Hi,
The firewall log should display a message similar to ‘Comment spam #N’ where N is a number. What is that number in your log?
The antispam does not rely on the message, but rather on the user and browser behaviour and uses for instance Javascript, HTTP headers etc to make the difference between a human and a bot.
Also, do you have any plugin that deals with forms?
Thread Starter
ecdltf
(@ecdltf)
The number was always #1.
I’m using the default WP comments, no custom forms; and no plugin that affects comments, as far as I can tell. Jetpack Comments are not activated.
This is the first very basic test using simple obfuscated JS code.
Can you try to:
1. Enable the antispam for comment.
2. Log out of WP dashboard, so that you are no longer whitelisted.
3. Load a page with a comment form.
4. From your browser, select “View page source” or similar menu option.
5. Search in the HTML source of the page the following string: document.write(String.fromCharCode
Can you see it?
Thread Starter
ecdltf
(@ecdltf)
Nope.
This is the site: http://dflect.net
Ninja’s Antispam (comment) is active and set to Low.
Akismet is active. But think this is not related.
The protection is not loaded. That is weird.
I will check later today with the latest Jetpack to see if there is a conflict somewhere.
Thread Starter
ecdltf
(@ecdltf)
In case it helps, these are the currently active Jetpack plugins:
Enhanced Distribution, Extra Sidebar Widgets, Monitor, Notifications, Omnisearch, Publicize, Related Posts, Sharing, Shortcode Embeds, Site Verification, Spelling and Grammar, Subscriptions, Widget Visibility
Thread Starter
ecdltf
(@ecdltf)
I deleted the cache and the code is on the page now. A test comment has passed through.
Maybe you should mention it somewhere that we have to delete the cache to make the Antispam work 😉
Thanks for the efforts.
Tom
Ok, that’s cool.
I’ll put a warning in the antispam page.
Thread Starter
ecdltf
(@ecdltf)
You said it mainly checks for bots. So what’s the difference between the 3 levels?
If I set it to High, are there chances that it will block a normal web browser?
What do mean approximatively with “user behavior”?
Level 1: uses obfuscated JS that requires a Javascript engine to be decoded. Browsers will get through, but most scripts won’t.
Level 2: ensures that the browser sends HTTP headers that most browsers should send (e.g. HTTP_ACCEPT).
Level 3: checks more headers (e.g., HTTP_ACCEPT_LANGUAGE), and ensure that there was at least 10s between the time the page was loaded and the time the form was submitted.
Usually, level 2 is enough.
Level 3 can be useful against “human spammers”.
Thread Starter
ecdltf
(@ecdltf)
Thanks for the useful info.
This makes sense and sounds like a good tactic. I will test it out for a couple of days on each level.
Thread Starter
ecdltf
(@ecdltf)
One more question: When I switch between the Antispam levels, does the inserted code remain the same or do I have to reload caches each time?
It is different each time, but for levels 1 and 2 it should not really be a problem.
However regarding level 3, it should not be cached.
I will check this week if we need to prevent caching of the form when the antispam is enabled.
Thread Starter
ecdltf
(@ecdltf)
I will check this week if we need to prevent caching of the form when the antispam is enabled.
When you do so, please consider also plugins like Autoptimize, and the preloaded cache of WP Supercache.
Hiya guys;
I’m the autoptimize developer; best approach would be to exclude the JS that ninjafirewall antispam inserts. There’s info in the FAQ on how to do that for both inline JS and insourced JS-files.
Hope this helps,
frank
(@ecdltf)
11 years ago
Today I tried out the Antispam feature the first time. I set it to Low and posted test comments to my own blog. So far each comment has been blocked. (I used different mail addresses (real and fake), different http addresses, and some unsuspicious words in the text field – not too many, and without further links in the text.)
So I’m asking, what does a comment have to look like to get through at all?
Can you elaborate on how the Antispam filter works? (I didn’t find anything in the documentation.)
Thank you.
Tom
https://ww.wp.xz.cn/plugins/ninjafirewall/