Diagnostics Results
'; echo $ansa; exit; } function astound_update_option() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name=$_POST['name']; $name=sanitize_text_field($name); $checked=$_POST['checked']; $checked=sanitize_text_field($checked); $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if ($checked=='true') { $checked='Y'; } else { $checked='N'; } if (!function_exists('astound_set_option') ) { echo "function not found????"; exit; } astound_set_option($name,$checked); echo "I'm back"; //astound_errorsonoff('off'); exit; } function astound_update_spamwords() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name='spamwords'; $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //convert the textarea to an array. $spamwords=$_POST['spamwords']; $spamwords=sanitize_textarea_field($spamwords); if(empty($spamwords)) { $spamwords=array(); } else { $spamwords=esc_textarea($spamwords); $spamwords=explode("\n",$spamwords); } $tblist=array(); foreach($spamwords as $bl) { $bl=trim($bl); if (!empty($bl)) $tblist[]=$bl; } $options['spamwords']=$tblist; $spamwords=$tblist; astound_set_option('spamwords',$spamwords); echo "OK"; // close the textarea //astound_errorsonoff('off'); exit; } function astound_update_wlist() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name='wlist'; $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //convert the textarea to an array. $wlist=$_POST['wlist']; $spamwords=sanitize_textarea_field($wlist); if(empty($wlist)) { $wlist=array(); } else { $wlist=esc_textarea($wlist); $wlist=explode("\n",$wlist); } $tblist=array(); foreach($wlist as $bl) { $bl=trim($bl); if (!empty($bl)) $tblist[]=$bl; } $options['wlist']=$tblist; $wlist=$tblist; astound_set_option('wlist',$wlist); echo "OK"; // close the textarea //astound_errorsonoff('off'); exit; } function astound_control() { // this is the display of information about the page. if (array_key_exists('resetOptions',$_POST)) { astound_force_reset_options(); } $ip=astound_get_ip(); $nonce=wp_create_nonce('astound_options'); $options=astound_get_options(); extract($options); ?>

Astounding Spam Prevention Version


Check Accept Header
Spammers often neglect to send the proper HTML headers. This rejects updates without the proper accept header
Check User Agent
User Agent identifies the kind of browser accessing the web page. A missing or non-standard user agent identifies a spammer.
Check Band Neighborhoods
Every month I run lists of spammer IP addresses through a program which distills them into a list of bad neighborhoods. This should show the most recent spam sources. It is mostly Russian, Chinese, Indian and Eastern European hosting companies with some US addresses included.
Check bbcode
Spammers like to put bbcode like [url]Spam website[/url]. This option rejects anyone using bbcode in a comment.
Check Disposable Emails
Disposable email accounts are used by spammers to help them remain annonymous. This checks against a recent list of disposable email servers and rejects anyone using them
Check zen.spamhaus.org Black List
Spamhous is one the largest and most comprehensive spam blacklists. This is a check on a users internet address to see if Spamhaus sees the user as a spammer.
Check for Exploits
Spammers sometimes try to put SQL injection, JavaScript or other pieces of code into forms. This checks for some common exploits and rejects anyone trying to use them.
Check for Hosting Companies
Comments and registrations should come from real users. A web host only tries to access your site if it is a robot controlled by spammers. This rejects any request that comes from a hosting company.
Check HTTP_REFERER
The referer(sp) is the url of the page that submitted the comment or registration form. All forms submits must come from your website. Sometimes a spammer is lazy and the referer is missing or incorrect.
Check for long names and email
Spammers can't resist putting their smarmy message anywhere they can. Sometimes the email is hundreds of characters long full of spam messages. This option rejects long email addresses, subjects and user names.
Check for short names and email
Spammers sometimes leave off the email or don't use a valid one. This checks for short email addresses and rejects them.
Check quick response
This uses a cookie to see how fast a user fills in a form. Anything 3 seconds or less is too quick and the spammer is rejected.
Check non-generic TLDs
If a person uses a domain type (TLD) other than .COM, .ORG, .NET, .EDU, .MIL, or .GOV he could be a spammer. It is very easy to get a yahoo or gmail account, so if you don't have one it is a potential problem. It is harder to abuse a gmail address than it is to abuse mail.ru. If you deal with mostly non-US users than you will want to turn this off.
Check for too many periods in email
You can put extra periods in the name part of an email address to make it readable. Spammers like to add lots of periods. More than 3 periods in an email address is the sign of a spammer.
Check for subdomains in email address
Using a subdomain for an email address like mail.users.frank.social.com is a clue that the user might be a spammer. This check is turned off by default, but turn it on if you start getting email spam like this.
Check for Spam Domains
This checks messages, subjects and email addresses against a list of domains used by spammers. If the domain is present (usually in links), the spammer is rejected.
Check for Common Spam Words
This checks messages, subjects and email addresses against a list of the most common spammy words.
Check for Tor Exit Nodes
Tor, or "the dark net", is used by a few privacy advocates, and a great many drug dealers, paedophiles and other criminals including spammers. You should ask yourself why you need comments from someone who has taken great lengths to hide their identity.
Check for Toxic Networks
There are internet networks that have never been used for anything but spam. Stop Forum Spam keeps an up to date list of them. This rejects anyone who comes from one of these networks.
User White List
Add ip addresses here, one to a line to add a user to a white list so that spam checking is bypassed
5000) { echo "The log file is $logsize bytes in size. Please consider deleting it.\r\n\r\n"; } $logarray=file(ASTOUND_PLUGIN_FILE.'.astound_debug_output.txt'); $logarray=array_reverse($logarray); $log= "\r\n".implode("\r\n",$logarray); $log=str_replace("\r\n\r\n","\r\n",$log); $log=esc_textarea($log); echo $log; } else { echo "Log file not found"; } exit; } function astound_show_option_dump() { $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if (!function_exists('astound_get_options')) { astound_require('includes/astound-init-options.php'); } echo "\r\n"; $raw=print_r(astound_get_options(),true); $raw=esc_textarea($raw); echo $raw; exit; } function astound_delete_log_file() { if(file_exists(ASTOUND_PLUGIN_FILE.'.astound_debug_output.txt')) { unlink(ASTOUND_PLUGIN_FILE."/.astound_debug_output.txt"); astound_log("log deleted"); } else { astound_log("new log file"); } return ""; } function astound_force_reset_options() { $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if (!function_exists('astound_reset_options')) { astound_require('includes/astound-init-options.php'); } astound_reset_options(); } function astound_run_tests() { // runs the tests $check=array( 'astound_chkwlist', 'astound_chkcache', 'astound_chkaccept', 'astound_chkagent', 'astound_chkbadneighborhoods', 'astound_chkbbcode', 'astound_chkdisp', 'astound_chkdnsbl', 'astound_chkdomains', 'astound_chkexploits', 'astound_chklong', 'astound_chkperiods', 'astound_chkreferer', 'astound_chksession', 'astound_chkshort', 'astound_chksubdomains', 'astound_chktld', 'astound_chkspamwords', 'astound_chkinvalidip', 'astound_chkisphosts', 'astound_chktor', 'astound_chktoxic' ); astound_require('includes/astound-class-loader.php'); $ansa=""; foreach($check as $module) { $ansa.= "testing $module result="; $ip=$_POST['ip']; $ip=sanitize_text_field($ip); $res=astound_load_module($module,$ip); if ($res===false) { $res="OK"; } $ansa.= "$res
"; } return $ansa; } function astound_redirect() { $uri=$_SERVER["REQUEST_URI"]; if (empty($uri)) { $uri=$_SERVER["SCRIPT_NAME"]; } wp_redirect($uri); exit; } ?>