en Documentation
The range of functions of the Antispam plugin for WordPress is manageable and is mainly focused on the defense of spam entries via comments and pings. Most functions of the application can be controlled via the panel with settings to determine the desired result of the protection. Each individual option of the tool is presented below. Since version 2.4.5, the option page consists of three main columns with choices. The columns are flexible and lined up side by side depending on the width of the window. In the following, the individual columns are presented as separate areas with plugin settings.
The order of the listed filters corresponds exactly to the test order in the plugin core. The rank order was not determined randomly, the focus is to reduce the load on your own database.
Authors with previously released comments will always be trusted with the choice of this option. Comments from these users are not checked or questioned at any time. E-mail address serves as an identifier.
Implementation: Antispam Bee 1.4
Antispam Bee checks for the existence of a valid gravatar. Commentators with a Gravatar are familiar, further Antispam examinations of the comment will not be done.
Data protection: The Gravatar can be determined by an MD-5-Hash of the email address of the commenter. Other data of the commentator like the IP address are not part of the transmission. This setting is optional and not part of the default settings.
Implementation: Antispam Bee 2.6.5
Consideration of comment time. Details on Google+ (only in german).
Implementation: Antispam Bee 2.6.4
Many spam comments are purely forum spam, which is massively sent to WordPress blogs. Whether this is a misbehavior of the programmers remains unclear.
The fact is: Comments with BBCode in the content are clearly spam. Unless WordPress plugins were installed in the blog to allow commentators to use bulletin board code. If this is the case, the setting must not be switched on.
When activated, Antispam Bee checks incoming comments for the existence of BBCode links.
Implementation: Antispam Bee 2.5.1
As an additional detection method, Antispam Bee checks available network information from the sender (e.g. hostname) and evaluates it anonymously and profitably. The analysis takes place directly in the blog without external services.
Implementation: Antispam Bee 1.4
There are spam comments that correspond to a specific pattern. Antispam Bee uses this to filter unwanted comments. For this purpose, predefined and/or plug-in-defined regular expressions are used for attributes of a WordPress comment (comment text, e-mail address, link and IP). The search is intended to recognize clear contexts and classify spam.
Experienced users can create their own filters, which Antispam Bee can use for spam detection. For this purpose, an interface has been created which accepts and processes further RegExp rules. An example on the Hooks Wiki page shows the methodology of the filter extension.
Looks simple, but the option is very powerful and diverse: custom antispam rules that are adapted to the current type of spam can be determined at any time. Conclusion: Faster response with less spam.
Restriction: For comments only
Hook: antispam_bee_patterns
Implementation: Antispam Bee 2.5.2
Antispam Bee compares the URL, IP and email addresses of posted comments with locally available values of spam-marked comments - which are in the blog database. In plaintext: If the blog already contains a spam entry with an identical IP, URL or e-mail address, this attempt to comment is classified as a pest and treated accordingly (marked or deleted) depending on the settings.
The option "Mark as spam, do not delete" should be activated for the increasing effectiveness of the option through a rich set of data of local spam. A larger amount of data automatically means a higher hit rate for incoming spam attempts within a WordPress blog.
Implementation: Antispam Bee 2.0
This functionality is based on the progressive data set of Stop Forum Spam with IP addresses of active spammers. If a comment spammer is present in the information store of the free service, Antispam Bee also classifies the associated contribution as an misuse.
Depending on the setting "Do not check trackbacks / pingbacks", this approach also affects new entries via trackbacks.
Data protection: To get the status, the IP address of the commentator will be send to the data provider stopforumspam.com. Other data will not be send. Since the IP address is send without being shortend or hashed, this option should not be activated in EU countries. On a technical level, the provider of these kinds of databases rely on complete IP addresses to provide their service.
Implementation: Antispam Bee 1.7
Antispam Bee is able to identify the country of origin of a comment by the IP address used. Based on this characteristic, remote comments and trackbacks from fixed countries can be prevented (e.g. from Asia) or explicitly released (e.g. only European countries).
The country filter is located just before the end of the long test routine, so it is treated with a low priority. If, therefore, a comment were to persists all protective measures, then at the end, this filter decides whether the element should pass as a valid comment or not. The function is a further, manually adjustable test method of the Antispam plugin.
When the option is activated, two additional fields appear, which are the basis for the filter: Blacklist & Whitelist. Either or: Only one of the lists can be filled, a combination of both data sets is not possible. If the plugin option "not check trackbacks / pingbacks" is active in the MORE column, then trackbacks are excluded from the country check.
In the blacklist, double-digit country codes are to be specified in ISO format separated by a comma. Comments from these countries are blocked by the plugin, other countries are released. Example: CN, US - prevents all comments from China and the USA, the rest of the world has free (commentary) entry.
The Whitelist maintains country codes that have an exclusive permission to comment. Only Readers from these countries may leave comments and pings. Entries from the rest of the region are automatically classified as spam and treated. Example: DE, AT, CH as a value allowes Germany, Austria and Switzerland as commentator the only countries. The rest dies.
Data protection: To determine the geographical position of the user, Antispam Bee sends an anonymised (this means shortend) IP-Address to the online service IP2Country. Other data of the commentator is not send. This settings is optional and not part of the default settings.
Implementation: Antispam Bee 1.7
Most spam attracts attention from its "unsuitable" language: English comments written in a German-language blog are usually unwanted advertising messages - depending on the target group of the blog there are certainly exceptions. This criterion uses Antispam Bee for spam detection and combat.
After activating this option and choosing the desired language, the WordPress plugin ensures that comments are allowed only in selected language. Comments in other language variations are permanently classified as spam.
