Diagnostics Results
'; echo $ansa; astound_errorsonoff('off'); exit; } function astound_show_cache() { try { $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //$astound_opt=$_POST['astound_opt']; //$astound_opt=sanitize_text_field($astound_opt); //$ansa="Got something?"; $ansa=astound_get_cache(); echo $ansa; } catch (Exception $e) { echo ("exception in show cache $e"); } //return "show"; } function astound_get_cache() { try { $cache=get_option('astound_cache'); $ansa=""; if (empty($cache) || !is_array($cache)) { return "Cache is empty"; } foreach($cache as $key => $value) { $reason=$value['reason']; $time=$value['time']; $time = date ('Y-m-d H:i:s',$time); $ansa.="$key - $time - $reason
"; } // for testing //$raw=print_r($cache,true); //$raw=esc_textarea($raw); //$ansa.="
".$raw; if (empty($ansa) || strlen($ansa)<=10) { $ansa="nothing in cache"; } return $ansa; } catch (Exception $e) { return ("exception in show get $e"); } } function astound_update_option() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name=$_POST['name']; $name=sanitize_text_field($name); $checked=$_POST['checked']; $checked=sanitize_text_field($checked); $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if ($checked=='true') { $checked='Y'; } else { $checked='N'; } if (!function_exists('astound_set_option') ) { echo "function not found????"; exit; } astound_set_option($name,$checked); echo "I'm back"; //astound_errorsonoff('off'); exit; } function astound_update_spamwords() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name='spamwords'; $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //convert the textarea to an array. $spamwords=$_POST['spamwords']; $spamwords=sanitize_textarea_field($spamwords); if(empty($spamwords)) { $spamwords=array(); } else { $spamwords=esc_textarea($spamwords); $spamwords=explode("\n",$spamwords); } $tblist=array(); foreach($spamwords as $bl) { $bl=trim($bl); if (!empty($bl)) $tblist[]=$bl; } $options['spamwords']=$tblist; $spamwords=$tblist; astound_set_option('spamwords',$spamwords); echo "OK"; // close the textarea //astound_errorsonoff('off'); exit; } function astound_update_wlist() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name='wlist'; $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //convert the textarea to an array. $wlist=$_POST['wlist']; $wlist=sanitize_textarea_field($wlist); if(empty($wlist)) { $wlist=array(); } else { $wlist=esc_textarea($wlist); $wlist=explode("\n",$wlist); } $tblist=array(); foreach($wlist as $bl) { $bl=trim($bl); if (!empty($bl)) $tblist[]=$bl; } $options['wlist']=$tblist; $wlist=$tblist; astound_set_option('wlist',$wlist); echo "OK"; // close the textarea //astound_errorsonoff('off'); exit; } function astound_update_tldlist() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name='tldlist'; $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //convert the textarea to an array. $tldlist=$_POST['tldlist']; $tldlist=sanitize_textarea_field($tldlist); if(empty($tldlist)) { $tldlist=array(); } else { $tldlist=esc_textarea($tldlist); $tldlist=explode("\n",$tldlist); } $tblist=array(); foreach($tldlist as $bl) { $bl=trim($bl); if (!empty($bl)) $tblist[]=$bl; } $options['tldlist']=$tblist; $tldlist=$tblist; astound_set_option('tldlist',$tldlist); echo "OK"; // close the textarea //astound_errorsonoff('off'); exit; } function astound_update_badtldlist() { // Handle request then generate response using WP_Ajax_Response //astound_errorsonoff(); $name='badtldlist'; $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } //convert the textarea to an array. $tldlist=$_POST['badtldlist']; $tldlist=sanitize_textarea_field($tldlist); if(empty($tldlist)) { $tldlist=array(); } else { $tldlist=esc_textarea($tldlist); $tldlist=explode("\n",$tldlist); } $tblist=array(); foreach($tldlist as $bl) { $bl=trim($bl); if (!empty($bl)) $tblist[]=$bl; } $options['badtldlist']=$tblist; $tldlist=$tblist; astound_set_option('badtldlist',$tldlist); echo "OK"; // close the textarea //astound_errorsonoff('off'); exit; } function astound_control() { // this is the display of information about the page. if (array_key_exists('resetOptions',$_POST)) { astound_force_reset_options(); } $ip=astound_get_ip(); $nonce=wp_create_nonce('astound_options'); $options=astound_get_options(); extract($options); ?>

Astounding Spam Prevention Version


To turn an option on or off just click the button. The options are automatically saved.
Some options have a list associated with them. Click the edit button next to them and add or delete list items. Use a separate line for each item.

