {
376
  echo "checked=\"checked\"";
377
  } ?> />
378
- Akismet does a good job detecting spam. If Akismet catches a spammer then the IP address should be
379
  added to the bad IP cache. Akismet will continue to block comment spam, but if there is a login or
380
- registration attempt from the same IP it will be blocked.</p>
381
  </fieldset>
382
  <br />
383
  <fieldset>
@@ -396,14 +396,13 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
396
  <p><input name="chkadmin" type="checkbox" value="Y" <?php if ( $chkadmin == 'Y' ) {
397
  echo "checked=\"checked\"";
398
  } ?> />
399
- When a spammer starts hitting the login page with 'admin' anywhere in the login id and there is no
400
  matching user,
401
  then it is a spammer trying to figure out your password.
402
- Deny List immediately. This only works if you do not have any users with 'admin' in their login id.
403
- It is dangerous to have a username 'admin'!
404
- My sites get thousands of hits from robots trying to guess my admin password.
405
- This has the side effect of preventing users from registering with a user id with the word admin in
406
- their username.
407
  Users cannot register with 'admin2' or 'superadmin' or 'Administrator.'</p>
408
  </fieldset>
409
  <br />
@@ -413,7 +412,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
413
  <p><input name="chkubiquity" type="checkbox" value="Y" <?php if ( $chkubiquity == 'Y' ) {
414
  echo "checked=\"checked\"";
415
  } ?> />
416
- I have a list of hosting companies who tolerate spammers. They are the source of much comment spam
417
  and login attempts. This blocks many of them.</p>
418
  </fieldset>
419
  <br />
@@ -542,9 +541,8 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
542
  <fieldset>
543
  <legend><span style="font-weight:bold;font-size:1.2em">Block Countries</span></legend>
544
  <p><strong>This does not block the whole country. It only blocks spam sources in a country.</strong></p>
545
- <p>Blocking countries only blocks the known spam blocks from those countries. I make an attempt to not
546
- block residential ISPs in countries
547
- where spammers are quickly shut down. <em><strong>Blocking US will not block Cox, Verizon, AT&amp;T,
548
  etc. It will block
549
  hosting companies that send out spam that are located in the US.</strong></em></p>
550
  <p>Blocking RU will, however, block most of Russia, because Russian ISPs do not shut down zombie
@@ -557,9 +555,8 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
557
  Indonesia (in that order)
558
  are the sources of most spam, but they also take up to a half a meg of memory to load. This may slow
559
  things a little
560
- and in some cases might shut down your blog. I run all of them on SiteGround.com without any issues,
561
- but if
562
- you are using a free or low-budget site to run your blog, there could be a problem.</p>
563
  <p>Check all:
564
  <input type="checkbox" name="ss_set" value="1"
565
  onclick='var t=ss.ss_set.checked;var els=document.getElementsByTagName("INPUT");for (index = 0; index < els.length; ++index){if (els[index].type=="checkbox"){if (els[index].name.length==5){els[index].checked=t;}}}'/>
240
  option
241
  if you are running an ecommerce site or a specialized site that has forms that are blocked by Stop
242
  Spammers.
243
+ For the most protection, this option is off by default (recommended).</p>
244
  </fieldset>
245
  <fieldset>
246
  <legend><span style="font-weight:bold;font-size:1.5em">Prevent Lockouts</span></legend>
247
  <p>This plugin aggressively checks for spammers and is unforgiving to the point where even you may get
248
+ locked out of your own website when you log off and try to log back in. There are two options which help
249
  prevent this, but these options can make it easier for a spammer to hack your site.<br />
250
  When you are confident that the plugin is working you can uncheck these boxes.</p>
251
  <fieldset>
267
  echo "checked=\"checked\"";
268
  } ?> />
269
  Normally the plugin checks for spammers before WordPress can try to log in a user.
270
+ If you check this box, every attempt to log in will be tested for a valid user.
271
+ This may allow a hacker to guess your user ID and password by making thousands of attempts to login.
272
  This is turned on initially to prevent you from being locked out of your own blog,
273
  but should be unchecked after you verify that the plugin does not think you are a spammer.</p>
274
  </fieldset>
276
  <br />
277
  <fieldset>
278
  <legend><span style="font-weight:bold;font-size:1.5em">Validate Requests</span></legend>
279
+ <p>Spam bots do not always follow rules. They don't provide the proper request headers or are too quick.
280
  These items can be quickly checked. These rules are the most economical way of detecting spammers.</p>
281
  <fieldset>
282
  <legend><span style="font-weight:bold;font-size:1.2em">Block Spam Missing the HTTP_ACCEPT Header</span>
285
  echo "checked=\"checked\"";
286
  } ?> />
287
  Blocks users who have a missing or incomplete HTTP_ACCEPT header. All browsers provide this header.
288
+ If a hit on your site is missing the HTTP_ACCEPT header it is because a poorly written bot is
289
  trying access your site.</p>
290
  </fieldset>
291
  <br />
295
  echo "checked=\"checked\"";
296
  } ?> />
297
  When you submit a form, all browsers provide the web page that submitted the form. If this referring
298
+ page is missing or does not match your website then the submission is probably from a program accessing
299
+ your site. Some phone apps try to log in without the correct header. You may want to disable
300
  this function if you log into your website from your mobile device. Test it first - the better
301
  written apps provide the referring page.</p>
302
  </fieldset>
319
  <p><input name="chklong" type="checkbox" value="Y" <?php if ( $chklong == 'Y' ) {
320
  echo "checked=\"checked\"";
321
  } ?> />
322
+ Spammers can't resist using very long names and emails. This rejects these if they are over 64
323
  characters in length.</p>
324
  </fieldset>
325
  <fieldset>
352
  <em>(disabled if caching is active)</em> The plugin will drop a cookie with the current time in it.
353
  When the user enters a comment or tries to log into the system, the time is checked. If the user
354
  responds too fast, he is a spammer. If cookies are not supported, this is disabled. Use the timeout
355
+ value below to control the speed (stops the most spammers of all the methods listed here).<br />
356
  Response Timeout Value:
357
  <input name="sesstime" type="text" value="<?php echo $sesstime; ?>" size="2"/>
358
  This is the time used to determine if a spammer has filled out a form too quickly. Humans take more
359
  than 10 seconds, at least, to fill out forms. The default is 4 seconds. If a user takes 4 seconds or
360
  less to fill out a form they are not human and are denied. Users who use automatic passwords may
361
+ show up as false positives, so keep this low.</p>
362
  </fieldset>
363
  <br />
364
  <fieldset>
366
  <p><input name="chk404" type="checkbox" value="Y" <?php if ( $chk404 == 'Y' ) {
367
  echo "checked=\"checked\"";
368
  } ?> />
369
+ Bots often search your site for exploitable files. If there is a match to a known exploit URL,
370
  this will automatically add the IP address to the Deny List.</p>
371
  </fieldset>
372
  <br />
375
  <p><input name="chkakismet" type="checkbox" value="Y" <?php if ( $chkakismet == 'Y' ) {
376
  echo "checked=\"checked\"";
377
  } ?> />
378
+ Akismet does a good job detecting spam. If Akismet catches a spammer, then the IP address should be
379
  added to the bad IP cache. Akismet will continue to block comment spam, but if there is a login or
380
+ registration attempt from the same IP, it will be blocked.</p>
381
  </fieldset>
382
  <br />
383
  <fieldset>
396
  <p><input name="chkadmin" type="checkbox" value="Y" <?php if ( $chkadmin == 'Y' ) {
397
  echo "checked=\"checked\"";
398
  } ?> />
399
+ When a spammer starts hitting the login page with 'admin' anywhere in the login ID and there is no
400
  matching user,
401
  then it is a spammer trying to figure out your password.
402
+ Deny List immediately. This only works if you do not have any users with 'admin' in their username.
403
+ It is dangerous to have a username 'admin.'
404
+ Sites get thousands of hits from bots trying to guess the admin password.
405
+ This has the side effect of preventing users from registering a username with the word admin in it.
 