Data protection: To detect the language, Antispam Bee is using Google Translate. It sends a part of the comment to the service. Other data about the commentator (like IP or email address) are not send. This setting is optional and not part of the default setting.
Restriction: Only for comments
Implementation: Antispam Bee 2.0
If this option is active, it marks any suspicious comment and trackback as spam. In the inactive state, Antispam Bee deletes any spam attempt without saving it in WordPress. When activated, additional fine adjustments are available to each plugin user, which are explained in the following.
Implementation: Antispam Bee 0.2
The blog administrator can be informed about incoming spam comments via e-mail. The e-mail contains comment-relevant data and further links. Since Antispam Bee 2.5.7, the filter antispam_bee_notification_subject can be used to define a custom subject for notifications.
Hook: antispam_bee_notification_subject
Implementation: Antispam Bee 1.2
By default, Antispam Bee saves the suspicion in comment metadata. Antispam Bee lists the calculated values in the separate tab column within the overview with spam comments. If this option is enabled, it prevents the suspicious reason from being stored and does not display the column in the spam overview.
Implementation: Antispam Bee 2.6.0
Spam entrys, which are older than X days, are automatically removed from the spam overview by the plugin. This keeps the size of the database as small as necessary. If the "Look in the local spam database" option is active, it is again advantageous to have a larger amount of spam already detected.
Implementation: Antispam Bee 0.7
The active option paired with the selection box creates an exception for the selected type. Example: Limit approval to trackbacks deletes immediately suspicious comments, but dubious trackbacks are marked as spam and never deleted. In this example, comment-spam is always removed, suspicious trackbacks can be checked by the admin.
Implementation: Antispam Bee 0.9
The plugin created artificially comment form and which is filled by most spam bots recognizes nearly 99 percent of the total spam volume in WordPress blogs. The False Positive rate, on the other hand, equals zero. Why then keep such spam and be notified via e-mail? Does not have to be mandatory.
Antispam Bee 2.4 brings an internal filter, which immediately deletes the detected spam depending on the reason (see below). In this way, the administrator can only keep spam entries with more error-prone causes (language, country limit etc.) in the comment area of the blog. For control or learning.
For this purpose, the Antispam plugin provides a list of possible suspicious reasons to choose from. If a comment or trackback comes up with one of the reasons from this - user selected - list, the plugin removes the newcomer without hesitation. "Parasites", which are classified for reasons other than spam, are marked by Antispam Bee and Antispam Bee will sent a suitable notification depending on the setting.
Implementation: Antispam Bee 2.4
As an interactive dashboard widget in the administration area: A quick overview of the daily spam traffic is provided by the graphically prepared timeline of the last 30 days.
Implementation: Antispam Bee 1.9
Antispam Bee statistics on the dashboard
If the Antispam plugin is configured to mark fraudulent comments (to not delete them), the total number of such entries is displayed on the dashboard in red within the tile "at a glance". However, if the spam is immediately deleted by Antispam Bee (without saving it), this option displays on the dashboard an additional column with the sum of the total detected spam comments. The number can be printed in the current theme. To do this include the following code in the WordPress template at the desired location.
<a href="http://antispambee.de">Antispam Bee</a> spared the blog of <?php do_action('antispam_bee_count') ?> spam comments
Implementation: Antispam Bee 1.2
By default, all incoming ping and trackbacks are analyzed by the Antispam plugin and marked in case of suspicion. Enabling this option completely turns off the automatic check of incoming blog notifications.
Implementation: Antispam Bee 0.4
The typical location of a comment form is the article page (posts or pages). Antispam Bee monitors in these places the comments on unwanted advertising. If the comment form is also integrated in other areas of the blog (e.g. archive pages), then this fact should be communicated to the plugin by activating the checkbox.
Implementation: Antispam Bee 1.3
Antispam Bee distinguishes between various suspicious reasons. In short: For what reason was the current comment or trackback classified as spam? These reasons are communicated by the Antispam solution to bloggers by announcing the current suspicious reason in the notification mail and the notice [marked as spam by Antispam Bee] in the comment overview of the blog. These suspicious reasons are implemented and have the following meaning:
| Identification | Meaning or function |
|---|---|
| CSS Hack | Bot entered data into the hidden (honeypot) comment field |
| Comment time | Comment was submitted too quickly (default threshold is 5 seconds) |
| Empty Data | Comment was empty or had incomplete values |
| Fake IP | Commenter's IP address was not valid |
| Local DB Spam | Commenter's IP address or email matches one already marked as spam |
| Country check | Comment was submitted from one of the blacklisted countries |
| DNSBL Spam | Commenter's IP address or email was found within StopForumSpam database |
| BBCode | Comment contains BBCode tags |
| RegExp | Comment matches one of the regular expression filters |
| Comment Language | Comment was not in the whitelisted language |
The Antispam plugin is able to log spam detected in a log file. This can be very useful to detect spam requests by Fail2Ban at the server level. For this purpose, a filter file can be used for the Fail2Ban configuration.
Simple commissioning of the function: Activate the logging for Antispam Bee in the WordPress configuration file wp-config.php by assigning the constant ANTISPAM_BEE_LOG_FILE to the server path to the logfile. The file must be writable.
Example:
define('ANTISPAM_BEE_LOG_FILE', '/var/log/spam.log');
Implementation: Antispam Bee 2.5.7
The following links contain tips for using and optimizing the Antispam plugin for WordPress: [Reduce spam] (https://plus.google.com/+SergejM%C3%BCller/posts/dZmhFZTMTjh)