Anti-Splog

Stop spam blogs on WordPress Multisite and BuddyPress without shutting down signups.

Version 2.1.8

  • New: Change API url to use HTTPS for privacy
  • Fix: Remove Are You a Human as they have closed down the service

Changelog

Version 2.1.8
  • New: Change API url to use HTTPS for privacy
  • Fix: Remove Are You a Human as they have closed down the service

Version 2.1.7
  • New: Update to better reCAPTCHA v2
  • New: Move blog suspended file to a place where it can be updated (please manually update the wp-content/blog-suspended.php file!)
  • Fix: Fix depreciated notices from widget
  • Fix: reCAPTCHA issues in Pro Sites custom signup page

Version 2.1.6
  • Fix: API notice could not be dismissed
  • Fix: Update integration for latest Post Indexer versions
  • Fix: HTTPS issues for reCAPTCHA

Version 2.1.5
  • Fix: Are You a Human confict with BuddyPress site tracking

Version 2.1.4
  • Fix: Update blog-suspended.php template to work with ultimate branding logos

Version 2.1.3
  • Fix: reCaptcha API endpoint changed by Google
  • Fix: Update styling of blog-suspended.php template

Version 2.1.2
  • Fix faulty check that prevents super admins from being spammed

Version 2.1.1
  • Fix divide by zero errors in IP blocking check

Version 2.1
  • Add in local IP blacklist blocking
  • Fix a bug in post checking, tags not added to api call properly

Version 2.0.1
  • Fix some PHP notices
  • Fix blog deletion links on moderation lists

Version 2
  • Refreshed menu structure and admin screens
  • New Pattern Matching functionality to block bots by signup patterns
  • New Are You A Human PlayThru game captcha
  • New blog and slog creation stats screen with pretty graphs
  • Add tags to API call for more accurate classification
  • Add splogging command capability to admin toolbar
  • Fixed various bugs/notices

Version 1.0.7
  • Bug fix in splog review form, make sure to overwrite the wp-content/blog-suspended.php file

Version 1.0.6.1
  • Tiny bug fix for WP 3.1

Version 1.0.6
  • WP 3.1 compatibility - This version is NOT backwards compatible!
  • Changed install location for autoupdate capability
  • Fixed bugs with deleting blogs on Anti-Splog pages
  • Added default .po file for translation

Version 1.0.5
  • Email spam link fixed, Small bug fixes

Version 1.0.4
  • WP 3.0 Multi-Site compatibility. This version is NOT backwards compatible.

Version 1.0.3
  • Bug fix on dynamic signup page when registration is set to users only

Version 1.0.2
  • BuddyPress bug fixes, spamming users

Version 1.0.1
  • Bug fix for using with Supporter trials.

Version 1
  • Initial Release
Anti-Splog comes FREE with your WPMU DEV Membership GET Anti-Splog FOR FREE 100% free 14 day trial. Find out more
Downloads 33,322 Compatibility Multisite 4.5.2BuddyPress 2.5.3

"This plugin catches nearly every splog."

Code Master

Anti-Splog will save you days of work by blocking and intelligently killing spam blogs (splogs).

Built originally for Edublogs, we’ve used years of experience and data from millions of blogs to block and kill spam blogs that waste time and cost you money.

as-edublogs
Anti-splog gathers spam fighting information from millions of blogs.

Crowdsourced Splog Fighting

Anti-Splog API uses crowdsourced data from thousands of networks and millions of blogs to fight trolls, bots, spam blogs, pharma ads, and malicious posts.

When any user finds a splog or spam you don’t have to worry about it on your site.

Five Layers of Protection

Anti-Splog is the ultimate splog killer with five layers of protection.

 

lock

Signup Prevention
Limit the number of blog signups per 24 hours per IP.

randomize

Change Signup Page Location
Automatically move your wp-signup.php file every 24 hours. Incredibly effective and user-friendly.

anti-splog

Blacklist IPs
Stop users from creating sites from any IP address that’s been previously used to create a splog.

human-test

Human Tests
Provides three sign up protection options to choose from: user-defined questions, picking the cat, and reCAPTCHA.

sheild

Anti-Splog API
If a splog makes it through, Anti-Splog sends signup information to our API servers to quickly detect suspicious content.

hero-recaptcha-demo-3
Give users a quick way to validate their blog.

Post Monitoring

Anti-Splog continues to fight spam with post monitoring even after sites have been created.

The second a spam post is written, no matter how cleverly disguised it is, our API will find it and shut it down for good.

as-review
Provide layers of protection and a simple form for contacting support.

Fast & Simple Moderation

Anti-splog sorts spam, suspicious, and valid sites into lists so you can quickly manage hundreds of blogs.

Instant previews let you make fast informed decisions without ever leaving the page.

as-moderation-notifications
Notify users of changes with automated emails.

Better Customer Care

If a site is flagged as spam, site administrators can easily request a review.

Display a simple contact form and reactivation instructions on sites that have been marked as spam.


as-ignor
Quickly preview and validate content.

Always in Control

Every time a new blog or post is created, we scan it with our secret ever-tweaking logic to make sure your network doesn’t get flooded with ads or malicious content.

Spammed blogs stay archived in your dashboard so you can quickly restore them at any time.

Activate Anti-Splog and stop spam on your network.

If you are using Multi-DB:

  • You need to add the global table lines to db-config.php BEFORE installing Anti-Splog plugin or running the sql.txt
  • Add this line to your db-config.php if using multi-db:
add_global_table('ust');

To install

For help with installing plugins please see our Plugin installation guide.

Once installed log into to your admin panel, visit Network Admin -> Plugins and Network Activate the plugin.

Please move the blog-suspended.php file from the Anti-Splog plugin to the /wp-content/ directory (using FTP).

Please Note:

  • In the rare occurrence the auto-install does not add the db table(s) and fill them for you then run the sql code in “sql.txt” on your wpmu db IN ORDER!
  • blog-suspended.php shows the user friendly spammed page with the review form so that users can request their blog to be unspammed

Splog review page

To Set Up And Configure Anti-Splog

1.  Go to Network Admin > Settings > Anti-Splog > Settings

  • Remember whenever you make any changes on this Setting page to click Save Changes at the bottom of the page

2.  Click on ‘Get your API key and register your server here

About the API Key

  • When a blog is first created, or when a user publishes a new post info is sent to our premium server where we will rate it based on our secret ever-tweaking logic.
  • Our API return a splog Certainty number (0%-100%)
  • If that number is greater than the sensitivity preference you set in the settings (80% default) then the blog gets automatically spammed and will be listed on your Recent Splogs page

3.  This will take you to the API-Splog API page on WPMU DEV and automatically generate an API key for your site.

4.  Click on Add Site under Register a Site and then copy your API key.

5.  Add your API key to your Anti-Splogs Setting page and click Check Key

  • If your API key is working properly the API Key field will change to green

6.  Select your Blog Signup Splog Certainty

  • When a blog is first created the signup info to our premium server where it is rated based on our secret ever-tweaking calculations and logic.
  • Our API return a Blog Signup Splog Certainty
  • Blogs that are greater than or equal to the number you select are automatically spammed and will be listed on your Recent Splogs page
  • On Edublogs an 85 % Blog Signup Splog Certainty is used because it is very accurate at spamming splogs with minimal spamming on non-splogs

Changing your Blog Signup Splog Certainty

7.  Select your Post Splog Certainty

  • When a new post is published it is sent to our premium server where it is rated based on our secret ever-tweaking calculations, keywords and logic.
  • Our API return a Post Splog Certainty
  • Blogs that are greater than or equal to the number you select are automatically spammed and will be listed on your Recent Splogs page
  • On Edublogs an 78 % Post Splog Certainty is used because it is very accurate at spamming splogs with minimal spamming on non-splogs

Changing your Post Splog Certainty

8.  Select your Limit Blog Signups Per Day

  • This is designed to slow limit the number of splogs that can be registers per day from an IP address as sploggers often register large numbers of blogs in a short time
  • Edublogs uses Unlimited because schools often have lots of blogs being created from the one IP address. Most sites can set this to a low number like 1 or 2 unless they cater to groups of users using the same internet connection.

