The AVH First Defense Against Spam WordPress plugin gives you the ability to block spammers before any content is served. Spammers are identified by checking if the visitors IP exists in a database served by stopforumspam.com or by a local blacklist.
Current Release: Version 2.3.2 Released on: Dec 14, 2009
Download | Donate | Features | Support | Installation | FAQ | Changelog
Features
The visitor’s IP can be checked at the following third parties:
- Stop Forum Spam. http://www.stopforumspam.com
- Project Honey Pot. http://www.projecthoneypot.org (An API key is needed to check the IP at this party. The key is free.)
Separate thresholds can be set for the following features:
- Send an email to the board administrator with information about the spammer.
- Block the spammer before content is server.
Other features:
- Spammers can be blocked based on the information supplied by the third party or by using a local blacklist.
- Bypass the checks for the IP at the third parties and the local blacklist, based on IP in the local whitelist.
- Ability to add single IP’s and/or IP ranges to the blacklist and whitelist.
- When an IP is blocked a message can be displayed to the visitor with the reason why access was blocked.
- Report a spammer to Stop Forum Spam. A valid API key from Stop Forum Spam is necessary.
- Add a spammer to the local blacklist by clicking a link in the received email.
- Block spammers that access wp-comments-post.php directly by using a comment security check. An email can be send when the check fails.
- IP caching system
- Use a honey pot from Project Honey Pot
Blocking a potential spammer before content is served has the following advantages:
- It saves bandwidth.
- It saves CPU cycles. The spammer is actually checked and blocked before WordPress starts building the page.
- If you keep track of how many visitors your site has, either by using Google’s Analytics, WP-Stats or any other one, it will give you a cleaner statistic of visits your site receives.
This plugin is fully compatible with other anti-spam plugins, I have tested it with WP-Spamfree and Akismet.
The plugin also gives you some extra tips and tricks to stop spam by editing your htaccess file. To access them go to the settings of the plugin and click Tips and Tricksi
Screenshots
This message is shown when you select the option to show a message and the visitors IP is found in the Stop Forum Spam database.
This message is shown when you select the option to show a message and the visitors IP is blacklisted.
The option Report & Delete used to report a spammer to Stop Forum Spam and delete the spam.
Download
The AVH First Defense Against Spam plugin compatible with WordPress 2.7 and higher.
Version 2.3.2
Donate
If you enjoy this plug-in please consider a donation. There are several ways you can show your appreciation:
- Amazon Wish List
You can send me something from my Amazon Wish List which is shown in the sidebar. - Through Paypal.
Click on the Donate button and you will be directed to Paypal where you can make your donation and you don’t have to have a Paypal account.
Installation
- Download the archive and extract all in the wp-content/plugins directory.
- Go to your WordPress administration page, click on Plugins and activate it.
Support
If you have comments/problems/suggestions, see something in the code which is not compliant to the WordPress Plugin Codex, or just want to say “Cool! It works!”, feel free to create a post at the AVH Support Forum
FAQ
Is this plugin enough to block all spam? =
Unfortunately not.
I don’t believe there is one solution to block all spam. Personally I have great success with the plugin in combination with Akismet.
Does it conflicts with other anti-spam solutions?
I’m currently not aware of any conflicts with other spam solutions.
Changelog
Version 2.3.1
- Stop Forum Spam is only checked when a comment is posted. All other checks are still done before content is served. The reason for this change is the amount of traffic this plugin caused at the server of Stop Forum Spam.
Version 2.3
- Better error messages when a problem occurs with a call to Stop Forum Spam.
- Disabled Stop Forum Spam until a better solution is created.
Version 2.2
- Changed initial settings for email to not send E-Mail. This is better for busy sites.
- Option for using a honey pot page by Project Honey Pot.
- Change in IP caching system. Added the field lastseen. This field will be updated if an IP returns which was previously identified as spam. The daily cleaning of the IP cache database will use this field to determine if the record will be deleted.
- Bugfix: Database version was never saved.
- Bugfix: When HTP connection failed, IP was added as no-spam in cache when cache is active.
- Bugfix: Uninstall didn’t work.
- Bugfix: Validate admin fields.
Version 2.1.2
- Bugfix: Settings link on plugin page was incorrect.
Version 2.1.1
- Bugfix: Menu Option FAQ threw an error.
Version 2.1
- Added an IP caching system.
- Administrative layout changes.
- Optional email can be send with information about the cron jobs of the plugin.
- Bugfix: The default setting to terminate the connection for Project Honey Pot was unrealistic.
Version 2.0
- RFC: Optionally check the visitor at Project Honey Pot.
