In reference to a question presented by Dale Grebey, research and document any issues (benefits, differences, operability, &c.) with implementing the blacklist via the Comment Moderation versus the recommended Comment Blacklist option.

This has been working great for a while, across a number of sites. Recently, all WordPress sites using:

1. Contact Form 7
2. Comment Blacklist Manager plugin
3. This source of blacklist entries

Have been marking most form submissions as spam, and therefore not sending.

If I empty the blacklist, it works fine.

I haven't investigated any further than that yet

Specifically related to the strings.txt entries, identify and remove anything that could be a valid, six-character hex value. For example: bfcddd or cdddbe

1

hcJT
Mu62TuRKEMQGvoPu5.org
[email protected]

469480 154313Really clean site , thanks for this post. 318830

2

set
[email protected]

Deberias hacer mucho mas articulos como este. Muchas gracias, Un saludo

https://libromundo.es/set-i-mig-de-l1-al-6-colC2B7leccio/

3

set
[email protected]

Me fascino demasiado tu post Muchas gracias, Un saludo

https://libromundo.es/set-i-mig-de-l1-al-6-colC2B7leccio/

4

Gene De Salis
[email protected]

I called you 2 times. WHy didn’t you pick up? I’m horny.. Please call me.

I’m online. You can chat with me by clicking this link.

https://sexlovers.club/

I'm new to WordPress and maybe just use the blacklist somewhat incorrectly, but with the current list all my comments go to the spam folder. I think that's due to meta characters usage in the list.

In WordPress all words are eventually fed into preg_match function in wp-includes/comments.php and with too broad regex from the blacklist every comment ends up in the spam folder.

I manually removed all the suspicious regex words from my list and now it works properly for me.

Sorry if this is a non-issue and I just missed something obvious.

Thank you for the effort.

I have some new keywords to be added as black list keywords. Is there some application to check for those keywords and if not, then added ? Thanks

I just cleaned out my spam, here's some suggestions:

gginza
louisvuitton
calvinklein
kakaku
rolex
wtobrand
gowatchs
eevance
brandiwc
bestevance
ooobag
ooobrand
ooowatch
laferradura

The list includes in, is, and it. Shouldn't flag these words should it?

Using the latest version that pulled the keywords that affect user agent strings, suddenly two known commenters (10+ approved comments each) got tagged for moderation. (I have the list as my moderation list not my blacklist right now).

Comment content:

My Simple Google Connect plugin had this partly working. It’s primitive,
but it does work. Wouldn’t take a while lot of effort to rip that code apart
and change it up to handle this properly. Two factor is an easy addition too.

and

Permit Google login but only from approved domains i.e. Google Apps?

Both from good people (Otto and Jan). Checked on another site and all comments similar seem to be stuck. Users using everything from Chrome to IE (yeah I know) on totally separate networks.

I love what you're doing here. any issue with me using the file as a source for a plugin to auto-update the moderation / blacklist field?

I’d appreciate any pointers or information on setting something like that up for this project, if that’s something you’d be interested in helping with.

Yes, I can contribute by adding a testsuite in one of the following environments

• php (phpunit 8)
• javascript (for example jest)
• bash (shunit2)

Do you have any preference or suggestions on these environments?

Personally I would make the testsuite very simple: just parse two folders consisting of text files, the folders could be named something like:

• "false_positive"
• "false_negative"

The test is successful if any string in any text file of "false_positive" is not detected by the txt list and any string in any text file of "false_negative" is detected by the txt list.

Then run that testsuite on GitHub Actions (before every merge).

That would be cool, what do you think?

Originally posted by @vielhuber in #44 (comment)

ok, here it is: https://bitbucket.org/reaktivstudios/comment-blacklist-manager all my testing has been good. it also allows for filtering the the file location, it adds a new field for exclusions, and also merges in any local updates made. care to take a look and some testing?

