# b2 ANTI SPAM tutorial #

Created: 01.12.04
Changes: 16.12.04, added STEP 4, b2 word verifier
	 02.12.04, Ms Word Spellcheck & Grammar:)

This is an additional file to the b2anti-spam.zip hosted by b2 Cafelog Resource Center.
It is by no means _necessary_ to read through this file, but it may provide for some
helpful tips and hints.

SPAM has been a growing problem on the internet for years, and now it seems we've reached
some kind of peak, since spammers now are competing with each other to send out as much
as possible. You might ask: "Why do they do it? I'll never buy anything from spam!"
But the dreadful truth is that it works. There are still many who are tempted to shop on
a spammer's say-so.

Recently this problem has fallen into the hands of unsuspecting bloggers too!
By a brief search on "SPAM comments"  in google, you learn that most of the blog tools out
there have this problem too. MovableType, GreyMatter, Wordpress, etc.
In a way, that's good. More allies to defeat a common enemy:)

Well, enough chitchat. Let's move on to the necessary steps of reducing your blogspam!

Credits:
The main people behind this are Michael Park and Stevem who both joined me in my venture
to stop my 50 daily spam comments. It is thanks to their work we are looking at this file now.
And then there was all of us testing it, discovering bugs and asking for features:)



// STEP 1 (Avert Spam bots)

The first priority is to stop new, incoming spam. To do this we must find the method
the spammers use and prevent them from using it. It is a common mistake, believe it or
not, that spammers actually send their spam manually. Most of them use a script or a bot.

So, install the modification showing you "How to avert spam bots". (avert_bots.txt)

I've tested it on my own blog, and trying to run what I believe would be the bot's 
commands, it failed with a note: "This comment has been filtered as SPAM!"

Note: There is another way of dealing with this presented on the cafelog.com/board,
but during my testing I found it incapable of averting the bot.



// STEP 2 (Blacklist)

You're already half of the way! But there's still the 2nd half:)

Step one doesn't prevent anyone from _leaving_ spam, it just prevent someone from
executing external scripts and posting externally (sending 50 comments with 1 click).

So we want the spammers to be gone! The solution was provided by Michael P. when he
wrote the "Blacklist" hack which enables you to deny the spammer's IP address
(Internet Protocol address) of leaving comments. Go ahead! (blacklist.txt)

The genius of this blacklist is not just the banning of a spammer's IP, but also
the ability of deleting _all_ messages entered by this IP in two clicks.
When first installed, go to your EDIT/POST page and find a spammer's comment.
Click "Ban & Delete" which brings up a confirmation box, click "OK".
Then, click the blacklist on your b2 system's menu. You will note that the name
of the spammer and its IP is on the top ("checked" position) of the list.
Click "View comments". If there's none, there was only this post, if there was
fifty, all of them will show. Click the "Select All" and click delete:)
Good-bye Spam!

Note: You can always deny IPs using a .htaccess file, but we preferred an easy
solution _within_ the b2 system.



// STEP 3 (View All Comments)

Now we've stopped spammer's from using their bots and returning to add more spam.
Providing they have a static, unchanging IP, they will never leave more spam.
Unfortunately the vast range of IP addresses and different settings from one Internet
Service Provider to the other (not to mention the devious spammer ISPs) allows the
spammer to return with a different IP.

At the time of writing (01.12.04) Michael P. is looking at ways to deny a whole
sub range of IPs. Many spammer's use a Spanish server to send out spam with,
and it would be great to be able to ban the entire range of IPs. It isn't ready yet.

..
But you may, as I did, notice that there are still 5-20 spam messages coming by each
new post or comment you make on your b2. What's wrong! Are they using another kind of
bot? No, they've added spam comments with a Comment_ID above the present ID, so every time
you reach this or that number of posts, these messages are "released".

To solve this, install the "View all comments" hack by Stevem. (b2allcomments.txt)
Now you're free to browse ALL your comments on ONE page, letting you search and delete
comments. You should add the spammers' IPs to your b2blacklist, as well.


What've we accomplished up until now?
a) There's no way to run a spam bot on your b2 system.
b) A blacklisted IP may not leave more comments.
c) We've all the overview and control we need of old comments and incoming comments.

