Updated Three Strikes Spam Protection Plugin Version 1.1 Beta
Mark Ghosh 
Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. Go ahead, subscribe to our feed! You can also receive updates from this blog via email.
An updated version of the Three Strikes Spam Plugin, now in version 1.1 Beta, is available for download.
I started to receive a few Spam comments yesterday and I realized that the built in WordPress “Common Spam Words” filter does not account for encoded information. In other words, if a spammer encodes the contents of the comment, URL etc, it does not get caught as spam (though some items will get caught). This new version of the plugin uses a function that acts like the Javascript unescape command (in PHP) and decodes encoded entities. The php function, and consequently, the Three Strikes plugin, will check for Unicode and ASCII characters, convert them to plain letters and characters (unencoded) and then run the spam checker on this information. I will be working on implementing this within Kitten’s Spam Words plugin as well.
Download the new plugin from here. Installation and upgrade are as simple as renaming this file as threestrikes.php, copying it to your wp-content/plugins directory and then enabling it within your admin interface. Please post bugs/suggestions.
[EDIT] The offer to share my personal “Common Spam Words” still stands. I have enough words in there to populate Google. 
Email me with requests if you want to use that.
[EDIT] If you want my list of spam words, please include a link to your blog with the request so I know that you are not a spammer.
[EDIT] Now with Trackback checking built in. To update, just download the plugin again and re-upload to your blog.
(No Ratings Yet)
Loading ...
Comments RSS
Powered by 
Designed by 
Why not count the encoding itself as a spam indicator? There’s no reason for normal commentors to encode characters.
Great plugin!! I think Michael M. is right with his comment
That makes sense Michael. However, I think it would be the preference of the blog owner. On this blog, your observation makes sense. I do not know how it would be different for anyone else, but someone MIGHT be encoding for some reason.
I should make it a choice. I wish I could come up with an acceptable way of configuring plugins from the admin interface.
[...] ed up with a problem in my list of spam words that was triggering a false positive for the Three Strikes Spam Plugin for [...]
Plugin fun
Blog, blah, blah, plugin, blah, spam.
[...] omments will automatically be held for moderation. The second plugin is Mark Ghosh’s Three Strikes Spam Protection. [...]
There is a definite problem with this plugin. I downloaded it yesterday and activated it. There was no problems until I was receiving emails that people were not able to post comments on my website. It seemed that it changed the link of the “Say It” where you submit the comment (like your “Post” button below) so that it goes to http://www.fbi.gov website.
The minute I deactivated the plugin, people were able to post comments again. Please let me know how this is able to be fixed and if anybody else had this problem.
is this found in the threestrikes.php plugin itself? What file should I check?
Spam is getting worse and worse..argh..
Look under your wp-admin interface, under options->discussion->common spam words
Found it. Thanks.
I would like your spam words Mark.
http://www.neerajpoonam.com/wp is my blog.
[...] Hopefully, these will prevent some spam from ever reaching me. Specifically, I installed Laughing Lizard’s Three Stri [...]
[...] 17;m going to need some automated help in spam prevention. Hence I have just installed the Three Strikes plugin for WordP [...]
I have set up yuour plugin, but when I try to login I get the following message.
Warning: Cannot modify header information - headers already sent by (output started at /home/sites/kendixon.net/public_html/findias/wp-content/plugins/threestrikes.php:145) in /home/sites/kendixon.net/public_html/findias/wp-login.php on line 257
Warning: Cannot modify header information - headers already sent by (output started at /home/sites/kendixon.net/public_html/findias/wp-content/plugins/threestrikes.php:145) in /home/sites/kendixon.net/public_html/findias/wp-login.php on line 258
Warning: Cannot modify header information - headers already sent by (output started at /home/sites/kendixon.net/public_html/findias/wp-content/plugins/threestrikes.php:145) in /home/sites/kendixon.net/public_html/findias/wp-login.php on line 259
Warning: Cannot modify header information - headers already sent by (output started at /home/sites/kendixon.net/public_html/findias/wp-content/plugins/threestrikes.php:145) in /home/sites/kendixon.net/public_html/findias/wp-login.php on line 260
Warning: Cannot modify header information - headers already sent by (output started at /home/sites/kendixon.net/public_html/findias/wp-content/plugins/threestrikes.php:145) in /home/sites/kendixon.net/public_html/findias/wp-login.php on line 261
What have I done wrong
Ken
Try and install the plugin again, Sounds like you have a space somewhere. (especially at the end of the file, after ?%gt;
Thanks works now
Ken
I have installed ‘three strikes’ and it works no more spam from the pokerman.
Thanks
Ken
[...] e on time. It’s a fun anthem. I can now transport minors, legally. And hopefully this will get rid of the comme [...]
[...] Allen, the author of MT-Blacklist Laughing Lizard who ported MT-Blacklist to WP and whose 3 Strikes plugin was problably [...]
I’ve been having some problems with these spam plugins. After installing three strikes, the wp-login.php page gave me this error:
Warning: Cannot modify header information - headers already sent by (output started at /home/moero/www/www/blog/wp-content/plugins/threestrikes.php:2) in /home/moero/www/www/blog/wp-admin/index.php on line 13
If anybody could give me a hand here, that would be great. Thank you!!