Just a heads up:
With the coming WordPress 5.5 the blacklist_keys are changed to blocklist_keys.

See this changeset:
https://core.trac.wordpress.org/changeset/48121

For all the people maintaining plugins to update those keys with the list.

What about removing /index.php, /index.aspx, … from the blacklist?

Great list but this one came through:

gaibanda

There is also a couple of comments with phone numbers only. For example:

01961089455

How do you block that one?

Hi,

Is it not too strict to blacklist messages containing a simple exclamation mark (!)?

The backlist.txt file blocks a lot of spam messages. Unfortunately, these two messages came through today:

There are a few URL shortener and page builder services that seem to be the source (or a bounce point) for a fair amount of spam. I am keeping an eye on the following domains, considering whether to add them to the blacklist or not.

dinkypage.com
ddrss.at

Your suggestions are welcome.

Hi - I have had about 80 spam messages get through all following the same pattern. I have now blocked the email address since they all use the same one for some reason, but I imagine they will realise using the same one is a silly idea and change at some stage.

The text does vary a bit (for different products) but there's definitely patterns. I've pasted some of the common messages below:

Motorola Moto E7 Power Case Cover & Accessories – Oz Cheap Deals
Motorola Moto E7 Power Case Cover Accessories Screen Protector, Shockproof Clear Case, Wallet Leather Flip Case, Car Mount Holder, Cables & Adapter Sale.

Motorola Moto G10 Case Cover & Accessories For Sale – Oz Cheap Deals
100% Brand New, High-quality Of Motorola Moto G10 Shockproof Case
Motorola Moto G10 Carbon Fiber is designed for an active lifestyle, you can continue to use your device without removing it from the case.

Nokia 1.4 Case Cover Screen Protector Accessories Sale | OzCheapDeals
Nokia 1.4 Case Cover Screen Protector Accessories , Shockproof Clear Gel Case, Wallet Leather Case, Car Charger, Car Mount Holder, Cables & Adapter.

I have also excluded the urls since they were pointing to the spam domain. You can see it in the screenshot above.

The email provider t-online.de is widespread e.g. in Germany.

All form requests (checked in this case with Contact Form 7 against https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt) are marked as spam when the customer enters a valid email address ending with @t-online.de.

Example code:

<?php
$input = '[email protected]';
$blacklist = trim( file_get_contents('https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt') );
foreach(explode("\n", $blacklist) as $blacklist__value) {
    $blacklist__value = trim($blacklist__value);
    $pattern = sprintf('#%s#i', preg_quote($blacklist__value, '#'));
    if(preg_match($pattern, $input)) {
        var_dump($pattern, $blacklist__value, $input);
        die('spam');
    }
}
die('ok');

I urgently recommend removing the following 2 lines from blacklist.txt to eliminate these false positives:

online.com
online.de

Recently recieved a couple of get rich via bit coin spam comments written in German making it through the filter.

Select words/terms:
schnell
BTC pro Woche
So verdienen Sie

Hi - I've had 2 very similar emails come through my contact form which uses the blacklist.

I wonder about adding TERMINATION of your domain and maybe PAYMENT WITHIN 24 HOURS?

YOUR IMMEDIATE ATTENTION TO THIS MESSAGE IS ABSOLUTELY NECESSARY!

YOUR DOMAIN binarymoon.blog WILL BE TERMINATED WITHIN 24 HOURS

We have not received your payment for the renewal of your domain binarymoon.blog

We have made several attempts to reach you by phone, to inform you regarding the TERMINATION of your domain binarymoon.blog

CLICK HERE FOR SECURE ONLINE PAYMENT: http://yourdomainboth.xyz/?n=binarymoon.blog&r=a&t=1607907113&p=v1

IF WE DO NOT RECEIVE YOUR PAYMENT WITHIN 24 HOURS, YOUR DOMAIN binarymoon.blog WILL BE TERMINATED

CLICK HERE FOR SECURE ONLINE PAYMENT: http://yourdomainboth.xyz/?n=binarymoon.blog&r=a&t=1607907113&p=v1

ACT IMMEDIATELY.