Recommended settings

These are the settings to are most effective in identifying spam and still do not give false positives. It is recommended that these options are all turned on.
Check Accept Header
Spammers often neglect to send the proper HTML headers. This rejects updates without the proper accept header
Check User Agent
User Agent identifies the kind of browser accessing the web page. A missing or non-standard user agent identifies a spammer.
Check Bad Neighborhoods
Every month I run lists of spammer IP addresses through a program which distills them into a list of bad neighborhoods. This should show the most recent spam sources. It is mostly Russian, Chinese, Indian and Eastern European hosting companies with some US addresses included.
Check bbcode
Spammers like to put bbcode like [url]Spam website[/url]. This option rejects anyone using bbcode in a comment.
Check Disposable Emails
Disposable email accounts are used by spammers to help them remain annonymous. This checks against a recent list of disposable email servers and rejects anyone using them
Check zen.spamhaus.org Black List
Spamhous is one the largest and most comprehensive spam blacklists. This is a check on a users internet address to see if Spamhaus sees the user as a spammer.
Check Stop Forum Spam Black List
This does a quick lookup on the SFS database for any spam that has occurred in the last 99 days with a frequency greater than twice for the users IP. It is possible that the SFS is under one of its frequent denial of services attacks so this may not report spam correctly.
Check for Exploits
Spammers sometimes try to put SQL injection, JavaScript or other pieces of code into forms. This checks for some common exploits and rejects anyone trying to use them.
Check for Hosting Companies
Comments and registrations should come from real users. A web host only tries to access your site if it is a robot controlled by spammers. This rejects any request that comes from a hosting company.
Check HTTP_REFERER
The referer(sp) is the url of the page that submitted the comment or registration form. All forms submits must come from your website. Sometimes a spammer is lazy and the referer is missing or incorrect.
Check for long names and email
Spammers can't resist putting their smarmy message anywhere they can. Sometimes the email is hundreds of characters long full of spam messages. This option rejects long email addresses, subjects and user names.
Check for short names and email
Spammers sometimes leave off the email or don't use a valid one. This checks for short email addresses and rejects them.
Check for Spam Domains
This checks messages, subjects and email addresses against a list of domains used by spammers. If the domain is present (usually in links), the spammer is rejected.
Check for Common Spam Words
This checks messages, subjects and email addresses against a list of the most common spammy words.
Check for Tor Exit Nodes
Tor, or "the dark net", is used by a few privacy advocates, and a great many drug dealers, paedophiles and other criminals including spammers. You should ask yourself why you need comments from someone who has taken great lengths to hide their identity.
Check for Toxic Networks
There are internet networks that have never been used for anything but spam. Stop Forum Spam keeps an up to date list of them. This rejects anyone who comes from one of these networks.
User White List
Add ip addresses here, one to a line to add a user to a white list so that spam checking is bypassed