406
  Users cannot register with 'admin2' or 'superadmin' or 'Administrator.'</p>
407
  </fieldset>
408
  <br />
412
  <p><input name="chkubiquity" type="checkbox" value="Y" <?php if ( $chkubiquity == 'Y' ) {
413
  echo "checked=\"checked\"";
414
  } ?> />
415
+ A list of hosting companies who tolerate spammers. They are the source of many comment spam
416
  and login attempts. This blocks many of them.</p>
417
  </fieldset>
418
  <br />
541
  <fieldset>
542
  <legend><span style="font-weight:bold;font-size:1.2em">Block Countries</span></legend>
543
  <p><strong>This does not block the whole country. It only blocks spam sources in a country.</strong></p>
544
+ <p>Blocking countries only blocks the known spam blocks from those countries. Blocking residential ISPs in countries
545
+ where spammers are quickly shut down is avoided. <em><strong>Blocking the US will not block Cox, Verizon, AT&amp;T,
 
546
  etc. It will block
547
  hosting companies that send out spam that are located in the US.</strong></em></p>
548
  <p>Blocking RU will, however, block most of Russia, because Russian ISPs do not shut down zombie
555
  Indonesia (in that order)
556
  are the sources of most spam, but they also take up to a half a meg of memory to load. This may slow
557
  things a little
558
+ and in some cases might shut down your site. If you are using a free or low-budget host to run your site,
559
+ there could be a problem.</p>
 
560
  <p>Check all:
561
  <input type="checkbox" name="ss_set" value="1"
562
  onclick='var t=ss.ss_set.checked;var els=document.getElementsByTagName("INPUT");for (index = 0; index < els.length; ++index){if (els[index].type=="checkbox"){if (els[index].name.length==5){els[index].checked=t;}}}'/>
settings/ss_reports.php CHANGED
@@ -174,8 +174,19 @@ $now = date( 'Y/m/d H:i:s', time() + ( get_option( 'gmt_offset' ) * 3600 )
174
  <td>$dt</td>
175
  <td>$em</td>
176
  <td>$ip $who $stopper $honeysearch $botsearch";
177
- if ( strpos( $reason, 'passed' ) !== false && ( $id == '/' || strpos( $id, 'login' ) !== false ) && ! in_array( $ip, $blist ) && ! in_array( $ip, $wlist ) ) {
178
- echo "<a href=\"\" onclick=\"return addblack('$ip');\" title=\"Add to Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" height=\"16px\" /></a>";
 
 
 
 
 
 
 
 
 
 
 