The submission notification binarymoon.blog will EXPIRE WITHIN 24 HOURS after reception of this email

Perhaps the History section should only list specific milestones and changes to the blacklist. The various mentions and third party tidbits could be split out into their own section of the read me, like a news section.

To tidy things up a bit, the History section of the readme.md file could be relocated to its own document and formatted accordingly.

Hi, just one simple thing I caught this morning.

anything.wixsite.com gets caught by the site.co filter. Might want to adjust that, as there are a lot of people using Wix and sending their urls.

NacionAnime
[email protected]
18.212.164.230
Podrías llamarnos / ellos, “la nueva normalidad”
https://nacionanime.com/keystone-cambio-oficialmente-su-nombre-a-the-amazing-eternals-hay-detalles/

nacion anime
[email protected]
54.242.255.165

• velocidad de inicio distinta de cero
  https://nacionanime.com/viz-media-lanza-nuevo-libro-para-colorear-hello-kitty-friends/

anime clothes store
[email protected]
18.195.37.140
Reblogueé esto en RD Revilo.
https://nacionanime.com/las-5-mejores-escenas-de-monster-girl-ecchi-best-moments/

Nacón Anime
[email protected]
18.197.226.152
izinkan sy guardar n copiar dn beramal tuan ?? trima ksh
https://nacionanime.com/idolish7-primeras-5-escenas-bl-best-moments/

anime boy cool style
[email protected]
52.47.162.138
Interesante contribución. Gracias Dylan.
https://nacionanime.com/haifuri-the-movie-lanza-nuevos-efectos-visuales-clave/

anime girl ojos
[email protected]
18.195.95.146
ESTE ES OFICIALMENTE MI CAPITULO FAVORITO ???????? Aigoooo, son tan adorables
https://nacionanime.com/la-ultima-descarga-de-nintendo-bien-hecho-fantastic-four/

anime wallpaper aesthetic
[email protected]
13.229.81.123
Hola Bedtad,
https://nacionanime.com/shounen-adventure-anime-winter-2018-como-madan-no-ou-a-vanadis-mira-esto/

Nacion Anime
[email protected]
35.180.115.135
Gran parte
https://nacionanime.com/recetas-de-verano-japonesas-aptas-para-veganos-sunomono-y-somen/

Add a mention about Gravity Forms Blocklist to a new section of the read me, perhaps something like “Plugins that utilize the Comment Blocklist”.

Additional reference:
https://tourkick.com/advice-tips-howto/block-gravity-forms-spam-gravity-perks-disallowed-keywords/

Hat tip to @cliffordp for the information.

If I add items to "Local Blacklist" that later end up in "Disallowed Comment Keys", such as via a pull request that eventually gets merged, I want to remove all those duplicates.

I was thinking upon each save to run de-dup, and personally I'd prefer that, but I could see some people not. So either do it that way but give an option/filter to disable automatic -- and/or add a button to run it manually.

Doing only a de-dup button is probably the safest way to implement it and keep everyone happy (no surprises on removing without asking due to automatic plugin update).

Just a heads up - had some comments making it past the black list and into the comment moderation cue. Most of them about bitcoin, even though similar comments got binned straight away.

Emails an IP's I redacted as they're probably compromised accounts.

Hi - I got a domain spam email as seen below. Not sure what phrases you would add to this but it seems like there's a few potentials.

Expiration message of your binarymoon.co.uk

EXPIRATION NOTIFICATION

CLICK HERE FOR SECURE ONLINE PAYMENT: http://domainworldset.com/?n=binarymoon.co.uk&r=a&t=1601071266&p=v1

This purchase expiration notification binarymoon.co.uk advises you about the submission expiration of domain binarymoon.co.uk for your e-book submission.
The information in this purchase expiration notification binarymoon.co.uk may contains CONFIDENTIAL AND/OR LEGALLY PRIVILEGED INFORMATION from the processing department from the processing department to purchase our e-book submission. NON-COMPLETION of your submission by the given expiration date may result in CANCELLATION of the purchase.

