如何有效拦截和过滤垃圾评论

针对那些使用技术手段,比如GET、POST等方式不填写前台表单,直接读取后台程序文件的spam,只有屏蔽IP才能缓解疯狗一样的攻势,其它什么验证码、滑动解锁等等都没用。

可以在.htaccess文件中添加:禁止某些IP访问。

1
2
3
Order Deny,Allow  
Deny from xxx.xxx.xxx.xx  
Deny from xxx.xxx.xxx.xx

 

 

有效地拦截内容中不带有中文字的comment和trackback(pingback)

1
2
3
4
5
6
7
8
9
/* refused spam */  
function refused_spam_comments( $comment_data ) {  
$pattern = '/[一-龥]/u';  
if(!preg_match($pattern,$comment_data['comment_content'])) {  
wp_die('评论必须含中文!');  
}  
return( $comment_data );  
}  
add_filter('preprocess_comment','refused_spam_comments');

 

 

 

代码将垃圾评论拒之门外直接将下面的代码放到主题的functions.php文件的最后一个 ?>前面即可:

 

// 垃圾评论拦截
class anti_spam {
	function anti_spam() {
		if ( !current_user_can('level_0') ) {
			add_action('template_redirect', array($this, 'w_tb'), 1);
			add_action('init', array($this, 'gate'), 1);
			add_action('preprocess_comment', array($this, 'sink'), 1);
		}
	}
	function w_tb() {
		if ( is_singular() ) {
			ob_start(create_function('$input','return preg_replace("#textarea(.*?)name=([\"\'])comment([\"\'])(.+)/textarea>#",
				"textarea$1name=$2w$3$4/textarea><textarea name=\"comment\" cols=\"100%\" rows=\"4\" style=\"display:none\"></textarea>",$input);') );
		}
	}
	function gate() {
		if ( !empty($_POST['w']) && empty($_POST['comment']) ) {
			$_POST['comment'] = $_POST['w'];
		} else {
			$request = $_SERVER['REQUEST_URI'];
			$referer = isset($_SERVER['HTTP_REFERER'])         ? $_SERVER['HTTP_REFERER']         : '隐瞒';
			$IP      = isset($_SERVER["HTTP_X_FORWARDED_FOR"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] . ' (透过代理)' : $_SERVER["REMOTE_ADDR"];
			$way     = isset($_POST['w'])                      ? '手动操作'                       : '未经评论表格';
			$spamcom = isset($_POST['comment'])                ? $_POST['comment']                : null;
			$_POST['spam_confirmed'] = "请求: ". $request. "\n来路: ". $referer. "\nIP: ". $IP. "\n方式: ". $way. "\n內容: ". $spamcom. "\n -- 记录成功 --";
		}
	}
	function sink( $comment ) {
		if ( !empty($_POST['spam_confirmed']) ) {
			if ( in_array( $comment['comment_type'], array('pingback', 'trackback') ) ) return $comment;
			//方法一: 直接挡掉, 將 die(); 前面两斜线刪除即可.
			die();
			//方法二: 标记为 spam, 留在资料库检查是否误判.
			//add_filter('pre_comment_approved', create_function('', 'return "spam";'));
			//$comment['comment_content'] = "[ 小墙判断这是 Spam! ]\n". $_POST['spam_confirmed'];
		}
		return $comment;
	}
}
$anti_spam = new anti_spam();

 

posted @ 2016-05-22 11:43  涅磐归来  阅读(998)  评论(1编辑  收藏  举报