179
  }
180
  echo "</td><td>$au</td>
181
  <td>$id</td>
@@ -196,4 +207,4 @@ $now = date( 'Y/m/d H:i:s', time() + ( get_option( 'gmt_offset' ) * 3600 )
196
  <?php
197
  }
198
  ?>
199
- </div>
174
  <td>$dt</td>
175
  <td>$em</td>
176
  <td>$ip $who $stopper $honeysearch $botsearch";
177
+ if ( stripos( $reason, 'passed' ) !== false && ( $id == '/' || strpos( $id, 'login' ) ) !== false || strpos( $id, 'register' ) !== false && ! in_array( $ip, $blist ) && ! in_array( $ip, $wlist ) ) {
178
+ $ajaxurl = admin_url( 'admin-ajax.php' );
179
+ echo "<a href=\"\" onclick=\"sfs_ajax_process( '$ip','log','add_black','$ajaxurl' );return false;\" title=\"Add to Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" height=\"16px\" /></a>";
180
+ $options = get_option( 'ss_stop_sp_reg_options' );
181
+ $apikey = $options['apikey'];
182
+ if ( ! empty( $apikey ) ) {
183
+ $href = "href=\"#\"";
184
+ $onclick = "onclick=\"sfs_ajax_report_spam(this, 'registration', '$blog', '$ajaxurl', '$em', '$ip', '$au');return false;\"";
185
+ }
186
+ if ( ! empty( $em ) ) {
187
+ echo "|";
188
+ echo "<a title=\"Report to Stop Forum Spam (SFS)\" $href $onclick class='delete:the-comment-list:comment-$id::delete=1 delete vim-d vim-destructive'>Report to SFS</a>";
189
+ }
190
  }
191
  echo "</td><td>$au</td>
192
  <td>$id</td>
207
  <?php
208
  }
209
  ?>
210
+ </div>
settings/ss_summary.php CHANGED
@@ -240,7 +240,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
240
  }
241
  $current_user_name = wp_get_current_user()->user_login;
242
  if ( $current_user_name == 'admin' ) {
243
- echo "<p style=\"color:red;font-style::italic;\">You are using the admin id \"admin\". This is
244
  an invitation to hackers to try and guess your password. Please change this.<br />
245
  Here is discussion on WordPress.org:
246
  <a href=\"https://wordpress.org/support/topic/how-to-change-admin-username?replies=4\" target=\"_blank\">How to Change Admin Username</a>
@@ -372,14 +372,14 @@ if ( strpos( $sname, '?' ) !== false ) {
372
  <ul>
373
  <li><a href="?page=stop_spammers">Summary</a>: This checks to see if there may be problems from your current incoming IP address and displays a summary of events.</li>
374
  <li><a href="?page=ss_options">Protection Options</a>: This has all the options for checking for spam and logins. You can also block whole countries.</li>
375
- <li><a href="?page=ss_allow_list">Allow Lists</a>: Here you can set up your Allow List to allow IP addresses to login and leave comments on your site, without being checked for spam. It also sets up the options which you can use to allow certain kinds of users into your site, even though they may trigger spam detection.</li>
376
- <li><a href="?page=ss_deny_list">Block Lists</a>: This is where you set up your Deny List for IPs and email. It also allows you to enter spam words and phrases that trigger spam.</li>
377
  <li><a href="?page=ss_challenge">Challenge &amp; Deny</a>: This sets up CAPTCHA and notification options. You can give users who trigger the plugin a second chance to use a CAPTCHA. Supports Google reCAPTCHA and Solve Media CAPTCHA.</li>
378
  <li><a href="?page=ss_allowrequests">Allow Requests</a>: Displays users who were denied and filled out the form requesting access to your site.</li>
379
  <li><a href="?page=ss_webservices_settings">Web Services</a>: This is where you enter the API keys for StopForumSpam.com and other web checking services. You don't need to have these set for the plugin to work, but if you do, you will have better protection and the ability to report spam.</li>
380
  <li><a href="?page=ss_cache">Cache</a>: Shows the cache of recently detected events.</li>
381
  <li><a href="?page=ss_reports">Log Report</a>: Shows details of the most recent events detected by Stop Spammers.</li>
382
- <li><a href="?page=ss_diagnostics">Diagnostics</a>: You can use this to test an IP, email or, comment against all of the options. This can tell you more about why an IP address might fail. It will also show you any options that might crash the plugin on your site due to system settings.</li>
383
  </ul>
384
  <h2>Beta Options</h2>
385
  <span class="notice notice-warning" style="display:block">
240
  }
241
  $current_user_name = wp_get_current_user()->user_login;
242
  if ( $current_user_name == 'admin' ) {
243
+ echo "<p style=\"color:red;font-style::italic;\">You are using the admin ID \"admin\". This is