Optional settings

These settings are effective, but can result in false spam detection, annoying your users. Turn these on if you have lots of trouble with spam and do not need to worry about e-commerce.
Show all reasons for rejection
This writes all reasons for rejection to the log. It makes the log longer, but you get to see all of the reasons for rejecting a spammer.
Check quick response
This uses a cookie to see how fast a user fills in a form. Anything 3 seconds or less is too quick and the spammer is rejected.
Check non-generic TLDs
If a person uses a domain type (TLD) other than .COM, .ORG, .NET, .EDU, .MIL, or .GOV he could be a spammer. It is very easy to get a yahoo or gmail account, so if you don't have one it is a potential problem. It is harder to abuse a gmail address than it is to abuse mail.ru. If you deal with mostly non-US users than you will want to turn this off.
You can add the the list of allowed TLDs by clicking the edit button here.
Check for subdomains in email address
Using a subdomain for an email address like mail.users.frank.social.com is a clue that the user might be a spammer. This check is turned off by default, but turn it on if you start getting email spam like this.
Check banned TLDs
Top level domains like .com and .org are not as easy to use for spam as ones like .top or .xxx. This is a list of TLDs that will be rejected when found in email addresses
You can add the the list of banned TLDs by clicking the edit button here.
Check for too many periods in email
You can put extra periods in the name part of an email address to make it readable. Spammers like to add lots of periods. More than 3 periods in an email address is the sign of a spammer.
Check Red Herring Form
This places a fake form on every page. The spammers see the form and then submit it. It is the first form on the page so it is likely that many spam bots will think it is the real thing, hence the term Red Herring.
When using this option check your page after you turn it on to see if it is compatable with your theme. It works with most themes, but sometimes a theme or plugin can use javascript to look for elements on a page and the red herring form throws them off.
Check for VPNs and other Anonymizers
Virtual Private Networks (VPNs) are a way of life in some countries where the internet access is filtered or blocked. However, spammers use VPNs to hide who they really are. Using this option blocks users from some VPNs. It does not block all or even most VPNs.
This option only blocks access from VPNs that are known sources of spam. This would included many free VPNs, but will not include many VPNs that require fees.
Check for Phishing sites in text
Checks for common phishing domain in text, links, subjects, etc.
Check for MyIP Blacklist IPs
Checks for incoming ip addresses that are found on the MyIP blacklist.
5000) { echo "The log file is $logsize bytes in size. Please consider deleting it.\r\n\r\n"; } $logarray=file(ASTOUND_PLUGIN_FILE.'.astound_debug_output.txt'); $logarray=array_reverse($logarray); $log= "\r\n".implode("\r\n",$logarray); $log=str_replace("\r\n\r\n","\r\n",$log); $log=str_replace("~~~~","\r\n",$log); $log=esc_textarea($log); echo $log; } else { echo "Log file not found"; } exit; } function astound_show_option_dump() { $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if (!function_exists('astound_get_options')) { astound_require('includes/astound-init-options.php'); } echo "\r\n"; $raw=print_r(astound_get_options(),true); $raw=esc_textarea($raw); echo $raw; exit; } function astound_clear_cache() { try { $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if (!function_exists('astound_get_options')) { astound_require('includes/astound-init-options.php'); } delete_option('astound_cache'); astound_log("cache cleared"); return ""; } catch (Exception $e) { astound_log("exception $e"); } return ""; } function astound_delete_log_file() { if(file_exists(ASTOUND_PLUGIN_FILE.'.astound_debug_output.txt')) { unlink(ASTOUND_PLUGIN_FILE."/.astound_debug_output.txt"); astound_log("log deleted"); } else { astound_log("new log file"); } return ""; } function astound_force_reset_options() { $astound_opt=$_POST['astound_opt']; $astound_opt=sanitize_text_field($astound_opt); if (!wp_verify_nonce($astound_opt,'astound_options')) { echo "Session timeout, please refresh the page"; exit; } if (!function_exists('astound_reset_options')) { astound_require('includes/astound-init-options.php'); } astound_reset_options(); // clear the cache delete_option('astound_cache'); } function astound_run_tests() { // runs the tests $check=array( 'astound_chkwlist', 'astound_chkbadtld', 'astound_chkcache', 'astound_chkaccept', 'astound_chkagent', 'astound_chkbadneighborhoods', 'astound_chkbbcode', 'astound_chkdisp', 'astound_chkdnsbl', 'astound_chkdomains', 'astound_chkexploits', 'astound_chklong', 'astound_chkperiods', 'astound_chkredherring', 'astound_chkreferer', 'astound_chksession', 'astound_chkshort', 'astound_chksubdomains', 'astound_chktld', 'astound_chkspamwords', 'astound_chkinvalidip', 'astound_chkisphosts', 'astound_chksfs', 'astound_chktor', 'astound_chkvpn', 'astound_chkphish', 'astound_chkmyip', 'astound_chktoxic' ); astound_require('includes/astound-class-loader.php'); $ansa=""; foreach($check as $module) { //echo "testing $module "; $ansa.= "testing $module result="; $ip=$_POST['ip']; $ip=sanitize_text_field($ip); $res=astound_load_module($module,$ip); if ($res===false) { $res="OK"; } //echo "results=$res
"; $ansa.= "$res
"; } return $ansa; } function astound_redirect() { $uri=$_SERVER["REQUEST_URI"]; if (empty($uri)) { $uri=$_SERVER["SCRIPT_NAME"]; } wp_redirect($uri); exit; } ?>