You should not do that.. but if you really want to, better insert it manually into evo_antispam than to change the variable that gets used to check for minimum length.

I've had quite a few false positives over time, and adding such a short keyword probably increases the chances of this happening. It wasn't 72i (who've been hitting me recently with variations such as brad.72i.com, mary.72i.com etc) by any chance was it :) ?

Only slightly related: in the example greenman gives please report ".72i.com" (notice the preceding dot?) so's those of us who turn reports into keywords will know, or have a good idea, that you've been hit with multiple subdomains of the same domain name. We really have to focus on fully punctuated keywords now that phoenix checks comment text for banned keywords, so beginning and middle or beginning and end punctuation is a good thing.

Sample good things:
.foo.tld (for subdomains or roots with a www in their url)
/foo.tld (if they don't have a www in the url)
.newdrugname-
-weirdpornfetish.

While in general shorter keywords could lead to false positives it would be nice as an option.
I have yet to see the first non-spam referral coming from a .tv domain. ;)

I've just received a cialis comment spam. they've started using clis in their domain names, so in this case shorter keywords could help!

There is only one reported keyword with "clis" in it and it didn't come from your domain name. Reporting spammers should be step one, but it's not an obligation. The spam has to be longer than just 4 letters. Punctuation before and after? Like /clis. or .clis- perhaps?

I don't have a running version from before phoenix anymore, so I don't know the file you have to edit in order to locally ban shorter keywords. You can probably do it by using phpmyadmin to add it directly to your antispam table though.

The link was healthy.ho.com.ua/clis/ so in this case banning /clis would have helped?

nomad wrote:

The link was healthy.ho.com.ua/clis/ so in this case banning /clis would have helped?

Yes, and reporting it would help even more.

ho.com.ua has a couple of reports against it. By reporting what hits you, possibly including a bit of human vectoring to exclude the subdomain but include the dot, it gives us better information about what to ban.

Example: The only report with clis in it was a domain name followed by /clis - kinda like your spammer. I searched the database for that domain name and found 59 reports of that domain name slash something, some of them with 8 or 10 reporters, and all of them in the last two weeks. The domain name is now banned. Without the reports we don't know how widespread spam from any given domain name is, and therefore won't publish effective keywords.

I'm going to be up there with the banners and say I'd like to be able to ban full TLDs from posting comments, or doing anything else with my website. Here's my list, and I'd like to discuss the pros and cons of adding these spam-friendly TLDs to the global list:

.tv already mentioned in this thread, always spam
.info fortunately, that fits the 5-chars limit, and it's on the global list
.biz I honestly don't think there's a single legitimate business out there that uses .biz as it's primary TLD... the only legit businesses who have .biz presense did so to protect themselves from spoofing. A travesty on the scale of .info

The more that I work on the other TLDs I'd add (some of our Slavic CCTLDs are prime candidates), the more I think maybe this should be an RFE: Blacklist TLDs instead of a limitation on blacklist length.

I've posted this elsewhere but I don't feel like searching and linking, so check out your b2antispam.php file in your admin folder. In it you'll find a bit near the top that talks about "the thing you want to ban is too short" because it is less than 5 characters. All you have to do is - after following a tiny bit of logic - change the appropriate 5 to a 4 (or even a three if you're really brave). You can then locally ban short keywords. It won't hurt to report them, but we'll never publish such a short thing. At 4 you can locally ban ".biz". At 3 you can locally ban something like ".tv", but you could also go to 4 and ban ".tv/" and catch a heck of a lot of .tv spammers.

Another option for those who can is to use their .htaccess to ban the really short stuff. Search these forums and google what you learn to find out how to do that stuff.

BTW you never know when Tom Volderman, who might have www.tvolderman.com wants to link to you. .tv will ban that even though it's not what you wanted to ban. There's a reason for the 5 character limit!

I would also like know the steps to change the max size to 4, then i would ban the words 'free', 'rape', 'fuck', 'shit', etc, locally.

As i would not use those words in one of my posts, and i do not expect one of my users to use those words in a comment either.

And i think just with the keywords mentioned above, at least half the spam i get would then be gone.

"free" is a bad character string in a post or comment? It's a character string match - not a word match, so freedom would also be banned. As would shittake - a type of mushroom, or the statement "If you commit rape you should be executed". That's why punctuating the keywords matters - words are JUST words. Anyway I've no idea what file to look in for 1.6 and beyond, but for .9.* it's b2antispam.php.

In my wildest imagination right now I envision an antispam central system that is smart enough to say "this keyword has no punctuation and therefore will not be matched against comment text but it will be matched against URLs in comments and (of course) referer sources.

Good point about the word match.
I'll see about hardcoding a ban for ' free ' (with the spaces) somehow.
Or [ Special Character + 'free' + Special Character ] etc.

And when i have some time i'll look into changing the the limit for cvs versions of b2evo.

Spams really driving me crazy the last few weeks.