Rah_comment_spam provides customizable anti-spam tools for Textpattern CMS’ comment system. Set minimum and maximum message length, filter spam words, validate email addresses, limit posting activity and set hidden spam traps. All from simple admin-side graphical user interface, no head first dive to code.
Using Composer:
$ composer require rah/rah_comment_spam
- Set comment message length limitations: minimum and maximum, words and characters.
- Limit link posting.
- Define spam words, and set the limit how many spam words are needed until comment becomes spam.
- Show customizable error messages when comment is blocked.
- Set a custom hidden spam trap field.
- Change the spam protection method.
- Set quotas, limit users’ comment posting activity.
- Integrates with Textpattern’s native preferences panel; no diving into code needed at all.
Once the plugin is installed, you can find set of new preferences in your Textpattern installation’s Preferences panel. To configure rah_comment_spam’s preferences navigate to Admin/Preferences and take a look at the Comments section. If you have commenting disabled on your site, you will have to toggle the Enable comments option to see the section.
Looking at the Preference’s panel’s Comments section, you should see set of options that weren’t there before. Those are the options that the plugin offers. In total, there should be around 18 new toggle-able items. The offered plugin’s options are as follows.
The option sets the action that is taken towards to comments flagged as a spam. There are three options you can choose from. The default option is Save to moderation queue which saves the comments to moderation queue. The detected comments won’t be visible to public, but are saved to moderation queue, and can be manually confirmed. The second option Ignore, do not save blocks the comments. The comments won’t be saved and the user is greeted with the message set in Message displayed to the user when the comment was blocked option. The third and last option Save and flag as spam saves the detected comment to the database as spam.
Sets the message that is shown to users when their comment is blocked by the filters. The message is only used when the protection method above is set to Ignore, do not save. With others, Textpattern’s build in language strings are used.
Sets words/terms that are considered as something that spam would contain. Separate multiple words with commas (,
). Used words are incase-sensitive. Example value: viagra, wares, wowgold
.
Sets which fields are filtered for spam words. Use comma-separated list of field names. Available values are name
, email
, web
and message
. Default option is name, email, web, message
.
Sets the maximum number of spam words a comment can have until it’s considered as spam. The lower the number, the stricter the filter is. Recommended value is between 2 to 10.
Option sets comment message’s URL limit. If a comment contains more URLs than the options allows, the comment is considered as spam.
Required minimum length of comment message in words. Shorter messages are considered as spam. Recommended value is 1
to 3
.
Maximum length of comment message in words. Longer messages are considered as spam. Note that message’s total size is limited to 65535 bytes (equals to around 65535 ASCII characters).
Required minimum length of comment in characters. Shorter messages are considers as spam. Recommended setting is 1
to 10
.
Maximum length of comment in characters. Longer messages are considers as spam. Note that message’s total size is limited to 65535 bytes. Valid values range from 0 to 65535 (equals to around 65535 ASCII characters).
Name of hidden spam trap field
If set, hidden spam trap field is added to the comment form. The field will be hidden with CSS, and if the field is filled, the comment is considered as spam. Default value is phone. Empty the field to disable the spam trap.
If set to Yes, users comment posting activity is limited. Comments going over the quota are considered as spam. Users are identified by their email addresses.
Sets the user’s quota limit. Default is ten (10
) comments per user.
Sets which comments in which articles are counted towards the quota limit. By default user’s comments in any article are taken into count. Available settings are In all articles, counts comments site-wide, and In current article which counts only comments in the current article the new comment is being posted to.
Sets the timespan used in the activity limiting. Comments older than this are not counted towards the quota limit. The time is set in seconds. For example setting the option to 600
, would count an user’s comments from the last ten minutes, and if the number goes over the quota, then the comment is considered as spam.
If set Yes, email address’ DNS records are checked. If the domain is found to be non-existent, the comment is considered as spam. The feature requires checkdnsrr function and the server must be allowed to make outgoing connections.