BUT, it's still possible to leave a comment filled with spam manually.
And you might have that once-in-a-day comment with Blackjack or Poker driving you mad.



// STEP 4 (Word Verifier)

This brilliant hack by Michael Park makes sure to stop those 1 a day spam comments.
Why? Because it makes the comment poster write the first word of the post or title (whichever you prefer).
Since I installed it, I haven't had any SPAM at all!

Make sure that you test it properly, though. The latest strip-tags that was included should render out
the problem that arises when your first word is an html tag or an image.



// ALTERNATIVE STEP 1 (Remove the possibility of leaving <a href=""></a> tags)

You can deny people using URLs in their comments, but this is not very popular as people
like to spread the link to their homepage, to some great link they've discovered or to
a fabulous recipe of Italian chicken salad.

I have not even considered doing this, but the option is there.
In the b2config.php file, line 197 remove <a> from 
$comment_allowed_tags = '<b><i><u><strong><em><code><blockquote><p><br><strike><a>';

Be warned that most surfers don’t like to be thus hindered. I like chickensalad.


// ALTERNATIVE STEP 2 (Open/Close Comments)

To reduce the incoming amount of spam even further, you can install the "Open/Close comments" hack
written by Michael P. In general it would seem useful to turn off commenting on older posts. This
hack lets you do just that. Fetch it from: http://www.michaelpark.net/b2hacks/closecomments.txt


// ALTERNATIVE STEP 3 (Deny "google bombing" spam)

This was introduced by tierra, and improved by Michael P.
Basically, it checks for any HTML links, and checks the link text for keywords spammers are using,
and let the flood protection system block the post.
You can install it from: http://www.cafelog.com/board/viewtopic.php?t=5957 (2nd post)

Read more about google bombs: http://www.microcontentnews.com/articles/googlebombs.htm


// ALTERNATIVE STEP 4 (Turn off e-mail notification)

Turn off the option that sends you an e-mail per received blog comment.
A spam attack is likely to cause heavy strain on the server, and there isn't really any good 
reason of having this feature turned on. Make a habit of visiting your own site often, rather.
In b2config.php on line 200 set $comments_notify = 0;



// ADDITIONAL STEPS (Annoy the annoyance)

I. Add these two links somewhere on your page, you can even have them invisible.
They send spam bots collecting fake e-mail addresses:
http://www.hostedscripts.com/scripts/antispam.html
http://www.anti-leech.com/spam/spambot_stopper.php


II. Download Lycos' new screensaver which floods the spam-servers with requests, causing the ISP
bill of the spammer to grow and grow:)
It was released the 1st of December 2004, so I haven't got the link yet:p
UPDATE: Because of legal issues and promised revenge fram spammers, the screensaver was withdrawn.
If you receive an e-mail with it, it's most possibly a virus.


III. Use Spam gourmet forward-addresses when signing up on message boards etc.
http://www.spamgourmet.com/


IV. Remove your you@yourdomain.com e-mail or re-phrase it: you[at]yourdomain, you|at|yourdomain etc.
Or use this nifty php sendmail form by Michael P.: 
http://www.michaelpark.net/b2hacks/contact.phps



// FINAL THOUGHTS

There are many ways to be spammed and many ways to stop them. In the beginning of this file I
didn't guarantee that you would never see spam in your blog again, I only guaranteed a significant
decline of spam amount. Spammers are mostly smart people, like it or not, and they will always
seek out new ways to make a quick buck.

At the time of writing I receive 1 spam comment every other day. Three months ago it was at least 50.
EDIT: By the last update, thanks to the b2 word verifier, I receive 0 spam comments per day.

// CREDITS
Michael P.
Stevem
tierra
All of the boardom users who tested the hacks
Cafelog.com and Michel V.
Securiteam.com (for the online HTTP Constructor)


// LINKS
http://www.cafelog.com/board/
http://www.sigg3.net/cafelog/
http://www.michaelpark.net/
http://www.cafelog.com/readme.html


This file is a part of the b2anti-spam.zip distribution hosted by http://sigg3.net/cafelog/
Any questions should be directed to me through http://sigg3.net/contact.php
b2 is released under the GPL, see http://www.cafelog.com/license.txt
b2 is superseded by Word Press, http://www.wordpress.org/