Comments (96)

Some in czech, some in english.

    • No.: 3
    • Carly
    • Date:
      8.1. 2007 — 10:49
    • Upravit

    If almost 100% of users have javascript turned on, then how does it catch spam?

  1. [3] Carly: Carly → Common commentary spam is added by spambots (not humans), they do not understand JS code (yet).

  2. You can just parse the name out of the HTML and pass it along to the form-handler. Not to mention that since the default passphrase is human, simply detecting and then passing “human” along would be enough to break most installations.

    Take a look at WP-Hashcash, it’s quite a bit more robust. Every blog gets their own keys, and a mathematical function is generated at runtime to produce the key, all using AJAX and self-decrypting JS.

    http://elliottback.com/wp/archives/2005/10/23/wordpress-hashcash-30-beta/

  3. [5] Elliott C. Bäck: Elliott C. Bäck → Wou. You're right of course. I'll take a look at your plugin, now it looks like I have no other option than make the Raven's antispam really more sophisticated… Thank you.

  4. [5] Elliott C. Bäck: Elliott C. Bäck → Version 1.1 is actually a reaction to your comment. I suppose (hope?) that taken changes (though they can't be called as „robust“) should mean enough complication for spambots for long time…

    At the moment I'm not going to make any changes, until this version will be broken through… I can't say if it will happen one time… God knows :)

    • No.: 10
    • Carly
    • Date:
      9.1. 2007 — 2:48
    • Upravit

    Oh I see, but it can’t stop human commenters. At least it eliminates spam bots

  5. Mno ten havran mi pripomina toho havrana z navrhu na Vranuv PHP blog, ktery jsem delal ale ktery jeste nebyl nikdy pouzit :) Dokonce sedi i nastejne lince :)

  6. [12] Petr Vaclavek: Je to on, zneužil jsem jej jako ilustraci (když už původní využití padlo k ledu)… :)

  7. Mno aspon k necemu to bylo dobre :)

  8. hlásím bug:

    s vypnutým JS, když omylem nevyplním kód, tak dostanu nepěkný errrour:

    Fatal error: Call to undefined function wp_die() in /DISK3/WWW/cuketka.cz/www/wp-content/plugins/ravens-antispam.php on line 66

    zatím ted bohžel nemohu nasadit… (anebo je chyba na mé straně?)

  9. [15] pan Cuketka: → zdá se, že je to moje chyba pane Cuketko… ta funkce wp_die byla koukám přidána až ve Wordpressu 2.0.3, to mě nenapadlo… Upravená verze, která by měla fungovat.

    V sobotu to udělám pořádně (a oficiálně).

  10. jj to sedí, mám myslím nějakou tu 2.0.2. nebo něco kolem… díky za rychlost!

  11. Tak už jsem se jal implementovat Raven’s antispam, zpětný odkaz je tvůj. (V napětí očekávám oficiální opravu pro WP

  12. [19] gwh: gwh → díky! oprava vyjde ráno, mám to už připravené ale nemám sílu aktualizovat článek… :)

  13. Version 1.2 published

  14. very nice ;0)

    thanks

  15. answer what question if js is disabled? my friend is not able to comment on my blog using camino.

  16. [23] LEMONed: Lemoned → Perhaps Camino does not support „noscript“ pair-tag… I don't have a clue how to solve it (at the moment)…

  17. For those interested, I have begun porting Raven’s Antispam to phpBB, which you can read about in their MODs Development forum.

    Thanks for letting me develop this, Kahi!

  18. Skvělá práce! Dokonce i kompatibilita s WP 2.1! Díky moc!

    • No.: 27
    • M@P
    • Date:
      25.2. 2007 — 12:08
    • Upravit

    Po aktivování pluginu mi Wordpress 2.0.7 píše: You didn’t answer the antispam question, your comment was not saved. Press “Back” and answer the question.

  19. [27] M@P: – Zkoušel jsem to právě na čisté instalaci 2.0.7 a bez problémů mi to jelo.

    V jakém prohlížeči se to stalo?

  20. I think the plugin block also any ping and trackbacks?! Is that right?

  21. [29] Elias: → No Elias, I don't think the plugin is responsible for this…

  22. Hi. Thx 4 your plugin ,but I want to know where those spams can be found which was blocked by this plugin?

  23. [31] Zhu8: → Nowhere, Zhu8, just not-spam messages are saved.

  24. wow. really a great plugin! thanks for your work!

    • No.: 34
    • Max
    • Date:
      20.3. 2007 — 0:09
    • Upravit

    Thanks a lot! Great plugin!

  25. Version 1.3 published

  26. Version 1.4 published

  27. See at post 29 ;) I wondered that no pingback from my site is here. Linked from http://www.hot-elle.de/2007-03-02/wordpress-plugins-gegen-kommentar-spam/

    Ok, i will test it again but is the trackback “bug” really clean?

