Implemented Spam phrases could also inspect thread title for matches

[Wildcat Media]

The ability to scan new messages for spam phrases has been helpful. Spammers nearly always post links in the message body, so using "http" as a filter helps to trap them before the message appears in public. (We send ours to the moderation queue.)

Spammers apparently are also now trying to use the thread title to promote a URL. An option to have the spam phrase filter check the thread title would be a welcome addition.

@wardsweb

 

[Mike]

I'm not sure if we should call this implemented, but the spam phrases option does include the thread title in the content it checks. It's included in the content we check before the main message body (so it's not distinguished within the content checked).

Because of some of the technical differences with post bodies and titles, there is a way to mostly catch a thread title that is a URL:

/^https?:\/\/\S+\n/si

We use that rule here. In the post body, the URL would be converted to a URL BB code automatically so it won't match that. (Technically this does catch a profile post starting with a URL, followed by a line break, though that might be a good thing...)

 

[snoopy5]

Maybe I misunderstand somethimg but it is still possible here in this support forum to post an url in the title. See here:

https://xenforo.com/community/threads/www-web-de.137487/

 

[Mike]

That wouldn't match the regex I posted -- you can adjust it if needed. But beyond that, you wouldn't be checked for spam (because of number of messages and because of group permissions).

 

[snoopy5]

sorry, I am not a coder so I do not ecatly what is codered with that code above. Is it only for supressing https sites?

 

[Mike]

It's specifically matching "http://" or "https://" (followed by a line break) at the beginning of what's passed to the spam phrases check. If you want to match www then you could do something like:

/^www\.\S+\n/si

We haven't felt the need to bring that rule in here -- we do see the spam with a URL in the title and at this point, it has always included the http part. As always though, you really need to tune your anti-spam rules to what is common on your forum (and which avoids false positives for your forum as much as possible).

 

[snoopy5]

How can I put both codes into one line?

And where exactly do I put this code in ACP?

 

[Mike]

They each go on their own line in the "spam phrases" option. (You can use the ACP search to be directed to it specifically.)

 

[snoopy5]

o.k., thanks. What if the spammer puts any kind of word before or after the url within the title? Will the posting be still surpressed?

 

[Mike]

Not with the examples I've provided. If you have any further questions, it's probably better to post in a separate thread as this is a suggestion over something particular with how the spam phrases system.

 

[Wildcat Media]

@Mike

Yes, indeed, the regex does work in XF 2.0. Tested it now with a new test account and it is working nicely. For the message body, I have been using simply 'http*' which has been catching links properly--if it is a little too aggressive, no problem, since all flagged posts go to moderation.

Are the thread titles also checked for spam phrases in XF 1.5, or was this added for 2.0?

(Never mind--I have it working in 1.5 now.)

Thanks for checking, and I probably should have posted this in the "troubleshooting area first", no?

 

[skicomau]

/^www\.\S+\n/si

Apologies for dragging this up @Mike

But what's the 'si' doing at the end of that regex? Seems like a curious part of the string to match?

 

[Mike]

Those are modifiers. In this case, for single line match (which I'm not sure is necessary) and case insensitivity. See http://php.net/manual/en/reference.pcre.pattern.modifiers.php

 

[skicomau]

doh!

of course, they follow after the closing / regex slash