[...] ugins that I have installed to stop that spammer in his tracks! Laughing Lizard’s - ThreeStrikesSPAM v1.1beta Laug [...]
I’ve noticed an issue with comments that contain single quotes and double quotes…they get escaped with an extra slash if ThreeStrikesSpam is activated. It seems that add_magic_quotes is being called twice on $_POST: once in 3SS, and again in wp-comments-post.php in my WP 1.2 install. Has anyone else had a similar experience?
if ($_POST['comment'] && !is_array($_POST['comment'])) {
//Make sure the information received is parsed, cleaned and stripped correctly (from WP codebase)
if (!get_magic_quotes_gpc()) {
$_POST = add_magic_quotes($_POST);
$_COOKIE = add_magic_quotes($_COOKIE);
}
hope this works!! thanks….
Cheap Meat
I’ve just checked my mail after a couple of days away from the computer and was greeted by over one hundred new blog comments notifications and around four hundred ‘please check this comment’ messages. All of it spam. This resulted in something like…
I’m using WP 1.2. I do not have a section wp-content. Was it supposed to be automatically installed or do I just need to create it myself along with a plugins subdir? Thank you.
[...] ount and a lot of time spent deleting. To stop it happening again I’ve installed the Three Strikes Spam Prote [...]
NM. I went ahead and created the wp-content and installed plugin as advised. It’s working perfectly. Thanks for posting this. It’s going to make my life a lot easier.
[...] ppy day Ok I’m not going to password protect this after all. I found a very cool plugin that seems to be doin [...]
[...] ore comments come through. Ugh. So I broke down, and uploaded a spam-blocker plugin called “Three Strikes Spam Protecti [...]
[...] word list Kitten’s spaminator - basically is the like having the spammer tar pit and three strikes plugins installed [...]
[...] omment that entered my moderation queue. The next solution I chose was Mark Ghosh’s ThreeStrikes plugin which dele [...]
Looks like the CVS has code for treating encoded low ASCII as spam indicator:
http://wordpress.org/pipermail.....00865.html
Can I get your spam words please?
Umm… I am having a problem. The plugin used to work fine. But when I tested it out just now, I keep getting errors such as the following instead of getting redirected to the FBI site.
Warning: Unknown modifier ‘C’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 110
Warning: Unknown modifier ‘C’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 111
Warning: Unknown modifier ‘C’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 112
Warning: Unknown modifier ‘C’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 113Warning: Unknown modifier ‘H’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 110
Warning: Unknown modifier ‘H’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 111
Warning: Unknown modifier ‘H’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 112
Warning: Unknown modifier ‘H’ in /home/little/public_html/wp-content/plugins/threestrikes.php on line 113
I have deactivated the plugin, downloaded a new copy, uploaded it, and reactivated it again. But still no avail.
Hi,
I’m brand new to plugins, so sorry for the uninformed question, but when you say “enable it within your admin interface”, do you mean setting the permissions? If so, what should they be? If not, what does it mean?
Thanks for making your work available like this,
Amy
Thanks!
I can’t believe it. No more online poker. Thank you thank you.
Removing these lines only made my blog disappear, as in a white screen appeared instead.
I’ve upgraded my threestrikes plugin to threestrikes12.php and it works great to catch the bad stuff, for what it’s worth, so did the previous one.
But just like with the original threestrikes I still have the problem of backslashes showing up in comments before apostrophes and quote marks. I saw the post above and looked for that code supplied to delete it but do not find it in the plugin’s code.
Any other place to look or something else to try? Thanks!
OK, found a quick-easy fix for the backslash problem at http://bish.lechoso.com/category/web-dev/
It’s a one line addition to the vars.php file in the wp-includes directory that adds a filter to remove them.
Add this line:
add_filter(’comment_text’, ’stripslashes’);
below the rest of the filters. Works fine!
Warning: Division by zero in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php on line 80
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 44
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 45
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 46
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 48
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 49
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 50
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 51
Warning: Cannot modify header information - headers already sent by (output started at /usr/home/zero/domains/obscurethoughts.net/public_html/wp-content/plugins/bayes/class.naivebayesian.php:80) in /usr/home/zero/domains/obscurethoughts.net/public_html/wp-comments-post.php on line 55
???
http://weblogtoolscollection.c.....n-updated/
[...] ted comment links to 1 (ie just your URL) before being moderated. I have also implemented this quite effective spam filt [...]
[...] ybe we could forward the crap directly to them somehow. (Much of mine is getting nailed by three strikes, but I bet the k [...]
[...] het schrijven van een commentaar worden doorgestuurd naar fbi.gov. Dat is de schuld van de Three-strikes anti commentaar spam [...]
[...] rbebotschaft, die prinzipiell als solche identifizierbar ist), hab ich jetzt also noch das three strikes spam protection plug [...]
ffsdsdf
[...] …das bei Einträgen ohne schon vorhandene Kommentare nicht tut (und ich hab keine Zeit zu suchen), also probiere ich mal dieses hier… [...]