244
  an invitation to hackers to try and guess your password. Please change this.<br />
245
  Here is discussion on WordPress.org:
246
  <a href=\"https://wordpress.org/support/topic/how-to-change-admin-username?replies=4\" target=\"_blank\">How to Change Admin Username</a>
372
  <ul>
373
  <li><a href="?page=stop_spammers">Summary</a>: This checks to see if there may be problems from your current incoming IP address and displays a summary of events.</li>
374
  <li><a href="?page=ss_options">Protection Options</a>: This has all the options for checking for spam and logins. You can also block whole countries.</li>
375
+ <li><a href="?page=ss_allow_list">Allow Lists</a>: Here you can set up your Allow List to allow IP addresses to log in and leave comments on your site, without being checked for spam. It also sets up the options which you can use to allow certain kinds of users into your site, even though they may trigger spam detection.</li>
376
+ <li><a href="?page=ss_deny_list">Block Lists</a>: This is where you set up your Deny List for IPs and emails. It also allows you to enter spam words and phrases that trigger spam.</li>
377
  <li><a href="?page=ss_challenge">Challenge &amp; Deny</a>: This sets up CAPTCHA and notification options. You can give users who trigger the plugin a second chance to use a CAPTCHA. Supports Google reCAPTCHA and Solve Media CAPTCHA.</li>
378
  <li><a href="?page=ss_allowrequests">Allow Requests</a>: Displays users who were denied and filled out the form requesting access to your site.</li>
379
  <li><a href="?page=ss_webservices_settings">Web Services</a>: This is where you enter the API keys for StopForumSpam.com and other web checking services. You don't need to have these set for the plugin to work, but if you do, you will have better protection and the ability to report spam.</li>
380
  <li><a href="?page=ss_cache">Cache</a>: Shows the cache of recently detected events.</li>
381
  <li><a href="?page=ss_reports">Log Report</a>: Shows details of the most recent events detected by Stop Spammers.</li>
382
+ <li><a href="?page=ss_diagnostics">Diagnostics</a>: You can use this to test an IP, email, or comment against all of the options. This can tell you more about why an IP address might fail. It will also show you any options that might crash the plugin on your site due to system settings.</li>
383
  </ul>
384
  <h2>Beta Options</h2>
385
  <span class="notice notice-warning" style="display:block">
settings/ss_threat_scan.php CHANGED
@@ -66,7 +66,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
66
  <p>You probably do not have a backup to your blog, so if this scan shows you are clean, your next step is to
67
  install one of the plugins that does regular backups of your system. Next, make sure you have the latest
68
  WordPress version.</p>
69
- <p>If you think you have problems, the first thing to do is change your user id and password. Next make a backup
70
  of the infected system. Any repairs to WordPress might delete important data so you might lose posts, and
71
  the backup will help you recover missing posts.</p>
72
  <p>The next step is to install the latest version of WordPress. The new versions usually have fixes for older
@@ -75,7 +75,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
75
  old posts.</p>
76
  <p>If this doesn't work it is time to get a pro involved.</p>
77
  <h2>A clean scan does not mean you are safe. Please do backups and keep your installation up-to-date!</h2>
78
- <hr />
79
  <?php
80
  $disp = false;
81
  flush();
66
  <p>You probably do not have a backup to your blog, so if this scan shows you are clean, your next step is to
67
  install one of the plugins that does regular backups of your system. Next, make sure you have the latest
68
  WordPress version.</p>
69
+ <p>If you think you have problems, the first thing to do is change your user ID and password. Next make a backup
70
  of the infected system. Any repairs to WordPress might delete important data so you might lose posts, and
71
  the backup will help you recover missing posts.</p>
72
  <p>The next step is to install the latest version of WordPress. The new versions usually have fixes for older
75
  old posts.</p>
76
  <p>If this doesn't work it is time to get a pro involved.</p>
77
  <h2>A clean scan does not mean you are safe. Please do backups and keep your installation up-to-date!</h2>