CLICK HERE FOR SECURE ONLINE PAYMENT: http://domainworldset.com/?n=binarymoon.co.uk&r=a&t=1601071266&p=v1

ACT IMMEDIATELY. The submission notification binarymoon.co.uk for your e-book will EXPIRE WITHIN 2 DAYS after reception of this email

This notification is intended only for the use of the individual(s) having received this message.

PLEASE CLICK ON SECURE ONLINE PAYMENT TO COMPLETE YOUR PAYMENT

SECURE ONLINE PAYMENT: http://domainworldset.com/?n=binarymoon.co.uk&r=a&t=1601071266&p=v1

Non-completion of your submission by given expiration date may result in cancellation.

All online services will be restored automatically upon confirmation of payment. Delivery will be completed within 24 hours.

CLICK UNDERNEATH FOR IMMEDIATE PAYMENT:

SECURE ONLINE PAYMENT: http://domainworldset.com/?n=binarymoon.co.uk&r=a&t=1601071266&p=v1

bactrim side effects
[email protected]
15.188.145.159

Sulfamethoxazole bactrim generic name
A

This needs testing, but it appears that some strings which include apostrophes may not get applied by the blacklist.

For example, the term '' (a pair of serial apostrophes) did not catch a comment which included the phrase we''ve.

With further testing, it looks like "" (a pair of serial straight quotes) will not work either.

Wondering if this has something to do with the wptexturize() function? Comment text that includes straight quotes will appear correct in edit mode, but has smart quotes applied when previewed.

This one passed in the comments:

Rodneyjet
[email protected]
13.233.174.55

reduslim trovaprezzi
Rodneyjet

We've had an issue with false positives triggered when visitors enter addresses or abbreviations containing a period followed by a comma: ".,"

Examples triggering the false positive:

"I have an appointment today at 4 p.m., but I need to cancel."

"My address is 123 Maple Dr., Smallville."

Can you please remove ".," from the blacklist since it's too broad? Thanks!

[email protected]
65.108.2.177

Vulkan Vegas looks like a professional casino with a lot to offer. At first glance, the platform seems quite simple; however, they genuinely go out of their way to produce some really cool Vulkan Vegas brings you a different take on the betting platforms you’ve become so accustomed to. This platform is fresh and exciting. What adds to the appeal is the riveting bonus polskie kasyno online legalne From this Vulkan Vegas casino review, it’s evident that it has a lot to offer. Ranging from the vast assortment of games with new ones constantly being added to the fantastic

Windows Polecenia
[email protected]

Cechą talentu jest niemożność pisania na zamówienie… Poza tym to Zgadzam sie z Toba w 100 i popieram w/w poglady w soposb proSubiektywny 🙂 E. Zegadlowicz.

http://wierszpolecen.blogspot.com/

Frieda
[email protected]

avax yorum avax yorum

Avalanche, farkli alanlardan kullanicilarin gerçeklestirmek isteyecegi
çesitli finansal islemlere olanak sunmayi amaçliyor.
Kripto para borsasinin en önemli faktörlerinden biri olan AVAX ise, avax yorum yapan analistlere göre piyasada yasadigi dalgalanmalar sebebiyle gelecegine yönelik belirsizligini sürdürüyor.

avax yorum

Dannyhaire
[email protected]

https://www.taskade.com/d/HQZ91kXdc541t4Ja?share=edit&edit=mj51ig77QWzZY5kz

__, _.

Windows Komendy
[email protected]