Selecting Limit blog signups per day

9.  Choose if you want to Rename wp-signup.php

  • This auto moves the signup URL every 24 hours
  • It’s a user friendly method of stopping splog bots in their tracks
  • It is not BuddyPress Compatible
  • This option is not used on Edublogs

Select if you want to move wp-signup.php

10. Choose if you want to Spam/Unspam Blog Users

  • Some sploggers create several blogs using the same username — this spams their username prevent them from creating further blogs with that username

Selecting if to spam users

11.  Select your Queue Display preferences

  • These settings determine how blogs and posts are displayed and previewed on your Suspected Blogs, Recent Splogs and Ignored Splogs page
  • Edublogs settings used are shown below

Selecting anti-splog preview preferences

12.  For now remove all keywords from Spam Keyword Search as it is covered later in “How To Use Anti-splog”

13.  Select your Additional Signup Protection

  • These are designed to prevent automated spam bot signups
  • They are used with caution as you don’t want to annoy genuine users who want to sign up on your network
  • Edublogs uses reCaptcha

To set up Admin Defined Questions

i) Select Admin Defined Questions from the drop down menu on Additional Signup Protection

Setting up Admin Defined Questions

ii) Add your Questions and answers

Add your questions and answers

iii) Check it is working properly by creating a new blog using your sign up page

Checking Questions on Sign up page

To set up ASIRRA – Pick the Cats

i) Select ASIRRA – Pick the Cats from the drop down menu on Additional Signup Protection

Using ASIRRA - Pick the cat

ii) Check it is working properly by creating a new blog using your sign up page

Checking Pick your cat on Sign up page

To set up reCAPTCHA – Advanced Captcha

i) Select reCAPTCHA – Advanced Captcha from the drop down menu on Additional Signup Protection

Selecting reCaptcha option

ii) Click on the link to visit the reCAPTCHA website to grab your public and private key – you will need to sign up for an account if you don’t have one!

iii) Add your public and private key(Edublogs uses a White Theme)

Setting up reCAPTCHA

iii) Check it is working properly by creating a new blog using your sign up page

Checking reCaptcha on Sign up page

15.  When finished setting up and configuring your Settings page click on Save Changes

How to Use the Suspected Blogs Page

The Suspected Blogs page lists any blogs that the plugin thinks may be splogs based on:

  1. Having a Splog Certainty greater than 0 % as returned by our API from our servers
  2. Containing at least 1 keyword in recent posts from the keyword list you added into the Spam Keyword Search on the Settings page

The blogs on the Suspected Blogs Page are listed from most suspected blog to the least suspected based on the following order

  1. Number of keyword matches
  2. % splog certainty (as returned by the API) with those with the highest splog certainty being listed first
  3. Last updated

Hovering your mouse over the domain or Blog User brings up the Spam and Ignore action menu.

The idea is you work through the suspected blog page to:

  1. Click on Spam blogs that are definitely splogs — this moves them to the Recent Splog page where you can unspam them if necessary
  2. Click on Ignore blogs that are definitely not splogs — this moves them to the Ignored Blog page where you can spam them if necessary (in case you made a mistake)
  3. Take no action because you haven’t decided if a blog is/isn’t a splog — this keeps them on the Suspected Splog page so you can monitor their activity (when unsure it is best to leave them on the Suspected Blog page)

Spamming a blog

Here is a flowchart to trace the functionality of Anti-Splog:

The Anti-Splog Process Diagram (Click on Image to Zoom In for a closer look at each step)

The Anti-Splog Process Diagram

How To Spam Blogs

Some splogs are obvious from the username, blog URL or post titles they use– if you are confident that they are a splog you can choose to either:

a) Spam their URL by clicking on Spam action link under their domain

  • this spams that blog and moves it to the Recent Splogs page

Spamming a blog

b) Or spam their registered IP by clicking on Spam action link next to their IP address and then clicking OK

  • this shows you how many blogs that have been created from the IP address and how many blogs have already been spammed from that IP address
  • sploggers often create large numbers of splogs from the same IP address so this is a fast way to spam a large number of splogs in one go
  • be patient when using the spam action menu next to registered IP as there can be a bit of a delay in checking the numbers of blogs and spammed at an IP

Spamming an IP address

Previewing Suspected Splogs

With most blogs on the suspected blog page it won’t be obvious that they are splogs so you will need to preview them.

As you work through previewing the suspected splogs you need to:

  1. Spam definite splogs by either clicking on Spam next to their domain or their IP address
  2. Click on Ignore for blogs that definitely aren’t splogs
  3. Take no action of blogs you aren’t sure about – so you can continue to monitor them on the Suspected Splog page

To check you should start by first clicking on their post title.  This loads a preview of that post.

