Plugin Sale! Save 15% on pro plugins with discount code: FALL2020
Web Dev + WordPress + Security

WordPress Tip: Quick Hack to Block Spam for the Wordspew Shoutbox Chat Plugin

Recently, I reactivated an older version (1.16) of Jalenack’s Wordspew Shoutbox plugin for the Dead Letter Art Chat Forum. The DLa collective has been working on a new issue of their ‘zine and needed an easy online chat location for impromptu business dealz (ideas, planning, etc.).

Almost immediately after reactivating the Shoutbox plugin, the chat forum was flooded with an endless wave of spam. The rate and volume of spam was so high as to render the forum utterly useless. — Ugh.

Update: We now use Simple Ajax Chat for all of our chat-forum needs. It protects against spam automatically. And it’s supa fresh.

Determined, we tried several unsuccessful techniques for blocking the relentless spam attack:

  • Enabling of the “Only allow registered users” option
  • Tweaking of the default “CENSORS” filter within the script
  • Locking things down via htaccess password restriction
  • Locking things down via PHP password restriction

Serendipitously, while tweaking the script’s “CENSORS” filter, I noticed the subsequent setting of several key variables:

  • $jal_user_text
  • $jal_user_name
  • $jal_user_url

Aha! Using PHPs stristr() function, it is possible to immediately test each of these three variables for key character strings. Based on the results of such a test, it is then possible to block any chat posts containing spam-related content. In my experience, 99.9% of chat spam contains one of the following characters:

  • href
  • http

Thus, by testing each variable for any instances of these character sequences, it is possible to block 99.9% of the spam from hitting Wordspew-powered chat rooms. This technique effectively blocks any chat posts or usernames containing links and/or complete URLs (i.e., any URL containing “http”). This requires that “legitimate” chat users refer to URLs in the following format:

domain.tld/path/blah/blah

Not as easy as clicking on a link or copy/pasting a full URL, but definitely a small price to pay for a virtually spam-free chat forum.

The Fix

For older versions of Wordspew (the DLa site uses a highly customized version 1.16), open the plugin’s wordspew.php file and locate the following chunk of code, which is located just after the “CENSORS” option:

$jal_user_text = jal_special_chars(trim($jal_user_text));
$jal_user_name = (empty($jal_user_name)) ? "Anonymous" : jal_special_chars($jal_user_name);
$jal_user_url = ($jal_user_url == "http://") ? "" : jal_special_chars($jal_user_url);

Or, for newer versions of Wordspew, locate the following code in the wordspew.php file (this example taken from version 2.4):

global $jal_table_prefix;
$conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_select_db(DB_NAME, $conn);

Then, immediately after the last line of the relevant code block, insert the following anti-spam solution:

// BEGIN ANTISPAM FIX

if (
	stristr($jal_user_text,'href') || 
	stristr($jal_user_text,'http') || 
	stristr($jal_user_name,'href') || 
	stristr($jal_user_name,'http') || 
	 !empty($jal_user_url) 
	) { 
		die(); 
}

// END ANTISPAM FIX

And that’s it! Save, upload the file and refresh your chat screen. If you listen carefully, you will hear the sounds of a million spam posts bouncing off the walls. Ahhhhhh, so nice ;)

Sealing the Deal..

After implementing this hack on the Dead Letter Art website (taken offline in 2011), chat spam dropped to nearly zero, leaving us with a relaxed, peaceful, and spam-free forum that is available whenever we need it. Hopefully, future versions of the excellent Wordspew plugin will include similarly effective spam protection. For now, this “quick and dirty” hack will definitely do the job.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
Banhammer: Protect your WordPress site against threats.

6 responses to “WordPress Tip: Quick Hack to Block Spam for the Wordspew Shoutbox Chat Plugin”

  1. hi, just read u posting about spam

    im having trouble at myspace,where
    a guy and girl are freezing the screen with some sort of spam.
    It has screw my computer up to the point i had to reinstall my windows

    at first i could hit the refresh
    and it slowed him some lol but he then up something on his side and i lost the spam game at that point,
    He’s using somekind of program to over load the chat board i guess
    thanks pat

  2. Great Tip…thanks

  3. Jeff Starr
    Jeff Starr 2009/05/11 9:56 am

    My pleasure, Mick — glad to be of service! :)

  4. Thanks for this great tip… The last I wanted encroaching on my clients shoutbox were those dopey links selling viagra!

  5. jefferson 2013/04/17 4:25 am

    thanks for the code bro, it worked in the simple ajax chat too by changing the variables from jal_* to sac_*

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Thoughts
Watching. Waiting. Praying.
Got all of my free WordPress plugins updated for imminent WP 5.6 in early December. Pro plugin updates currently in the works.
7G Firewall now integrated into BBQ Firewall (free version). Pro version soon ;)
macOS Big Sur update complete. So far no crazy issues. Except TextEdit, which is completely screwed up and unusable. Replaced with free BBEdit.
Got so sick of macOS’ annoying “red dot” that I had to remove System Prefs from the dock. Come on Apple you can do better.
Beginning development of an Nginx version of 7G Firewall.
Happy Birthday to Perishable Press, celebrating 15 years online! :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.