Słowa mają ogromną moc bardzo w to wierze. Mogą inspirować, dawać motywację lub pocieszenie, a gdy go potrzeba. Czasem w jednym zdaniu zaklęta jest madrość, ktorej szukamy w naszym zyciu przez dlugi czas i dzięki wyszukiwarkom znajdujemy ją na takim blogu jak Twój :-).

http://wierszpolecen.blogspot.com/

aScFCsEZTO
FkRowt1.net
[email protected]

310285 482183OK initial take a great look at your self. What do you like what do you not like so a lot. Work on that which you do not like. But do not listen to other individuals their opinions do not matter only yours does. Work on having the attitude that this is who youre and if they dont like it they can go to hell. 92604

Surprisingly, WordPress also applies the blacklist against the user agent string.

This will be finally fixed in WordPress 5.5 after I reported it a while ago:
https://core.trac.wordpress.org/ticket/49902

Fashion Styles
[email protected]
18.236.65.155
The very core of your writing while appearing reasonable originally, did not really work perfectly with me personally after some time. Somewhere throughout the sentences you actually were able to make me a believer but just for a very short while. I still have got a problem with your leaps in logic and one might do well to help fill in those gaps. In the event that you actually can accomplish that, I would definitely end up being fascinated.

https://www.ifashionstyles.com

And

Avatar Siena
[email protected]
34.222.255.228
how is cbd extracted

https://www.independent.co.uk/student/career-planning/az-careers/animal-welfare-671974.html

There is a potential issue with the Site Reviews plugin, where its use of the blocklist does not apply any keyword containing an underscore.

Reported by @Broders61849923

“… I'm trying to use your list of blacklisted words on Github. However it seems that all entries containing a ‘_’ don't seem to work. For example _blackjack gets refused, but ‘blackjack’ doesn’t.”

eyeMug
[email protected]
46.137.29.160
hello, how can i solve this problem with this page showing? eyeg

@splorp
You can search on this spam in Google. Unfortunately, a lot of people are being spammed with that sentence.

I had CF7 throw a hissy fit and refuse to allow forms to be posted after adding the black list. I thought my message was pretty innocuous.

Is there a way of parsing the message through the black list and testing what line it fails on so I can review possibly removing some phrases if they are tipping the black list too often. I can then feed back findings.

The message was to clients after I upgraded hosting - as it lets me also check forms havent died for any reason.

My message :
We've just upgraded the hosting on your site - to make it faster, stronger, more able to leap tall buildings and onto devices quickly.
Just letting you know.
Enjoy
Shane

Tahlia
[email protected]

Фільми та серiали 2020 українською мовою в HD якості link

Anthonyabarm
[email protected]

Автоновости на Avtodomen.ru: всё о машинах и авторынке — Интересные новости о выпусках, разработках, происшествий об автомобилей
http://avtodomen.ru/ – More info>>>

Alfredmox
[email protected]

hydrarusoeitpwagsnukxyxkd4copuuvio52k7hd6qbabt4lxcwnbsad.onion

как зайти на официальную гидру

Магазин Гидра
как зайти на официальную гидру
hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid.onion
hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid
hydrarusawyg5ykmsgvnyhdumzeawp465jp7zhynyihexdv5p74etnid.onion

hydra onion
гидра рабочее зеркало
hydrarusawyg5ykmsgvnyhdumzeawp465jp7zhynyihexdv5p74etnid.onion
гидра сайт
hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid

StewartHoasy
[email protected]

XYZ 壯陽藥春藥專賣店 大量購買有優惠

https://man-r20.com/

Remona
[email protected]

Hola , estamos een diciembre con hardto calor, soy de chile y tte sigo!!
Santiago ees seco así que también cambio mi rutina… cambió tu rutina
en estls meses de calor ? Me encanta tu piel besos !!

Timothyrib
[email protected]

гидра сайт
hydra onion

Президент США Джо Байден в интервью телеканалу NBC заявил, что гражданам страны необходимо незамедлительно покинуть Украину.