  • Obvious signs of splogs are lots of link within post content that link to the same or similar websites – have a quick check of all links in their post to see where they are linking as some sploggers are very clever
  • Links to a websites at the bottom of the post
  • If unsure after checking a few posts then make sure you preview the blog because some splogs are clever and put the links in their blogroll on the sidebar

Previewing a post in the suspected splog list

If the blog doesn’t have any post then click on the domain name to load a preview of the blog

  • this loads slower than the previewing a post so in most situations it’s best to use post preview where possible
  • some sploggers will replace the Hello World with their spam post and this is the only post they will have on the blog

Previewing a blog

Make sure for any suspect blogs you check their blogroll as some clever splogs hide their links in the sidebar

  • In the example below the splog linked to sex sites using the blog roll while hiding it in what appeared to be a harmless pet blog.

Example of links hiden in blogroll

Working With The Splog Review Request Form

The blog-suspended.php is used to show the user friendly spammed page with the review form so that users can request their blog to be unspammed.

This form is the fastest option for unspamming blogs incorrectly marked as spam.

The Splog Review form

The Splog Review Request Form is submitted to the email address listed in Network Admin > Settings — make sure you have changed the email address or set up your email account.

Site Admin > Options Email address

All you need to do is click on the review link in the email:

Splog Review Request email

This takes you to the location of that blog on your Recent Splog page.

Now unspamming a blog is as simple as:

  1. Click on post titles to preview the posts to confirm it isn’t a splog
  2. Click on the Not Spam action link to unspam a blog

Unspamming blogs from the recent splog page

What To Do If You Incorrectly Spam A Large Number of blogs from the same IP address

You can quickly unspammed blogs from the same IP address as follows:

1.  Copy the registered IP address of one of the blogs for the Recent splog page
2.  Go to Network Admin > Sites
3.  Add the IP address and then click Search IP
4.  Select the blogs and then click Not Spam

  • On Edublogs it’s easy to spot if blogs have accidentally been marked as spam from the one IP address by checking their email address as they’ll often be from the same institutional domain email address

Unspamming blogs from the same IP address

Working with Spam Keyword searches

The API service works by checking recently created blogs, usernames and newly published posts.

Whereas the Keyword search is designed to find old and inactive splogs that the API service would no longer catch — since the splogs aren’t being updated.

It works by referencing keywords in posts using our Post Indexer plugin.

To work with the Spam Keyword search:

  • You must have installed our Post Indexer plugin.
  • You must understand that the keyword search only referenced posts back to the date you originally installed Post Indexer plugin — the Post Indexer doesn’t index any post prior to the date it was installed
  • The Keyword should only be added to the Spam Keyword search on the Anti-splog Settings page temporarily while searching for splogs
  • Once you’ve used a keyword, actioned the suspected splogs located using the keyword on the Suspected splog page then you SHOULD remove that search term from your Anti-splog Settings page
  • Only use about 2 keywords per search as it can slow down or timeout your Suspected Blogs page — if you get a white page on the Suspected Blogs page just remove the keywords you’ve added
  • Remember keywords are not case sensitive and can match any part of the word.
  • Ideally try terms being used by your splogs but aren’t used much by genuine blogs

To use the spam keyword search:

1.  Go to Network Admin > Settings > Anti-Splog

2.  Click on the Settings tab

3.  Add your Spam Keyword search terms – only add 2 keywords at a time

4.  Click Save Changes at the bottom of your Anti-splog Settings page

Using Keyword searches

5.  Check the suspected splogs located using the keyword on the Suspected splog page (they will appear at the top of the page)

Keywords on Suspected Splog page

6.  Click on Spam blogs that are definitely splogs or on Ignore blogs that are definitely not splogs

7.  Once completed go back to your Settings page and do a new search

8.  When finished remove all keywords from the Spam Keyword Search field on your Settings page and click Save Changes

Creating your own signup page

If you’re an advanced user and you wish to create your own wp-signup.php form then you can create one named custom-wpsignup.php and drop this into your /wp-content/ folder.

Anti-Splog Features

Stop spam blogs in their tracks

  • Change signup page location every 24 hours
  • 5 layer splog protect
  • 3 human tests to choose from
  • Smart API is constantly improving
  • Recent splog list and manual splog moderation
  • Block bot and manually created splogs
  • Crowdsourced splog fighting
  • Blacklist IPs
  • Spammed blogs are archived for easy recovery
  • Instant previews