Table of Contents
glFusion Spam-X Plugin
glFusion includes multiple layers of defense against spam, the Spam-X plugin is one of the key defenses. It has a modular architecture that allows it to be extended with new modules to fight the ever evolving spammers.
glFusion and the Spam-X plugin will check the following for spam:
- Story submissions
- Trackbacks and Pingbacks
- Event submissions
- Link submissions
- Forum Posts
- The text sent with the “Email story to a friend” option
- Emails sent to users via the “send email” form from their profile page
- A user's profile
Spam Detection Modules
Spam-X comes with several modules to scan content to determine if the submission is spam or not. Each module can be enabled or disabled based on your needs.
- Stop Forum Spam (SFS)
- Spam Link Counter (SLC)
- Akismet - Requires registration on the Akismet site and an API key provided by Akismet
- Personal Blacklist
- IP Filter
- IP of URL Filter
- HTTP Header Filter
Stop Forum Spam (SFS)
SFS is a centralized, server-based service that examines posts made on websites and detects when certain links show up in unusually high numbers. In other words, when a spammer starts spamming a lot of sites with the same URLs and those sites all report to SFS, the system will recognize this as a spam wave and will flag posts containing these URLs as spam.
In other words still, it's a dynamic blacklist that automatically updates itself when a spammer starts spamming for their site. And it can only get better (in terms of accuracy and reaction speed) the more sites use it.
SFS is a free service run by Project Honey Pot at https://www.projecthoneypot.org/.
Privacy Notice: It should be stressed that using SFS means that information from your site is being sent to a third party's site. In some legislations you may have to inform your users about this fact - please check with your local privacy laws.
Sending information to an external site may also be undesirable on some setups, e.g. on a company intranet. You can disable SFS support by setting the SFS Enabled setting to False in the Spam-X Online Configuration.
Spam Link Counter (SLC)
SLC will examine a post and determine how many links to external sites are in the post. Anything more than 5 (configurable via the Online configuration) will be flagged as spam and rejected.
Used by millions of websites, Akismet filters out hundreds of millions of spam comments from the Web every day. To utilize Akismet, you must first register on their site and obtain an API key.
Sign up and get your Akismet Key at https://akismet.com/account/
Sending information to an external site may also be undesirable on some setups, e.g. on a company intranet. You can disable Akismet support by setting the Akismet Enabled setting to False in the Spam-X On line Configuration.
Note: Akismet is disabled by default on a new installation.
The Personal Blacklist module lets you add keywords and URLs that typically exist in spam posts. When you're being hit by spam, make sure to add the URLs of those spam posts to your Personal Blacklist so that they can be filtered out automatically, should the spammer try to post them again.
This will also help you get rid of spam that made it through, as you can then use the Mass Delete Comments and Mass Delete Trackbacks modules to easily remove large numbers of spam posts from your database.
The Personal Blacklist also has an option to import the glFusion censor list and ban all comments which contain one of those words. This or an expanded list might be useful for a website that caters to children. Then no comments with offensive language could be posted.
Sometimes you will encounter spam that is coming from one or only a few IP addresses. By simply adding those IP addresses to the IP Filter module, any posts from these IPs will be blocked automatically.
In addition to single IP addresses, you can also add IP address ranges, either in CIDR notation or as simple from-to ranges.
Please note that IP addresses aren't really a good filter criterion. While some ISPs and hosting services are known to host spammers, it won't help much to block an IP address by one of the well-known ISPs. Often, the spammer will get a new IP address the next time he connects to the internet, while the blocked IP address will be reused and may be used by some innocent user.
IP of URL Filter
This module is only useful in a few special cases: Here you enter the IP address of a web server that is used to host domains for which you may see spam. Some spammers have a lot of their sites on only a few web servers, so instead of adding lots of domains to your blacklist, you only add the IP addresses of those web servers. The Spam-X module will then check all the URLs in a post to see if any of these is hosted on one of those blacklisted web servers.
HTTP Header Filter
This module lets you filter for certain HTTP headers. Every HTTP request sent to your site is accompanied by a series of headers identifying, for example, the browser that your visitors uses, their preferred language, and other information.