OVksOIiBM5iwoy
1oZTAJY7NDvTo.to
[email protected]

366267 616129Were glad to become visitor on this pure site, regards in this rare info! 735282

JosephNeona
[email protected]

hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid

hydrarusawyg5ykmsgvnyhdumzeawp465jp7zhynyihexdv5p74etnid.onion

Robertfogue
[email protected]

По словам главы МИД Украины, у Москвы есть 48 часов, чтобы предоставить требуемую информацию.
РИА Новости

гидра не работает

hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid

Bruce Brakstad
[email protected]

https://www.whimsicalitygraphics.com/canon-r-vs-the-canon-rp/

Sheltonpoups
[email protected]

hidraruzxpnew4af.onion
hydrarusawyg5ykmsgvnyhdumzeawp465jp7zhynyihexdv5p74etnid.onion
Байден призвал американцев «сейчас же» покинуть Украину, поскольку в стране может обостриться ситуация.

This is what I got in inbox today:

Text To Speech In 3 Clicks - Real sounding human voices!. For a free demo. Write a reply here: [email protected]

Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

Hey.. I was wondering why i would receive this error.. when I copy just a few they get punched into my blacklist on wordpress just fine... But when I "copy all" and paste, this message pops up.. Would you have an idea why? Apparently, I can go in and change Mod_Security.. From what i read online.. If you know if there are some key words causing this issue, or maybe the paste all at once... it would be great to know.. Thanks for the help.. NOTE: I can paste all but when I go to save I receive this message.

I'm experiencing some HTTP ERROR 500 when i try to save my changes. I've been using the blacklist in other wordpress installations and this is the first time that these happen. Could you give me some recommendations of why this may be happening. Thank you very much.

Avatar bactrim ds
[email protected]
35.181.65.54

trimoxazole ds sulfamethoxazole uses

felphi.com
jaffx.com

From: Dawn Frasure [email protected]
Subject: Invite Bloggers and Webmasters to Fill Out Our Paid Survey

Message Body:
Invite Bloggers and Webmasters to Fill out Paid Surveys

I'm Dawn from Centtip.

We are working with Inboxdollars to provide bloggers another opportunity to earn cash.

After joining Inboxdollars, you will be able to get rewards by sharing your opinions online.

Paid surveys have been prepared for you: https://www.centtip.xyz/getcash

Regards,

Dawn Frasure

The blacklisted word "cialis" is embedded within the word "specialist" which causes a false positive on medical and educational websites (among others).

text follows:

From: Antonio Meaux [email protected]
Subject: StarDataGroup.com Shutting Down

Message Body:
It is with sad regret to inform you StarDataGroup.com is shutting down.

Fire sale till the 7th of Feb.

Any group of databases listed below is $49 or $149 for all 16 databases in this one time offer.
You can purchase it at www.StarDataGroup.com and view samples.

• LinkedIn Database
  43,535,433 LinkedIn Records

• USA B2B Companies Database
  28,147,835 Companies

• Forex
  Forex South Africa 113,550 Forex Traders
  Forex Australia 135,696 Forex Traders
  Forex UK 779,674 Forex Traders

• UK Companies Database
  521,303 Companies

• German Databases
  German Companies Database: 2,209,191 Companies
  German Executives Database: 985,048 Executives

• Australian Companies Database
  1,806,596 Companies

• UAE Companies Database
  950,652 Companies

• Affiliate Marketers Database
  494,909 records

• South African Databases
  B2B Companies Database: 1,462,227 Companies
  Directors Database: 758,834 Directors
  Healthcare Database: 376,599 Medical Professionals
  Wholesalers Database: 106,932 Wholesalers
  Real Estate Agent Database: 257,980 Estate Agents
  Forex South Africa: 113,550 Forex Traders

Visit www.stardatagroup.com or contact us with any queries.

Kind Regards,
StarDataGroup.com

--
This e-mail was sent from a contact form on Centuriontech.eu (http://centuriontech.eu)