- RFC: Optionally receive error emails for failed calls to Stop Forum Spam. Error mails were always received.
- The plugin has a separate menu page.
- Added very simple statistics.
- Bugfix: Check Trackbacks/Pingbacks for spammers as well.
- Bugfix: Reporting a spammer without an email address failed. Stop Forum Spam changed their policy about reporting spammers without an email.
Version 1.3
- Updated determination of users ip. Now also detects right IP if the server is running Apache with nginx proxy.
Version 1.2.3
- Bugfix: HTTP Error messages didn’t work properly
- Refactoring of some of the code.
Version 1.2.2
- Bugfix: Trackback and Pingback comments were blocked as well
Version 1.2.1
- Better implementation for getting the remote IP.
Version 1.2
- Added security to protect against spammers directly posting comments by accessing wp-comments-post.php.
- An email can be received of a spammer trying posting directly. The email holds a link to report the spammer at Stop Forum Spam ( an API key is required).
- The black and white list can now hold ranges besides single IP addresses.
- Some small improvements and bug fixes.
Version 1.1
- Ability to report a spammer to Stop Forum Spam if you sign up on their website and get an API key (it’s free).
- Added a link in the emails to add an IP to the local blacklist.
- Bugfix: Uninstall did not work.
- RFC: A white list was added.
Version 1.0
- Initial version
Tried to activate, but I get this error (running WP 2.7) when I do – any ideas?
I extracted and copied the directory as it is in the zip file and also tried renaming the directory to avh-fdas as it mentions in the readme.txt file.
Parse error: syntax error, unexpected T_STRING, expecting ‘,’ or ‘;’ in /home/whav/public_html/wp-content/plugins/avh-fdas/avh-fdas.php(34) : runtime-created function on line 1
The readme.txt is wrong, sorry for that. But that hasn’t got anything to do with your problem.
It might related to another plugin.
Please visit: http://forums.avirtualhome.com/viewtopic.php?f=15&t=148
for further discussion.
A suggestion you might want to consider for your plug in is a white list or ignore list for the plugin so that it can ignore crawlers like Google which occasionally cause an error with your plugin…
TeraS
I’ll will add that option.
GREAT plugin! the only one able to really block an IP before Counterize logs it!!
tnx for the great work
I just updated it and noticed now we can use ranges, tnx a lot for it!
Thank you for the white list..
Getting an error which I used the white list to avoid this morning. It is choking on a robot that is crawling my site, one that I want to have crawl as it is my site index provider…
The error is:
An error has been detected
Error: avhfdas error: –
IP: 63.203.65.217
Accessing: /blog/?m=20080609
Call took: 0.22973895072937
Just an FYI….
TeraS
This is an email you received?
Yes Peter…
About 40 of them within 5 minutes this morning…
Tera
Something isn’t clear to me – does the plugin automatically check an IP against the list at stopforumspam.com? In other words, I don’t need to configure it or tell it to do that, it just does it?
Correct.
No need to tell the plugin to check the Stop Forum Spam database.
Every IP is checked unless it’s in the Whitelist or Blacklist:
The steps are
1. Check if IP in White list, if so go to step 4
2. Check if IP in Blacklist, if so Terminate the connection.
3. Check if IP in Stop Forum Spam database, if so and the threshold is reached Terminate the connection.
4. End of my plugin and process keeps going.
Hi Peter…
I was pondering something this morning and was wondering if it was possible to add this idea to the plug-in…
When you use the plug-in you get a “this IP was in the StopForumSpam list and was blocked” and after that is a link to the site to look at the information.
Would it be possible to see that information in the Email?
Some of the IPs that the plugin catches are Google or other search engines and it would be nice to know immediately if that was an IP was should be on the whitelist or not…
You might want to consider an additional connection to Project HoneyPot which defines the bot or spammer as:
Search Engine
Suspicious
Comment Spammer
and so on…
Just a thought!
Tera
I like the option of adding an optional extra check, I’ll look into that.
As far as the info is concerned, the email holds some info already from Stop Forum Spam.
They don’t provided the detailed information the Honeypot Project provides.What other info were you thinking of?
Really I think that the definition of what the IP is would be really useful….
For example, running a Who Is on an IP will tell you if the IP is from Google and then you can white list that IP or more likely, range of IPs so that the plug-in does not block Google from crawling…
The issue with StopForumSpam is that it only says it is a spammer and the frequency.
If you just click on the block, like I did this morning, you block Google on a crawl. Seeing the IP resolved to saying what the host is I think would just make it a quicker overall experience for the user…
Sowwy to be such a pain, but it’s just something that came to mind….