Makes sure that the user spent set amount of time writing the comment. Instant posters will be treated as spammers. Usually it’s recommended to keep this feature disabled. It can accidentally block fast writers if the required time is set to too high, but it can also successfully block spam bots which might try to post comments instantly, without interacting with the comment form. The time is counted from the initial article page load to the comment’s submitting.
Sets the required interaction time in seconds. Default is 5
. Higher values are not recommended usability-wise. If you set the value higher than 5 seconds, consider adding JavaScript based counter to the comment form that informs the users how much they have to wait.
- Fixed: Commenters’ comment quota check no longer tries to read IP addresses from Textpattern’s comment records. Textpattern 4.8 no longer stores commenters’ IP addresses, which was causing an error when quota validation was performed. Now we use commenter’s email address to check the how many comments the user has written.
- Fixed: Installation errors. Removed old migration script, that migrated pre-0.6.0 configuration data to the native preference panel. This migration caused an issue when tested with Textpattern 4.8.8 on PHP 8.1. An error was triggered which killed Composer package installation, if the old configuration database table did not exist. We could check the existence of the database table, but it’s been so long since the version 0.6 migration, that it’s better just to remove it.
- Fixed: Email domain name DNS validation. The email was considered valid, if the domain did not have either an A or a MX record. Now the check is performed the correct way around of requiring records.
- PHP >= 8.1 compatibility.
- Now requires Textpattern CMS >= 4.8.0
- Now requires PHP >= 7.4.
- Fix: Invoke uninstaller on uninstall.
- Added: Finnish translation.
- Fixed: Word and character limits are zero index. Setting a value to 1 means that one or more is applicable. Previously the limits had offset of one. Setting the value to 1 required 2.
- Now requires Textpattern version 4.5.0 or newer.
- Fixed: Update cached version number after running the installer.
- Updated help file.
- Fixed: Comment quota limit’s In current article option. Previously counting didn’t work when the in current article option was selected.
- Added: language string support. The interface now is translatable using Textpacks.
- Added: option to freely add any field to the list of that are checked for spam words. Used fields need to be defined in getComment().
- Improved: UTF-8 compatibility. The plugin now uses multibyte safe methods when possible.
- Changed: Migrated the preferences from own admin-interface and database table, to Textpattern’s native preferences panel. Preferences are now located at Admin/Preferences, in the Comments group.
- Changed: For new installations protection method now defaults to moderate instead of blocking.
- Changed: For new installations, default message length limits have been increased, and the example spam words have been removed.
- Now requires PHP5 or newer. PHP version 5.3 or newer is recommended. PHP 4 support has been dropped.
- For full feature compatibility Textpattern version 4.2.0 or newer is required. Textpattern v4.4.1 or newer is recommended.
- Added option to check the time the user used to write the comment and block instant posters. As discussed here.
- Removed unused HTML field ids and sizes from the backend pane.
- Added: now also filters
https://
,ftp://
andftps://
protocols, not just links starting withhttp://
. - Changed posting limit feature’s maximum post setting from “more than” to “equals or more than”. Setting the value to zero/or leaving it empty will disable the feature.
- Changed filtering method from and to or. This means, when the comment gets flagged by a filter for the first time, the spam filtering process ends instead going thru all the checks which are no longer needed. Gives slight performance boost.
- From version 0.4 onwards requires TXP 4.0.7 or newer.
- Now posting limits are counted barely by MySQL. No involment of PHP.
- Merged
rah_comment_spam_urlcount()
andrah_comment_spam_spamwords()
. - Now admin panel uses same type of sliding panels as seen in rah_sitemap.
- Added email DNS validation.
- Made writing spam definition list less strict. Now allows double commas, spaces and so on. Thanks Robert.
- Added user based time relative posting limit.
- Fixed hidden spam trap input’s escaping.
- Improved comment posting evaluating speed.
- Merged install, save, update and fetch arrays.
- Improved installation script.
- Merged SQL queries.
- Fixed forgotten
strtolower()
.
- Removed typo from admin panel: “Documention” to “Documentation”.
- Initial release.