78
+ <hr/>
79
  <?php
80
  $disp = false;
81
  flush();
settings/ss_webservices_settings.php CHANGED
@@ -94,7 +94,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
94
  } ?> /> Check to enable SFS lookups<br />
95
  You do not need an API key to check the Stop Forum Spam database, but if you want to report any
96
  spam that you find, you need to provide it here. You can register and get an API key at <a
97
- href="https://www.stopforumspam.com/keys" target="_blank">stopforumspam.com</a>.<br />
98
  You can set the minimum settings to allow possible spammers to use your site.<br />
99
  You may wish to forgive spammers with few incidents or no recent activity. I would recommend that to be
100
  on the safe side, you should block users who appear on the spam database unless they specifically ask to
@@ -117,7 +117,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
117
  <input size="32" name="honeyapi" type="text" value="<?php echo $honeyapi; ?>"/><br />
118
  <p>This API key is used for querying the Project Honeypot Deny List. It is required if you want to
119
  check IP addresses against the Project Honeypot database. You can register and get an API key at <a
120
- href="https://www.projecthoneypot.org/account_login.php" target="_blank">projecthoneypot.com</a>.<br />
121
  Allowed values are 0 to 9999. Only numbers are accepted.</p>
122
  <table align="center" cellspacing="1" style="background-color:#ccc;font-size:0.9em">
123
  <tr bgcolor="white">
@@ -136,7 +136,7 @@ $nonce = wp_create_nonce( 'ss_stopspam_update' );
136
  <input size="32" name="botscoutapi" type="text" value="<?php echo $botscoutapi; ?>"/><br />
137
  <p>This API key is used for querying the BotScout database. It is required if you want to
138
  check IP addresses against the botscout.com database. You can register and get an API key at <a
139
- href="https://botscout.com/getkey.htm" target="_blank">botscout.com</a>.<br />
140
  Allowed values are 0 to 9999. Only numbers are accepted.<br />
141
  <em>Please note that BotScout is disabled in this release because of policy changes at
142
  botscout.com.</em></p>
94
  } ?> /> Check to enable SFS lookups<br />
95
  You do not need an API key to check the Stop Forum Spam database, but if you want to report any
96
  spam that you find, you need to provide it here. You can register and get an API key at <a
97
+ href="https://www.stopforumspam.com/keys" target="_blank">https://www.stopforumspam.com/keys</a>.<br />
98
  You can set the minimum settings to allow possible spammers to use your site.<br />
99
  You may wish to forgive spammers with few incidents or no recent activity. I would recommend that to be
100
  on the safe side, you should block users who appear on the spam database unless they specifically ask to
117
  <input size="32" name="honeyapi" type="text" value="<?php echo $honeyapi; ?>"/><br />
118
  <p>This API key is used for querying the Project Honeypot Deny List. It is required if you want to
119
  check IP addresses against the Project Honeypot database. You can register and get an API key at <a
120
+ href="http://www.projecthoneypot.org/account_login.php" target="_blank">http://www.projecthoneypot.org/account_login.php</a>.<br />
121
  Allowed values are 0 to 9999. Only numbers are accepted.</p>
122
  <table align="center" cellspacing="1" style="background-color:#ccc;font-size:0.9em">
123
  <tr bgcolor="white">
136
  <input size="32" name="botscoutapi" type="text" value="<?php echo $botscoutapi; ?>"/><br />
137
  <p>This API key is used for querying the BotScout database. It is required if you want to
138
  check IP addresses against the botscout.com database. You can register and get an API key at <a
139
+ href="https://botscout.com/getkey.htm" target="_blank">https://botscout.com/getkey.htm</a>.<br />
140
  Allowed values are 0 to 9999. Only numbers are accepted.<br />
141
  <em>Please note that BotScout is disabled in this release because of policy changes at
142
  botscout.com.</em></p>
stop-spammer-registrations-new.php CHANGED
@@ -5,12 +5,12 @@ Plugin URI: https://wordpress.org/plugins/stop-spammer-registrations-plugin/
5
  Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
6
  Author: Bryan Hadaway
7
  Author URI: https://calmestghost.com/
8
- Version: 7.0.9
9
  License: https://www.gnu.org/licenses/gpl.html
10
  */
11
 
12
  // networking requires a couple of globals
13
- define( 'SS_VERSION', '7.0.9' );
14
  define( 'SS_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
15
  define( 'SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ) );
16
  define( 'SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ) . 'data/' );
@@ -25,20 +25,6 @@ function ss_styles() {
25
 
26
  add_action( 'admin_print_styles', 'ss_styles' );
27
 
28
- // restore settings from versions previous to 7.0
29
- if ( get_option( 'kpg_stop_sp_reg_options' ) !== false ) {
30
- update_option( 'ss_stop_sp_reg_options', get_option( 'kpg_stop_sp_reg_options' ) );
31
- delete_option( 'kpg_stop_sp_reg_options' );
32
- }
33
- if ( get_option( 'kpg_stop_sp_reg_stats' ) !== false ) {
34
- update_option( 'ss_stop_sp_reg_stats', get_option( 'kpg_stop_sp_reg_stats' ) );
35
- delete_option( 'kpg_stop_sp_reg_stats' );
36
- }
37
- if ( get_option( 'kpg_muswitch' ) !== false ) {
38
- update_option( 'ss_muswitch', get_option( 'kpg_muswitch' ) );
39
- delete_option( 'kpg_muswitch' );
40
- }
41
-
42
  // hook the init event to start work
43
  add_action( 'init', 'ss_init', 0 );
44
 
5
  Description: The Stop Spammers plugin blocks spammers from leaving comments or logging in. It protects sites from robot registrations and malicious attacks.
6
  Author: Bryan Hadaway
7
  Author URI: https://calmestghost.com/
8
+ Version: 7.1
9
  License: https://www.gnu.org/licenses/gpl.html
10
  */
11
 
12
  // networking requires a couple of globals
13
+ define( 'SS_VERSION', '7.1' );
14
  define( 'SS_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
15
  define( 'SS_PLUGIN_FILE', plugin_dir_path( __FILE__ ) );
16
  define( 'SS_PLUGIN_DATA', plugin_dir_path( __FILE__ ) . 'data/' );
25
 
26
  add_action( 'admin_print_styles', 'ss_styles' );
27
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  // hook the init event to start work
29
  add_action( 'init', 'ss_init', 0 );
30