spam trap image

Spam Trap

$10.00

Spam Trap for Participants Database protects your signup forms from human-generated spam. 

Description

This plugin is designed to give you tools for dealing with annoying and possibly dangerous human-generated spam submissions to your signup form.

There are four main tools in the plugin:

  • Stop Word Filtering
  • Link/URL Filtering
  • Language Script Filtering
  • IP Blocking with Auto-Block

Stop word filtering looks for words or phrases in the submission that identify it as spam. The plugin can accomodate a large number of stop words and phrases, and will mark as spam any submission that contains them.

Link and URL filtering is an effective tool because most spam submissions are for the purpose of posting links where they will be published on your site, or even seen and clicked on by staff.

Language Script filtering is an effective tool to use if you are seeing a pattern of submissions using language scripts your regular users would not use. A language script consists of the specific character set that is used by any language.

IP Blocking is useful if your singup form is targeted by specific actors, you can prevent them from making a form submission. Auto-blocking can be enabled to automatically block the IP of actors who post repeatedly.

Dealing with the Spam

You have several options for what to do when a submission is flagged as spam: discard it, show the user an error message or accept it and flag it as spam. This is useful to get the exact user experience you want.

The plugin adds a “spam flag” field that you can use to filter submissions that are flagged as spam. The plugin will check the spam flag checkbox for any submission that hits any of the spam filters.

Showing the Stats

The plugin can show you which stop words were encountered in sugnup submissions and how often they are detected.

Instructions

Configuring the Plugin

This plugin is fairly simple to configure, and it is designed to allow you to adapt how it works over time.

Stop Words and Phrases

The best way to get started with this is to scan through your Participants Database records and look for common words and phrases found in unwanted submissions. Of course, care must be taken to avoid filtering words that legitimate submissions might contain.

It is possible to limit which fields are checked for stop words, and this can be helpful to block submissions that put the wrong word in the wrong place.

Once you have set up your initial list of stop words,¬† keep an eye on the submissions to see if you’re getting any false positives or need to add more words to the list.

Links and URLs

The is a simple selector for filtering links and URLs. A “link” is an actual clickable link, while a URL is simply a website address that isn’t necssarily clickable. You can select either or both for filtering. If you do want to be able to accept URLs, you have two options: filter for links only or limit the fields that are filtered to not include a field that could contain a URL. A Participants Database “Link” field will not come in as a link, only as a URL, so setting the link filter to link only won’t trigger the filter if you’re using a link field in your signup form.

Language Script Filtering

This is a special kind of filtering that is helpful if you find unwanted submissions that use a language script that your users aren’t using. Select one or more scripts to filter from the multiselect dropdown.

You may be unfamiliar with the names in the list, take a look at this artice in Wikipedia that should help you know which scripts you need to select: Unicode Scripts

IP Blocking

This is very much a special purpose tool for situations where your submission form is targeted by individual actors. It is not effective as a general spam filter, it’s for only good for targeting specific submitters.

Unless you have configured your signup form to collect this information, you will normally not know the IP address of your submitters. If you find that specific individuals are targeting your signup form, a good way to identify them is to add a hidden field that records the IP of the person submitting the form. Here is an example of a field configured to do this.

Auto IP Blocking

You can set this up to automatically block submitters who submit multiple times a day.

IP Stats

This displays a list of IPs that are submitting multiple times per day to alert you to the fact. You don’t need to set up the IP hidden field as explained above, the plugin counts the IPs of submitters to get this list.

Spam Filter Stats

This tab will show you the hit count for various stop words and links in your submissions. This can be used to guage the effectiveness of your filters.

 

Settings

Content Filters

Spam Submission Action

When a spam submission is detected by whatever means, this selects what will happen next.

Silently discard gets rid of the submission without really alerting the person making the submission. You can select where they are sent afterwards, some other page on your site or even back to the form submission page. This is a good option to use when you’re confident you’re not going to get any false positives, since you’ll never see the submission. When a submission is discarded, the stop words or links are counted and added to the stats.

