How to block clever...
 
Share:
Notifications
Clear all

[Solved] How to block clever spammers

6 Posts
2 Users
0 Likes
1,260 Views
Posts: 5
Topic starter
(@kennethschnetz)
Active Member
Joined: 2 years ago

Hello,Β 

We have spammers who are pasting in links in a different font so it's getting around our spam checks.

Our spam blocking will prevent this: Payit12.TK

But not this: 𝐏𝐚𝐲𝐒𝐭𝟏𝟐.π“πŠ

Is there a way to disallow pasting of text into the comment form, or to remove all formatting from text?

5 Replies
Asti
Posts: 6987
 Asti
Support
(@asti)
Illustrious Member
Joined: 6 years ago

Hi,

You can use the following code

add_filter('wpdiscuz_allowedtags',function($allowedtags){
    //remove <strong> tag
    if(isset($allowedtags['strong'])){
        unset($allowedtags['strong']);
    }

    //remove <b> tag
    if(isset($allowedtags['b'])){
        unset($allowedtags['b']);
    }
    return $allowedtags;
});

Put the code in the active theme functions.php file.Β 

This is just an example. The test ot tags can be managed on the same way.

Β 

3 Replies
(@kennethschnetz)
Joined: 2 years ago

Active Member
Posts: 5

@asti unfortunately, that did not work. The issue seems to be the font family, not tags. I looked in the database and the comment does not have any tags. Here is another example of a comment we got today:

I’ve made $84,000 so far this year working online and I’m a full time student. I’m using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. The potential with this is endless.
Here’s what I do…….. π‘Ύπ’˜π’˜.π‘ͺ𝒂𝒔𝒉𝑨𝒑𝒑1.π‘ͺπ’π’Ž

Note how the url has a different font altogether. This allows the commenter to get around the WordPress disallowed keys because the keys are not using the same font. Apparently, PHP does not see .Com and .π‘ͺπ’π’Ž as the same strings. Therefore, there is nearly an infinite number of combinations these spammers can use to get around the disallowed keys.

Any ideas?

Asti
 Asti
Support
(@asti)
Joined: 6 years ago

Illustrious Member
Posts: 6987

@kennethschnetz,

The spammers must have to add the text in some tags, otherwise, they can't add the font-family. That is there is no way to apply the font-family to the part of the text. Β 

(@kennethschnetz)
Joined: 2 years ago

Active Member
Posts: 5

@asti Here is a screenshot of the comment in the database, there are no tags but the characters are different:

image

This comment is not flagged as spam, despite the words www and .com existing in the WordPress backlisted keys list.

Posts: 5
Topic starter
(@kennethschnetz)
Active Member
Joined: 2 years ago

I believe I found a solution to the issue of spammers using non-standard alphabet characters, though it required us to remove emojis and the rich text bar entirely.Β 

Any comment that is posted or edited must match the following PHP pattern or it will be trashed:

$pattern = '/[^a-zA-Z!? &.,$-–_…*\'β€˜β€™"β€œβ€:%()\s\d\/]/m';
if (preg_match($pattern, $comment_content)) {
    wp_trash_comment($comment_id);
}
Share: