wpDiscuz - WordPress Comment Plugin
Share:
Notifications
Clear all

How to block clever spammers


kennethschnetz
Posts: 5
Topic starter
(@kennethschnetz)
Active Member
Joined: 3 days ago

Hello,Β 

We have spammers who are pasting in links in a different font so it's getting around our spam checks.

Our spam blocking will prevent this: Payit12.TK

But not this: 𝐏𝐚𝐲𝐒𝐭𝟏𝟐.π“πŠ

Is there a way to disallow pasting of text into the comment form, or to remove all formatting from text?

Topic Tags
5 Replies
Asti
Posts: 3337
 Asti
Support
(@asti)
Support member
Joined: 4 years ago

Hi,

You can use the following code

add_filter('wpdiscuz_allowedtags',function($allowedtags){
    //remove <strong> tag
    if(isset($allowedtags['strong'])){
        unset($allowedtags['strong']);
    }

    //remove <b> tag
    if(isset($allowedtags['b'])){
        unset($allowedtags['b']);
    }
    return $allowedtags;
});

Put the code in the active theme functions.php file.Β 

This is just an example. The test ot tags can be managed on the same way.

Β 

Reply
3 Replies
kennethschnetz
(@kennethschnetz)
Joined: 3 days ago

Active Member
Posts: 5

@asti unfortunately, that did not work. The issue seems to be the font family, not tags. I looked in the database and the comment does not have any tags. Here is another example of a comment we got today:

I’ve made $84,000 so far this year working online and I’m a full time student. I’m using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. The potential with this is endless.
Here’s what I do…….. π‘Ύπ’˜π’˜.π‘ͺ𝒂𝒔𝒉𝑨𝒑𝒑1.π‘ͺπ’π’Ž

Note how the url has a different font altogether. This allows the commenter to get around the WordPress disallowed keys because the keys are not using the same font. Apparently, PHP does not see .Com and .π‘ͺπ’π’Ž as the same strings. Therefore, there is nearly an infinite number of combinations these spammers can use to get around the disallowed keys.

Any ideas?

Reply
Asti
 Asti
Support
(@asti)
Joined: 4 years ago

Support member
Posts: 3337

@kennethschnetz,

The spammers must have to add the text in some tags, otherwise, they can't add the font-family. That is there is no way to apply the font-family to the part of the text. Β 

Reply
kennethschnetz
(@kennethschnetz)
Joined: 3 days ago

Active Member
Posts: 5

@asti Here is a screenshot of the comment in the database, there are no tags but the characters are different:

image

This comment is not flagged as spam, despite the words www and .com existing in the WordPress backlisted keys list.

Reply
kennethschnetz
Posts: 5
Topic starter
(@kennethschnetz)
Active Member
Joined: 3 days ago

I believe I found a solution to the issue of spammers using non-standard alphabet characters, though it required us to remove emojis and the rich text bar entirely.Β 

Any comment that is posted or edited must match the following PHP pattern or it will be trashed:

$pattern = '/[^a-zA-Z!? &.,$-–_…*\'β€˜β€™"β€œβ€:%()\s\d\/]/m';
if (preg_match($pattern, $comment_content)) {
    wp_trash_comment($comment_id);
}
Reply
Share: