前言介紹
- 這款 WordPress 外掛「AntiSpam for Contact Form 7」是 2021-05-23 上架。
- 目前有 10000 個安裝啟用數。
- 上一次更新是 2024-07-02,距離現在已有 306 天。
- 外掛最低要求 WordPress 5.4 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.6 以上。
- 有 8 人給過評分。
- 論壇上目前有 1 個提問,問題解答率 0%
外掛協作開發者
外掛標籤
GeoIP | antispam | honeypot | security | blacklist |
內容簡介
您現在使用的防垃圾郵件插件效果不佳嗎?也許是因為它沒有使用正確的方法來阻止攻擊您的機器人,但我想我有一個解決方案!
「Contact Form 7防垃圾郵件插件」是一個免費的插件,可為Contact Form 7阻止機器人洪水般的郵件而不需要繁瑣的配置和驗證碼。
為了實現這一點,我們使用不同的頁面機器人捕捉和基於統計學的“貝葉斯”垃圾郵件過濾器B8的自動學習機制。
CF7-AntiSpam運作良好,並為Flamingo添加了一些功能。如果兩者都安裝了,Flamingo將獲得一些額外的控制,還可以啟用額外的儀表板小部件。
安裝設定
基本操作 - 安裝並立即使用!不需要配置/金鑰/註冊以獲取防垃圾郵件保護。在這種情況下,只能啟用一些保護措施,如指紋識別、語言檢查和蜜罐。
進階操作 - CF7A需要解析您表格的輸入信息字段,才能使用其字典正確分析郵件內容。
因此,您需要添加一個“標記”來“通知”防垃圾郵件檢查此字段(您需要為網站上的每個聯繫表單執行此操作)
所以,您需要為每個要安全保護的聯繫表單的每個附加設置面板添加“flamingo_message: '[your-message]'”。該方法與您使用Flamingo所用的方法相同。
我知道,這很煩人,但對於高級文本統計分析而言是必需的,沒有此B8過濾器將無法啟用。
GeoIP(可選)- 如果您需要限制哪些國家(或語言)可給您發送電子郵件,哪些不可,請啟用此功能。
為了啟用GeoIp,您需要同意GeoLite2最终用戶許可協議並註冊GeoLite2可下載的數據庫,這樣您就可以獲得所需的密鑰下載數據庫。
要了解更多信息,請閱讀CF7-AntiSpam插件設置的相關部分並按照步驟操作。
可用的防垃圾郵件測試
✅瀏覽器指紋識別
✅語言檢查(Geo-ip,http標頭和瀏覽器-跨檢查)
✅蜜罐
⚠️Honeyform
✅ DNS黑名單
✅黑名單(失敗嘗試N次後自動封禁,用戶自定義的ip排除列表)
✅加密唯一散列的隱藏字段
✅時間消逝(具有最小/最大值)
✅消息/電子郵件和用戶代理中的禁用詞
✅B8統計“貝葉斯”垃圾郵件過濾器
🆕身份保護
擴展Flamingo並將其轉換為垃圾郵件管理器!
這樣,您就可以審閱電子郵件並“教”B8什麼是垃圾郵件,什麼不是(如果有些垃圾郵件通過,這可能很有用)
而如果您已經使用Flamingo?那就更好了!但請記住,在啟用之前,請添加“flamingo_message:'[your-message]'”到高級設置中(就像您對其他flamingo標籤所做的那樣)。
啟用CF7A後,所有以前收集的郵件都將被解析,並且B8將學習並建立其詞彙表。這樣,您將開始使用預先訓練的演算法。超酷!
備註:
-在Flamingo入站頁面的右側,我添加了一個顯示郵件垃圾文字級別的新列
-如果您在Flamingo“入站”中取消封禁電子郵件,
原文外掛簡介
Are you unsatisfied with your current antispam solution for Contact Form 7? It might be using an ineffective method to combat the specific type of bot attacks you’re facing. Fortunately, I have a solution for you!
Antispam for Contact Form 7 is a simple yet highly effective plugin that protects your mailbox from bot flooding. Say goodbye to tedious configurations and captchas, which often lead to reduced conversions and inconvenience for genuine users. Our plugin utilizes a combination of on-page and off-page bot traps, along with an auto-learning mechanism powered by a statistical “Bayesian” spam filter called B8.
CF7-AntiSpam seamlessly integrates with Flamingo and enhances its functionality. When both plugins are installed, Flamingo gains additional controls, and an extra dashboard widget is enabled.
SETUP
Basic – Install and go! No configuration, keys, or registrations are required to activate the antispam protection. In this case, some protections, such as fingerprinting, language checks, and honeypots, will be enabled.
Advanced – For CF7A to properly analyze the email content using its dictionary, it needs to parse the input message field of your form. To notify the antispam to check this field, you’ll need to add a “marker” to each contact form on your website. Simply add ‘flamingo_message: “[your-message]”‘ in the additional settings panel of each contact form you want to secure. This process follows the same method used with Flamingo. While this step may seem tedious, it is required for advanced text statistical analysis. Without it, the B8 filter cannot be enabled.
GeoIP – (Optional) If you need to restrict which countries or languages can email you, you can enable this functionality. To enable GeoIP, you’ll need to agree to the GeoLite2 End User License Agreement and sign up for GeoLite2 Downloadable Databases. This will provide you with the required key to download the database. For detailed instructions, please refer to the dedicated section in the cf7-antispam plugin settings.
Antispam Available Tests
✅ Browser Fingerprinting
✅ Language checks (Geo-ip, http headers and browser)
✅ Honeypot
️⃣ Honeyform
✅ DNS Blacklists
✅ Blacklists (with automatic ban after N failed attempts, user defined ip exclusion list)
✅ Hidden fields with encrypted unique hash
✅ Time elapsed (with min/max values)
✅ Prohibited words in message/email and user agent
✅ B8 statistical “Bayesian” spam filter
✅ Identity protection
🆕 Webmail protection
Extends Flamingo and turns it into a spam manager!
With this plugin, you can now review emails and train B8 to identify spam and legitimate messages. This feature proves useful, especially during the initial stages when some spam emails may slip through.
Already using Flamingo? Even better! Just remember to add ‘flamingo_message: “[your-message]”‘ to the advanced settings (similar to other Flamingo labels) before activating the plugin. Alternatively, you can explore the advanced options and select “rebuild dictionary.”
Upon activating CF7A, all previously collected emails will be parsed, and B8 will learn and develop its vocabulary. This pre-trained algorithm gives you a head start. How cool is that?
Additional Notes:
– A new column has been added to the right side of the Flamingo inbound page, displaying the level of spaminess for each email.
– If you unban an email on the Flamingo “inbound” page, the corresponding IP will be removed from the blacklist. However, marking an email as spam will not blacklist the IP again.
– Before activating this plugin, please make sure to mark all spam emails as spam in the Flamingo inbound section. This auto-training process will help the B8 algorithm.
– If you receive a spam message, please avoid deleting it from the “ham” section. Instead, place it in the spam section to teach B8 how to differentiate between spam and legitimate messages.
B8 statistical “Bayesian” Filter
Originally created by Gary Robinson b8 is a statistical “Bayesian” spam filter implemented in PHP.
The filter tells you whether a text is spam or not, using statistical text analysis. What it does is: you give b8 a text and it returns a value between 0 and 1, saying it’s ham when it’s near 0 and saying it’s spam when it’s near 1. See How does it work? for details about this.
To be able to distinguish spam and ham (non-spam), b8 first has to learn some spam and some ham texts. If it makes mistakes when classifying unknown texts or the result is not distinct enough, b8 can be told what the text actually is, getting better with each learned text.
This takes place on your own server without relying on third-party services.
More info: nasauber.de
Identity protection
To fully protect the forms, it may be necessary to enable a couple of additional controls, because bots use the public data of the website to spam on it.
– The first is user related and denies those who are not logged in the possibility of asking (sensitive) information about the user via wp-api and the protection for the xmlrpc exploit wordpress.
– The second one is the WordPress protection that will obfuscate sensitive WordPress and server data, adding some headers in order to enhance security against xss and so on.
Will be hidden the WordPress and WooCommerce version (wp_generator, woo_version), pingback (X-Pingback), server (nginx|apache|…) and php version (X-Powered-By), enabled xss protection headers (X-XSS-Protection), removes rest api link from header (but it will only continue to work if the link is not made public).
Mailbox Protection (Multiple Send)
Enhance email security by enabling the “Multiple Send” feature, which prevents consecutive email submissions to the user’s mailbox. This measure is effective in thwarting automated spam attempts and ensures a secure communication environment.
Privacy Notices
AntiSpam for Contact Form 7 only process the ip but doesn’t store any personal data, but anyway it creates a dictionary of spam and ham words in the wordpress database.
This database may contain words that are in the e-mail message, so can contain also personal data. This data can be “degenerated” that means the words that were in the e-mail might have been changed.
The purpose of this word collecting is to build a dictionary used for the spam detection.
Support
Community support: via the support forums on wordpress.org
Bug reporting (preferred): file an issue on GitHub
Contribute
We love your input! We want to make contributing to this project as easy and transparent as possible, whether it’s:
Reporting a bug
Testing the plugin with different user agent and report fingerprinting failures
Discussing the current state, features, improvements
Submitting a fix or a new feature
We use GitHub to host code, to track issues and feature requests, as well as accept pull requests.
By contributing, you agree that your contributions will be licensed under its GPLv2 License.
My goal is to create an antispam that protects cf7 definitively without relying on external services. And free for everyone.
if you want to help me, GitHub is the right place 😉
copyright
AntiSpam for Contact Form 7, Copyright 2021 Codekraft Studio
AntiSpam for Contact Form 7 is distributed under the terms of the GNU GPL
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the LICENSE file for more details.
Resources
Contact Form 7 and Flamingo © 2021 Takayuki Miyoshi,LGPLv3 or later
B8 https://nasauber.de/opensource/b8/, © 2021 Tobias Leupold, LGPLv3 or later
GeoLite2 license
GeoIP2 PHP API GeoIP2-php
chart.js https://www.chartjs.org/, © 2021 Chart.js contributors, MIT
Sudden Shower in the Summer, Public domain, Wikimedia Commons https://commons.wikimedia.org/wiki/File:Sudden_Shower_in_the_Summer_(5759500422).jpg
Contibutions
Mirek Długosz – #30 fixes a crash that occurred when analysing flamingo metadata
MeliEve – #42 Fix “internal_server_error” when message is empty
MeliEve – #61 Handle deferrer script loading
Zodiac1978 – #67 Remove warning for unsafe email configuration w/o protection
JohnHooks – #66 Readme + plugin env
Special thanks
This project is tested with BrowserStack. Browserstack
MaxMind GeoIP2
This plugin on demand can enable GeoLite2 created by MaxMind, available from https://www.maxmind.com
While enabled you may have to mention it in the privacy policy of your site, depending on the law regulating privacy in your state!
* GeoIP2 databases GeoLite2 Country
DNSBL servers privacy policies
dnsbl-1.uceprotect.net www.uceprotect.net license
dnsbl-2.uceprotect.net www.uceprotect.net license
dnsbl-3.uceprotect.net www.uceprotect.net license
dnsbl.sorbs.net sorbs.net license
zen.spamhaus.org spamhaus.org license
bl.spamcop.net spamcop.net license
b.barracudacentral.org barracudacentral.org privacy-policy
dnsbl.dronebl.org dronebl.org
all.spamrats.com spamrats.com tos
bl.ipv6.spameatingmonkey.net spameatingmonkey.net
Inspirations, links
Nikolai Tschacher incolumitas.com
Antoine Vastel fp-scanner/fp-collect
Niespodd niespodd
Thomas Breuss tbreuss
Domain Name System-based blackhole list wiki
dnsbl list wiki
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「AntiSpam for Contact Form 7」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
0.1.0 | 0.2.0 | 0.2.1 | 0.2.2 | 0.2.3 | 0.2.4 | 0.2.5 | 0.2.6 | 0.2.7 | 0.3.0 | 0.4.2 | 0.4.3 | 0.4.4 | 0.4.5 | 0.6.0 | 0.6.1 | 0.6.2 | 0.6.3 | trunk |
延伸相關外掛(你可能也想知道)
Honeypot for Contact Form 7 — Protect Contact Form 7 spam with ease! [100% FREE Anti-Spam Plugin] 》這個簡單的外掛模組增強了優秀的Contact Form 7 (CF7) 外掛,加入基本的蜜罐反垃圾功能,以防止垃圾機器人,而無需使用醜陋的 captcha 碼。, 蜜罐的基本原理...。
Gravity Forms Zero Spam 》這個 Gravity Forms 的外掛使用不會打擾使用者的防 spam 措施來封鎖垃圾郵件。您不需要進行任何設定或組態,只需要啟用這個外掛!, Gravity Forms 蜜罐欄位沒...。
Blackhole for Bad Bots 》, 添加您自己的虛擬黑洞陷阱來捕捉壞的機器人。, , 掰掰壞機器人⋯, 壞機器人是最糟糕的。他們會做各種討厭的事情並浪費伺服器資源。 Blackhole外掛有助於阻止...。
Maspik – Ultimate Spam Protection 》您的聯繫表格是否一直被垃圾郵件騷擾?, MASPIK可以幫助您阻止Elementor + CF7表單 +WordPress評論和註冊(以及Gravityforms + Wpforms + Woocommerce評論和...。
Honeypot Anti-Spam 》, Information, , Honeypot Anti-Spam is a WordPress anti-spam plugin that allows you to protect comment forms using the honeypot technique., By usin...。
Captcha for WordPress 》Captcha/Honeypot (CF7, Avada, Elementor, Comments, UltimateMember, WooCommerce) 可讓您輕鬆啟用自訂規則、驗證碼和基於 IP 的保護設置,以停止不需要的...。
Startklar Elementor Addons 》此外掛可在 Elementor-PRO 表單生成器中新增兩個小工具。, – 電話國碼 – 根據國家選擇電話字首, – 拖放上傳 – 拖放多個文件上傳欄位...。
Honeypot for WP Comment 》這是一個非常簡單的外掛程式,使用名為「蜜罐」的流行技術來過濾垃圾評論。這並非解決每一個可能的垃圾評論的百分之百解決方案,但我相信這個簡單的模式可以...。
Honeypot Anti Spam for Forminator Forms 》外掛需要啟用後,就會自動在所有的表單上加入一個能有效避免垃圾訊息的功能。外掛目前還在開發中,使用者如果遇到問題,可以在48小時內回覆您的問題。, , 問...。
Formidable Honeypot 》「蜜罐」技術是一種防止垃圾郵件的隱形方法,它能夠欺騙機器人填寫一個隱形的表單欄位。如果該隱形欄位已被填寫,則表單無法提交。這是一種簡單且不會打擾用...。
Honeypot Toolkit 》這個外掛可以讓你自動將你的 Project Honeypot 連結插入所有頁面,並將列在 Http:BL 清單中的 IP 位址封鎖。還有一個選項可以阻止列在 Spamcop 黑名單中的 IP...。
Send Denial 》Send Denial - 一個防止垃圾郵件的外掛, 此外掛將啟用蜜罐和其他反垃圾郵件技術(未來版本)以保護您的業務和郵箱免於自動化腳本垃圾郵件的攻擊。在“基本”蜜...。
Contact Form 7 Honeypot Plus 》這是一個功能強大的Contact Form 7防止垃圾郵件外掛。它引入了一個新的隱藏欄位,檢查該值是否正確。, Contact Form 7 Honeypot Plus的功能, , 無需配置, 更...。
Antispam for Elementor Forms 》總結:這個 WordPress 外掛為 Elementor Pro 表單新增了兩種防止垃圾郵件提交的方法 - 自動檢查 WordPress 評論黑名單和基於 JavaScript 的蜜罐欄位。, , 問...。
AP HoneyPot WordPress Plugin 》AP HoneyPot WordPress外掛基於Jan Stępień的http:BL,允許您驗證連接到您的博客的用戶端的IP地址, 與項目Honey Pot數據庫進行對比。通過http:BL API,您可以...。