Tera
Congrats on the new version release Peter!
*huggles*
Tera
This plugin blocked all my traffic, I thought it was just a setting problem, I checked and everyone is still blocked. I removed the plugin and even after removal, im keep on receiving emails from my server regarding “AVH First Defense Against Spam”, the emails are non stop. Site is fully accesible again, i just don’t know how to stop the emails.. I’m receiving 200,000 pageviews daily. To the author of this plugin, please help. thanks
The emails you are receiving are probably all in the mail queue. Unless you have full access to the mailq, unfortunately the only thing left is receiving all the emails.
First of all, thank you for the great plugin.
I just have one question. How can I make the plugin stop sending me the email about spammers detection? I ticked/unticked every possible options but I keep getting emails from the plugin. Our website gets many visitors and apparently many spammers as well, and I get too much emails from the plugin. Is there way to stop this?
I’m glad the plugin is working out for you.
If you set the email threshold in the 3rd party options to -1 you will never receive an email.
You can set a threshold for both Stop Forum Spam and Project Honey Pot separately.
That’s what I did.
I still get “Spammer Detected” email.
Is it a bug? Or is there any other ways to stop the plugin emails?
I moved this to my forum, it’s a better way to discuss this at the moment.
http://forums.avirtualhome.com/viewtopic.php?f=15&t=198
I just noticed, I have the IP cache enabled on my site, and the Overview page says that it is. But the 3 lines, Total in cache, Total Clean, and Total Spam, have no numbers associated with them.
The latest update of First Defence Against Spam breaks my index page after a few lines, ignored by browsers, but not by google and probably other crawlers, so google ignores my website…
see webmaster tools, how google bot sees….
Maarten,
With Webmaster Tools I no longer have the How Google sees option, it’s been replaced by Labs -> Fetch as Google Bot but when I do this my page comes out fine. Everything is displayed.
If you could please show what the google bot sees for your site but don’t post it here, just post it in my forum. (http://forums.avirtualhome.com)
Currently, as this mod exists, it is the single biggest source of abuse at our website.
Users will start to find that their blogs will be blocked on our website unless Peter changes the way in which the mod works, from testing every connection to testing only comments when they are added or when a user is registering.
This mod, I believe, was the only reason that we introduced a 5000/day query limit and why our hosting bills and database utilization have skyrocketed. The API we provide is NOT for testing connections (use zbblock or htaccess instead) but is for the checking of new users/messages.
Please change the mod asap because heavy usage of our API will result in IP bans, which will result in serious loading times on your blogs
As of version 2.3 this problem has been dealt with.
Thanks Peter for the emails and so forth, its been really good to see changes made so quckly
How do I view the cached IPs?
I don’t have this implemented yet. It’s on the to-do list.
Hi Peter…
Came across something that I thought I would tell you about…
I have a blog in UTF8 which has a ‘ in the blog name, that is correctly processed in the email issued by the plug-in.
I have another blog in latin1 in which the ‘ does not translate correctly in the email…
Took me forever to figure out that is the issue…
HTH!
Tera
I’ve got a good one for you
I’m testing this out on WP-3.0-Alpha, running multi sites.
If I ‘Network Activate’ (i.e. activate for all blogs), then I can’t use the drag-and-drop widgets, or dropdowns on menus. This was fixed by just not doing that.
HOWEVER, when it’s activated, no gravatars show up on the edit-comments page, but they DO show up on the Dashboard.
Wild, no?
Hi, it would be nice to be able to drill down into the spam statistics amd IP cache from the overview.
Thanks for great antispam. In May it blocked more than 800 spam comments.
I’m glad to hear it is working so well for you. Don’t forgot to Report&Delete the spam messages in WordPress. Your contributions help build their database.
This plugin is by far the most effective anti-comment-spam measure I have found to date. I used to add spammer IPs to the default WP blacklist and also to the site’s root .htaccess; a tedious process at best. Since AVH First Defense doesn’t serve content to blacklisted or database-listed spammers, there’s no need to do that anymore.
I’ve used other plugins that also access the Stop Forum Spam DB but AVH is the first that lets me report new offenders that leak through.
This is also one of the few plugins that gives you truly useful information about why a comment was deemed spam, i.e. “attempted to access wp-comments-post.php directly”. There is no longer any mystery about whether innocuous-seeming comments are human or bot-generated.
After moving the .htaccess blacklist into AVH First Defense, and locally blacklisting + reporting another 20 or so spammers, spamming has just plain stopped. Nothing leaks through for Akismet to check.
Superb work, I’m really impressed.