For a long time I’ve needed a version of my WordPress Stop-Spammers plugin that will work on sites that don’t use WordPress. I have a dozen sites that are based on custom php code that need protection, but I’ve never really addressed the problem.
I am testing a set of programs that I call “Protection” that use some of the methods that I’ve developed to stop spam. It is ridiculously easy to add to a PHP program. I added it to my HarpL.com site in less then 2 minutes.
I am looking for testers. You can download the program here: Protection Spam Control for PHP.
Please report all bugs.
It is a new program. I have not yet ported all the anti-spam methods, but I am working on it.
To make it work you need to unzip the file and copy the protection folder where your program will be able to get to it.
You must then modify any programs that you need to protect with the line:
Naturally you would need to change the line to reflect the actual location of the protection folder.
Protection protects against
1) missing Accept or Host headers
2) blacklisted user agents (you may want to edit the list in modules/chkagent if you rely on anything other than Google, Bing and Yahoo.)
3) blocks malicious hits that use eval() or a common sql injection string.
4) checks to see if http_referer is correct for form submits
5) check for known spam servers
6) session speed check.
… more to come.
It also checks for good hits so it does not block google, cloudflare, paypal, etc.
Please test and report problems. I will add more modules as I get them.
New Version 10/28 – found a bunch of errors this morning. It still worked, but I cleaned up the errors. I added Speed Check set it to 2 seconds for a form submit, but I may reduce to 1 second. (I locked myself out at three seconds because I use firefox passwords and just clicked submit – no good.)