Filtering Spam with Spam-X

From GeeklogWiki
Jump to: navigation, search

The Spam-X Plugin interface has been designed so that other modules and plugins can use the Spam-X engine to examine user submitted text.

The code from lib-comment.php can be used as an example of the call.

    // Let plugins have a chance to check for spam
    $result = PLG_checkforSpam($comment, $_CONF['spamx']);

    // Now check the result and display message if spam action was taken
    if ($result > 0) {
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');

Alternatively, you could redirect them to the site's index page:

    // Now check the result and display message if spam action was taken
    if ($result > 0) {
        echo COM_refresh($_CONF['site_url'] . '/index.php?msg='
                         . $result . '&plugin=spamx');

The use of COM_displayMessageAndAbort is recommended, as that will also send a proper HTTP status code (403, i.e. "Access denied", in the above example) and abort immediately while COM_refresh will cause another page load and put additional load on the webserver.

All that is required is to send the comment to Spam-X with the PLG_checkforSpam call. The two parameters are the comment text itself and an action number which tells Spam-X what actions to take if spam is found. You can use the built in actions by passing the sum of the numbers of the Spam-X action modules for those actions you want to use. The actions are performed in numerical order. The current action modules are:

  • Mail admin: 8
  • Ignore comment: 128

So to ignore the comment pass 128, to mail the admin pass 8, to do both pass 136. All action module numbers are multiples of 2 and each modules number is AND'ed with the value you pass to the plugin. The modules are executed in numerical order so Mail Admin would happen before Ignore Comment. Best practices require that you put this action number in a configuration variable, so that the site admin can change it if necessary. If you do not want to use any of the Spam-X action modules then pass 0 as the action and check the return from the function call. If spam is found it will return true if not false. If you do not pass anything as the action then the system default will be used.

The "comment" you pass to checkforSpam should contain everything you want to be checked for spam. Usually, this includes the text of the post (article, comment, ...) and any other relevant information provided by the user, such as URLs.

Note: When your code passes something that you know is a URL (e.g. because your form has a separate URL field), make sure it is a proper URL. When using a placeholder value such as http:// to indicate to the user that they should enter a URL in the field, make sure that they actually entered a URL. It seems that at least the SLV module treats everything that completes such incomplete URLs as spam

Module Types

Spam-X has three types of modules: admin, examine, and action. Each module is contained within a class file. The name of the file the module is in is critical. For example: an admin module must end with .Admin.class.php. The first part of the file name must be the name of the class contained within the file. So if the class was named MassDelete then the file would be named MassDelete.Admin.class.php. Examine modules end in .Examine.class.php and Action modules end in .Action.class.php. If you add a new action to Spam-X, you must assign it a number. Pick a number not used by other action modules and in the correct numerical sequence.