  28. [38] Elias: – now it finally works Elias, I tested it one more time. I'm really sorry for the comment [30] Kahi: mystification. :-) I realized that trackbacks really „travel“ the same way as comments. What a surprise :-)

  29. I have Akismet and Bad Behaviour but was still getting some guestbook spam. I installed this plugin, made sure it was working with javascript disabled, and deactivated Aksimet for a test run.

    I had three spam messages within 15 minutes! I’ve kept the plugin but reactivated Akismet.

  30. @Michael: Was this comment or trackback spam?

  31. [40] Michael: Michael, well, that's interesting. I haven't heard yet about such an example… Have you any idea how much spam is sent into your comment forms during 15 minutes?

    • No.: 44
    • che1959
    • Date:
      24.3. 2007 — 18:27
    • Upravit

    Got it installed, cool. Nice work. I was getting 50 to 60 spam messages a day and now zero. I like how your plugin doesn’t mess with the moderation settings. I like to moderate all my comments. Without the plugin, I was getting hammered with 50 to 60 a day and now none. Thanks!

  32. I hate to say it, but 70+ spam posts made it past Raven’s Antispam, just two days ago on cloud9lyrics.com; thankfully, I had Akismet active still which caught them.

    The spams were from a variety of IP addresses and were all very concise, just mentioning a drug/medicine/whatever in the comment body with a URL to a spam site set.

    I hope the bots haven’t learned how to use JavaScript!

  33. It was comment spam from a variety of IP addresses, all had this URL: searchbarcode.com/barcode/free/free-barcode-generator.html

    Spam has dropped away since I installed Bad Behaviour but Akismet still catches up to 100 a day.

  34. [45] Rick Beckman:, [46] Michael: → Thanks for information, so it's probably time to make some complications in the code…

    I don't think, Rick, that bots learned JS, perhaps they only read html code and search „Please type“ phrase… Unfortunately I have no opportunity to test new versions in real situation, so it's not a sure thing that next version will work 100%…

  35. Happy to test it for you.

  36. [48] Michael: or anyone → Thank you for testing RA 1.5 alpha 1

    Changes:

    • users with js:off have to count sth up
    • logged user is not tested anymore – I find it needless
  37. Actually, I’m thinking that 1.4 works fine against comment spam… it might be Trackback spam that is being queued up in Akismet. The spam didn’t start coming in until Raven’s Antispam was updated to allow TrackBacks through…

  38. [50] Rick Beckman: Rick → Good note, I didn't realize this connection…

  39. The comment_type field of a couple of comments just caught by Akismet show that they are indeed Trackbacks. I’ll keep checking and let you know if anything that makes it through is indeed “comment spam” that this plugin is missing.

    The port I made for phpBB 2.0.x has worked 100% successfully on the two boards I installed it on, so I don’t think the Raven’s Antispam mechanism itself needs improving, though I guess improvement is a good thing regardless. :)

    Again, I’ll let you know if I notice any real comment spam making it through to Akismet!

  40. I’m trying 1.5 and I’ll let you know how it goes. I noticed though that Akismet caught only two spam comments in the past few days. I wonder if the initial flurry that I reported (post #40) was a delayed reaction of some kind.

  41. Did you have any reports of the plugin failing with K2? If I try to comment, it sends the error, that I didn?t answer the antispam question, bu there is no questions, since I have JS on. I tried it same in Opera, Fire Fox, and IE. Could it be because I have AJAX comment posting?

  42. [54] theUg: theUg → Yes, incompatibility with AJAX comments plugin was reported and stays unsolved.

  43. Akismet has only caught two spam comments, one of those trackback, in a week. Thanks.

  44. [58] Karolis Pocius » Blog Archive » Komentar? moderavimas išjungtas!: teda takhle hnusne psat o cizi praci, kam to blogovani speje!

    • No.: 60
    • Tomas
    • Date:
      25.4. 2007 — 14:06
    • Upravit

    Jen zkoušim jak to funguje…

  45. Fajn stranka!!!!

    • No.: 62
    • Honza
    • Date:
      16.5. 2007 — 1:34
    • Upravit

    Plugin v 1.4 na WP 2.1.3 přestane fungovat po přesunutí jádra WP z rootu webu do podadresáře. Na vině je použití getcwd() jako části stringu pro hash. Při zobrazení postu funkce vrací root adresář, ale při načtení wp-comments-post.php se nacházíme už v dotyčném subfolderu. Namísto getcwd() použít třeba $_SERVER['DOCUMENT_ROOT']? To by mohlo stačit.

  46. [62] Honza: – Díky, hned to opravím. Měl jsem dojem, že jsem k tomuto využil wp funkci, která vrací adresu instalace, no holt skutečnost je odlišná :-).

