luceos We've fine tuned spam prevention to reduce the necessary effort with moderation. I will do my best to improve the extension based on our experiences here on discuss and our experiences on our managed hosting.

Thank you for offering this to the public. Well done! 👍🏼

Does this extension use the same database from stopforumspam? If yes, that’s great! If not, I was wondering if I should install that extension along with this to make the fight against spam even better. My only concern is the incompatibility issue reported between stopforumspam and spamblock (see here).

      Lurker Does this extension use the same database from stopforumspam? If yes, that’s great! If not, I was wondering if I should install that extension along with this to make the fight against spam even better. My only concern is the incompatibility issue reported between stopforumspam and spamblock (see here).

      This extension can work with sfs, if it is installed it will use that extension to delete users with subjects of discussions containing spam. This extension doesn't independently use the sfs database or its api.

        luceos fof/spamblock - optional, when enabled immediately deletes users that open discussions with spam subjects

        So it works with both FoF/Spamblock and FoF/Stopforumspam. Wonderful!

        For the extend.php section, let’s say I already have contents inside the return [ ];, do I create another return line or can I just add this (new Spam\Filter) to the list?

        Example:

        return [
    (existing contents)
          // other info
    (new Spam\Filter)
          // use domain name
          ->allowLinksFromDomain
];

        Thanks for the help!

            Lurker that's correct, you add it inside the existing []. Two return wouldn't work. Don't forget to put commas between each extender since this is a PHP array.

              Lurker So it works with both FoF/Spamblock and FoF/Stopforumspam. Wonderful!

              No. My explanation was not good enough. This extension interacts with Spamblock if its installed and Spamblock interacts with SFS if its installed.

                Lurker My only concern is the incompatibility issue reported between stopforumspam and spamblock (see here).

                Both together are still not working for me. Same error as described.

                  Apologies if this has already been asked (or maybe it was me asking it, I can't find it... 🧐) but since I got my first spammer, I realized it's a bit awkward to delete the spam message first and then I have to open the just deleted discussion and go to the user profile separately and flag him as spammer. Is it possible to have a button that does that directly from the flagged post/discussion where with a single click the user is suspended and all his posts/discussion deleted?

                  Maybe it's a proposal for the Spamblock extension, but is it possible to fully delete the posts/discussions, not soft-delete them. The same for the user: is it possible that the user is not just suspended but also fully removed from the DB? Do you think it makes sense to fully delete the user or a suspension is better, like maybe if he is suspended it will make him more difficult to have to register a new user compared to re-registering the same user if he was fully deleted?

                  @luceos I'm not sure why that is but I got a newly registered user (luckily not a spammer) managing to bypass the spam prevention although he posted a link to Facebook which I'm not allowing. However I'm allowing links to YouTube and his posts contained two other links to YouTube. I tried a scenario to reproduce it (one Facebook link and one YouTube link) but couldn't. However if I test with the exact same post he had, I can reproduce it, so here's his post:

                  They've already mentioned Yuja and Khatia (who I'd nominate for the most *Khurvaceous Bach-*side). Here are three more candidates: Connie Han Jazz pianist ; Riyoko Takagi Autumn Leaves ; Donka Angatscheva : Classical trio . PS- No bunnies were harmed during the production of Riyoko's performance.

                  Here's the raw content of that paragraph above:

                  They've already mentioned Yuja and Khatia (who I'd nominate for the most \*Khurvaceous Bach-\*side). Here are three more candidates: Connie Han [Jazz pianist](https://www.facebook.com/conniehanjazz/videos/738541330863782) ; Riyoko Takagi [Autumn Leaves](https://www.youtube.com/watch?v=shD0270uII0) ; Donka Angatscheva : [Classical trio](https://www.youtube.com/watch?v=1fXDFp3qx7k) . PS- No bunnies were harmed during the production of Riyoko's performance.

                  And here's what I have in the extend.php:

                  return [
    (new Spam\Filter)
        ->allowLinksFromDomain('youtube.com')
        ->allowLinksFromDomain('youtu.be')
        ->allowLinksFromDomain('pianoclack.com')
        ->allowLinksFromDomain('pianoclack.s3.us-east-1.amazonaws.com')
        // How long after sign up all posts are scrutinized for bad content
        ->checkForUserUpToHoursSinceSignUp(24)
        // How many of the first posts of a user to scrutinize for bad content
        ->checkForUserUpToPostContribution(5)
        // Specify the user Id of the moderator raising flags for some actions, otherwise the first admin is used
        ->moderateAsUser(1),
        //->enable(),
];

                    CyberGene the extension has tests where I test specific real-life strings. I will add these and see what happens when I have some space in my agenda. Thanks for reporting this, it's very helpful 👍

                        luceos I think I see what the problem is. The regexp you use is:
                        preg_match("~https?:\/\/(?!([^\.]+\.)*($domains))([-\w.]+)~", $content);

                        This means that if it finds at least one URL with allowed domain in the content, the the content will be considered OK. As a result a spammer that knows I'm allowing YouTube, can insert various bad URL-s and one YouTube and bypass the detection. The logic should be the reverse: if at least one URL is matched with a domain that is not allowed, then the entire content should be considered suspicious.

                            luceos thank you! Just updated it on my forum and retested it and can confirm it's fixed. Appreciate the quick fix 👏🏻

                              17 days later

                              Is there any way to use regex, to e.g. allow internal IPs without getting it flagged? We have users posting configuration files with internal IPs and hence the extension accidentally flags them suspicious.

                                4 months later

                                Hey, I've been using this extension for a while now and I'm happy with its effectiveness, but now I wanted to automate even more with fof/spamblock, so I installed it, but there's no way to get it to work properly (I think), if the posts are marked as awaiting approval, they're supposed to be spam and therefore spamblock should kick in, right?

                                  5 months later

                                  pkernstock not yet (sorry for the late reply Patrick). I can potentially add something so you can run anything to whitelist (might do a quick thing tonight as a change of scenery).

                                    1.4.0

                                    Adds new (expert) feature to allow any link/url using the (new Filter)->allowLink() logic, see the OP

                                    1.5.0

                                    You can now disable specific components, like the UserBio spam prevent using (new Filter)->disable(), see OP.

                                    I am afraid the admin will get an approval/flag notification very often, only because users posted links or linked images. Could this be a little bit overwhelming for small forums?

                                    Is it possible to restrict links only for embedded images? It might be possible, that NSFW or similar from not trusted sources could be shown and that only specific image hosters are allowed. This could be helpful, because users often post links to their own websites or trustworthy/harmless websites and maintaining an allow link list would cost a lot of time.

                                    luceos it overwrites user bio's if it identifies spam

                                    What does it write into the bio, if it finds spam there? Will the whole bio be deleted or only the link, mail, etc.?

                                    luceos it identifies the language used against the language packs installed

                                    What exactly happens if it will find a word of another language, which is normally used in the local language? Will it be triggered if it finds single foreign words like "Gesundheit" or "Kindergarten"?

                                    luceos fof/spamblock - optional, when enabled immediately deletes users that open discussions with spam subjects

                                    Isn't deleting a use a little bit too much? Maybe it was a false alarm and deleting an user account for this sounds too drastic.

                                    And might a user be in danger, if it gets detected as a spammer? For example, if the username is spammer, but user isn't a spammer and provides a real email address, is the email address then uploaded and flagged as spam?