Reject and show an error is a more user-friendly approach, the advantage here is that the user knows what happened and can possibly improve their submission so it can be accepted. The disadvantage is that a spammer can use this to fine-tune their submission and get it past your filtering. If you want to provide the user with a hint about what went wrong, you can use the “Spam Error Message” setting for that.

Flag the submission as spam and save¬† is the least committal option, and the one to use if your still tuning the plugin and likely to get false positives. The “Spam Flag” field will be checked, so you can use that to check on just the flagged submissions. This option will also unset the “Approval” field, so if you have submission approvals already set up, the submissions that are flagged as spam won’t be approved and published to the public sections of your website.

Spam Discard Redirect

This selects where the user will be sent if their submission hits the spam filters when “Silently discard” is selected. If you’ve got some really aggressive spammers, this will slow them down as they will have to navigate back to the form and start over. You can also select “Same Page” which will make it look like nothing happened when the spam was submitted.

Spam Error Message

This is the message that will be shown if a submission hits the spam filters when “Reject and show error” is selected. You can use this to help people avoid their submission getting flagged as spam if you want.

Reject Submissions with Links

You have two selections here: “Clickable Links” will filter any submission that has a clickable link in it. “URL’s” will filter any submission that has a web address in it. If you select both, either one of these will hit the spam filter.

If you have a “link” field in your form, the Links setting won’t be triggered by this, the URL setting will. You also have the option of setting which fields are filtered (see below) and that is another way to selectively allow URLs in the submission.

Stop Word List

This is where you put your list of stop words and phrases. Each line is a single word or phrase that will be filtered. It is case-sensitive, so if the word can be upper-cased or not, you will need to add both versions to the list.

I recommend you keep a text file with your stopwords and phrases…it will be eaiser to edit and if you make a mistake, you’ll have a way to get back what you had. This also gives you a way to test diffrent sets of stop words.

Select Filter Fields

This enables the use of the Filter Enabled field list for the filtering. When enabled, only fields selected in the Filter Enabled Fields list will be filtered.

Filter Enabled Fields

This is a multiselect dropdown for selecting all the fields you want inspected for stopwords, links and language scripts.

Enable Language Script Filtering

When checked, any characters that are in the scripts selected in the Unicode Scripts setting will trigger a spam filter hit.

Unicode Scripts

This is a multiselect dropdown with a list of all the Unicode scripts that can be filtered. Select any scripts you want flagged as spam.

IP Blocking

Enable IP Blocking

If this is checked, the IP blocking filter will be enabled.

IP Block List

This lists the ip addresses that will be prevented from submitting the signup form.

IP Whitelist

IP addresses in this setting will not be blocked or added with auto-blocking. Whitelisted IPs are still checked for spam content.

Auto Block List Threshold

This sets the number of submissions during a 24-hour period that will result in being automatically blocked. Auto-blocked IPs will be listed in the Block List. If this is set to “0” no auto-blocking will take place.

Remote IP Global Key

This is an advanced setting for site hosting servers that use a proxy or firewall that places the remote IP address under a different key in the $_SERVER php global.

High hit rate IPs

This displays a list of IPs that have submitted more than once during a 24-hour period. This can be useful to determine abusive IP addresses, or you can just add their IP address automatically using the Auto-block feature.

Spam Filter Stats

This displays a running tally of the stop word hits. Also includes tallies for language scripts and links that have been filtered. At the bottom of the page, a checkbox lets you clear the stats. Check the box, then save to clear the tallies.

Additional information

Site License

Multiple, Single

Reviews

There are no reviews yet.

Be the first to review “Spam Trap”

Your email address will not be published. Required fields are marked *

Would you like to be notified of followup comments via e-mail? You can also subscribe without commenting.

No product-specific support has been configured for this product yet. Please contact me with your questions.