  47. Version 1.5 published

  48. [62] Honza: – Ještě jednou díky za report, v1.5 by měla tvůj případ řešit.

    Trochu jsem rovnou upravil kód směrem k větší univerzálnosti, i když zcela oddělit kód třídy od specifického kódu pro WP nedokážu…

    • No.: 66
    • Honza
    • Date:
      16.5. 2007 — 13:02
    • Upravit

    To je rychlost :-) Díky za dobrou práci, plugin je efektivní a užitečnej…

  49. Kahi,

    This plugin does not work on my site. It is set that anyone can comment, and works OK with Raven’s Antispam off. However, when switch on any comments go straight to the page.

    “You didn’t answer the antispam question, your comment was not saved. Press “Back” and answer the question.”

    Without the option to enter an answer? Not sure why this is happening?

    Cheers.

  50. [67] Richard: – Hi Richard, if even after the page-reload there is really no code inserted inside the comment form by my plugin (check please the source code while plugin is active…) then it's probably a problem in your template… some templates do not contain the necessary part of code in comments.php file (should be inside <form> element).

    <?php do_action('comment_form', $post->ID); ?>

  51. Kahi,

    You were right the code was missing, and i have added the script you suggested above before the tag and it now works a treat. It may be worth adding the above check in an FAQ, as there may be quite a few themes that have that issue.

    Thanks for the help, a great plug-in that stops all my spam! Highly recommended.

    Cheers.

  52. a little tipp:
    scramble the document write part with urlencode and replace @ with % etc. and for the noscript are insert special chars between a random count of chars and write “type those chars without the $randomchar”. like “sjdks33″ as answer and _ as $randomchar generated by the script would be ‘type “s_jd_ks_33″ without the “_”‘ or something like that and you’ll have a 100% spam solution ;)

  53. Thank you very much for the plugin. It did an excellent job! Could you please add a feature that can record all the spams it catches in case there is a mistake.

  54. [73] shawiz: – I will consider this…

  55. TIP: Raven's antispam will never in oficial edition support any „catched spam counting“. If you want to know how many spam messages didn't go through, you can open your PhpMyAdmin, find wp_comments table and calculate approximate number of spams this way: take the top ID number, substract from it the count of comments (count of rows in table). The resulting number is equal to the count of comments, they were deleted, probably by Raven's antispam.

  56. tak neviem ci je to nahoda, alebo smola… vcera som prsiel z v0.9 na 1.5 a dnes hned 10 spamov… WP ich sice zadrzal nakolko sa tam objavilo slovo „PORN“, ale aj tak…
    budem to sledovat – uvidime… velmi dlhu dobu – snad rok – som fungoval k 100% spokojnosti na v0.9 a ani jeden spam nedorazil…

  57. [77] orol: orol → velmi pravděpodobně se jedná o trackbacky, nikoli standardní komentáře. Raven's antispam ze svého principu nemůže kontrolovat i trackbacky/pin­gbacky, bohužel.

    Tzn. řešením Tvého problému může být vypnutí trackbacků nebo nasazení (ještě) jiného antispamu. Myslím že Akismet se stará i o trackbacky.

  58. ano – trackback – dnes prerazili dalsie tri – je mi luto, ale tento problem sa objavil vsade kde som upgradol z v0.9 na 1.5 – celkovo na styroch blogoch… postupne sa teda vraciam na staru (u mna uplne 100% funkcnu) v0.9… toto bol posledny blog zo spominanej stvorice… Ak trackback prerazi aj teraz ozvem sa…
    Akismet nechcem – pouzival som kedysi davno a nebol som vobec spokojny…

  59. [79] OROL: OROL → ta prapůvodní verze Raven's antispamu nechtěně blokuje všechny trackbacky. Stejného efektu docílíš použitím 1.5 + vypnutím trackbacků ve WP.

  60. […] versjon av Raven’s Antispam plugin Raven’s Antispam er en veldig enkel anti-spam plugin og kanskje et bedre alternativ for de som sverger til CAPTCHA […]

  61. This is by far the best antispam plugin available on wordpress. Nothing, I repeat nothing, can beat it. It works along with other spam plugins and has never failed me despite tens of thousands of attempted comments.

  62. I used Akismet and this one! Like them both! Thanx for the site!

  63. There's a number of odd things going on with the text of the above post… :\

    Has anyone checked Raven's Antispam against WordPress 2.6 or 2.6.1 yet?

  64. [93] Rick Beckman: What do you mean by that odd things? I'll update some sites today, so I'll let you know.

  65. [93] Rick Beckman: Well, I made the upgrade to 2.6.1 here and Raven's antispam still works as expected.

    About that odd things… I maybe know what you mean, unfortunatelly, I'm not sure what is the cause. Solution comming during September.