With the Header filter module, you can block HTTP requests with certain headers. For example, some spammers are using Perl scripts to send their spam posts. The user agent (browser identification) sent by Perl scripts is usually something like “libwww-perl/5.805” (the version number may vary). So to block posts made by this user agent, you would enter:
Header: User-Agent Content: ^libwww-perl
This would block all posts from user agents beginning with “libwww-perl”.
The Admin modules for the Personal Blacklist, IP Filter, IP of URL Filter, and HTTP Header Filter modules provide you with a form to add new entries. To delete an existing entry, simply click on it.
The Log View module lets you inspect and clear the Spam-X logfile. The logfile contains additional information about the spam posts, e.g. which IP address they came from, the user id (if posted by a logged-in user), and which of the examine modules caught the spam post.
In case a large number of spam posts made it through without being caught, the Mass Delete Comments and Mass Delete Trackbacks modules will help you get rid of them easily. Before you use these modules, make sure to add the URLs or keywords from those spams to your Personal Blacklist. Trackback Spam
Trackbacks are also run through Spam-X before they will be accepted by glFusion. There are also some additional checks that can be performed on trackbacks: glFusion can be configured to check if the site that supposedly sent the trackback actually contains a link back to your site. In addition, glFusion can also check if the IP address of the site in the trackback URL matches the IP address that sent the trackback. Trackbacks that fail any of these tests are usually spam. Please refer to the documentation for the configuration for more information.
The Spam-X plugin's configuration can be changed from the
Configuration admin panel: Spam-X Main Settings
Spam-X Configuration Options
- Enable Logging
- Whether to log recognized spam posts in the spamx.log logfile (if set to True) or not (False).
- Debug Logging
- Debug logging will enable additional logging on the Stop Forum Spam (SFS) module. It will log the return values and how they compare to the thresholds you ahve configured. This will create a log entry in spamx.log for every post / registration.
- Don't Filter Admin Posts
- The Spam-X plugin will filter posts by any user - even site admins. This can be a problem sometimes, e.g. when you want to post a note about spam that itself contains “spammy” URLs or keywords. When this option is set to True then posts made by users in the 'spamx Admin' group are not checked for spam.
- Timeout (in seconds) for contacting external services such as SFS.
- Notification Email
- Email address to which spam notifications are sent when the Mail Admin action module is enabled.
- Mail Admin when Spam Caught
- If set to TRUE, Spam-X will email the Notification Email or the Site Admin email for every spam detection. This can generate a significant amount of email, so the default setting is False.
- Formcheck Enabled
- If set to True, this will enable the Formcheck module.
Stop Forum Spam Module
- Stop Forum Spam Module Enabled
- If set to True, this will enable the Stop Forum Spam module.
- Username Check
- True will pass, and check, the username against a list of known spammer usernames. Be careful with this one, as generic names lib 'Bob' will probably match.
- Email Check
- True will pass, and check, the email of the user against a list of known spammer emails.
- IP Address Check
- True will pass, and check, the IP address of the user against a list of known spammer IP addresses.
- Username Confidence
- SFS will return a confidence indicator for each match. Setting this value to a higher number will allow post through that do not have a high confidence that the user is a spammer. Recommended value is 99.
- Email Confidence
- SFS will return a confidence indicator for each match. Setting this value to a lower number will block more posts. Recommended value is 50.
- Email Confidence
- SFS will return a confidence indicator for each match. Setting this value to a lower number will block more posts. Recommended value is 25.
- Akismet Module Enabled
- If set to True, this will enable the Akismet module.
- Akismet Key
- Before you can use the Akismet Spam-X module, you must obtain an API key from the Akismet site https://akismet.com/account/. Please note, Akismet can be used for free on non-commercial personal sites. If you are running a commercial site, please check the Akismet site for terms, conditions and pricing.
Spam Link Counter Module
- SLC Enabled
- If set to True, this will enable the Spam Link Counter module.
- Maximum Number of Links
- The maximum number of external links allowed in a post - if the post has more links than this number, it will be flagged as spam.