开发者 |
codekraft
gardenboi |
---|---|
更新时间 | 2024年7月2日 20:01 |
PHP版本: | 5.6 及以上 |
WordPress版本: | 6.5.5 |
版权: | GPLv2 or later |
版权网址: | 版权信息 |
cf7-antispam
folder to the /wp-content/plugins/
directory.NO, nobody can guarantee that, and anyone who tells you that is lying. But luckily, bots are limited by the fact that they don't use a real browser and they use fairly repetitive routes which can be recognised.
Contact form 7 is made this way, the main plugin is made to be extended with other modules and this has resulted in many 3rd party plugins like mine! There is already a module for handling received emails, why should I redo it? And, in this way I can focus on my plugin, I believe the "power" of cf7 is just that and I invite you to check how many other nice and free extensions there are!
Because there are so many types of bots in this way detect them all! Phantom-based bots fail with fingerprinting but are proficient with honeypots, while bots written in python fail with honeypots but are proficient with metadata forgery!
The system used to evaluate the e-mail is a non-proportional scoring system and each test have a different score (and can be customised with the advanced settings). When the mail score is equal to or greater than 1 it is considered spam.
Some standard test are Elapsed time, Auto-Blacklisting, Prohibited IP/strings and, in addition, we got some advanced test like HoneyPots, HoneyForms and the browser FingerPrinting.
No, I mean HoneyForm! This is a hidden, bogus form that bots will fill, as it is part of the page code for them and they rarely check the visibility of an element. While honeypots can be easily spotted by some bots, these forms are not because they have the same characteristics as a 'normal' form, and it is impossible to distinguish them without truly visiting the page. This is the first time they have been used, at the moment they seem to work and be effective, but consider this an experimental feature! (ps let me know your feedback about)
We also have honeypots, to activate them just click on a checkbox, and they will be generated automatically for each text field. The only thing you need to check in the CF7A options page is the name of the fields used that need to differ with the names used in contact form 7.
After that the sender ip will be searched into DNS-based Black-hole server to found if that ip is delisted for spam. 10 server are already set as default, but you can add or remove as you like, there are 50 server available (list below).
B8 cuts the text to classify to pieces, extracting stuff like email addresses, links and HTML tags and of course normal words. For each such token, it calculates a single probability for a text containing it being spam, based on what the filter has learned so far. B8 is a free software form Tobias Leupold, who I thank for making it available to everyone.
Before processing the email
add_filter('cf7a_message_before_processing', 'my_message_before_processing', 10, 2 );
Before processing the email with bayesian filter
add_filter('cf7a_before_b8', 'my_before_b8', 10, 3 );
Add your own spam filter
add_filter('cf7a_additional_spam_filters', 'my_additional_spam_filters', 10, 3 );
Add some content when resending a mail (useful to add a message like "this was spammed" or the original mail date/time)
add_filter('cf7a_before_resend_email', 'my_before_resend_email', 10, 3 );
define( 'CF7ANTISPAM_DEBUG', true);
Enables debug mode (wp-debug has to be enabled) - verbose mode, prints email analysis results into wp-content/debug.log
define( 'CF7ANTISPAM_DEBUG_EXTENDED', true);
Enable extended debug mode ("CF7ANTISPAM_DEBUG" has to be enabled) - disable autoban, enable advanced logging, when you uninstall the plugin, the word database, blacklist and options are not deleted.