{ 121 comments… read them below or add one }

James July 24, 2011 at 8:46 pm

Update 2.2.2 is uploaded, should be available shortly. This “should” fix the registration issue when running in network mode.

Reply

Shannon August 4, 2011 at 2:41 am

My security question is showing below the submit button, not above like on your site. How do I fix that?

Reply

James August 5, 2011 at 7:50 am

Scroll to the lower portion of the plugins settings in wpadmin, there is instructions on how to do this.

Reply

Sascha August 8, 2011 at 1:51 pm

Hey,

first off, I love this plugin.Simple, yet very effective.

Now to the problem: I edited the notice message in my admin panel and wanted to put in line breaks with html tags, since the description says “You can use html here.” I thought that wouldn’t be a problem, but in fact, it was, cause it doesn’t work, no matter how often I try …

After I hit the “Save Changes” button, the html just disappear in the text field and there are no line breaks.

Any idea why? Is this maybe a bug? Am I just stupid? :)

Reply

Jen June 12, 2013 at 12:37 pm

I had this issue as well (v.2.2.4). It removed the spans and ASCII encoded characters that I added. But I really like the simplicity of the plugin so I’ll just add the elements I need in the plugin files.

Reply

Sascha August 8, 2011 at 2:08 pm

Oh, btw, should’ve mentioned that in the first comment: Line breaks don’t work in the “Incorrect Answer Error Message” & “Empty Field Error Message” either. However, other html tags work, like making the text bold and stuff …

Reply

Dale August 9, 2011 at 5:52 am

Thanks for this :) We could not find a good and simple answer to comments spam bots and yours worked a treat and first time!

Reply

Nick Daugherty September 1, 2011 at 12:49 am

For those of us who use Multisite with a caching plugin… does this work using PHP or Javascript?

If a user gets served a cached page with an old math problem, will this still work?

Reply

Proffitt September 20, 2011 at 9:12 pm

Hi there – I installed and activated this plugin today, but I am still receiving TONS of spam constantly. Does it take any time to take effect?

Reply

Yael September 26, 2011 at 10:30 am

Works perfectly. Just one question though — the Security Question appears below my submit button. Is there a way to make it appear before the Submit button.

http://www.bethannerankinforcongress.com/blog/2011/08/shell-see-me-stand/.

Thank you. Yael

Reply

Mickey October 6, 2011 at 1:59 am

Has this exploit been patched yet?

http://www.exploit-db.com/exploits/17702/

Reply

James November 3, 2011 at 9:44 am

No, and to be honest it’s not a high priority for me right now. The exploit isn’t an exploit against this plugin, it’s a Wordpress exploit. I’ve talked to the Wordpress people and suggested some changes they make and I have some enhancements to add to the plugin from their feedback that I will get in there sometime. Right now I’m caught up in finishing a deliverable for the J.O.B.

Regardless, enhancing the plugin will not make the real vulnerability that exploit takes advantage of go away.

Reply

Just Me October 7, 2011 at 2:55 am

Has the bypass exploit been patched yet?

http://www.exploit-db.com/exploits/17702/

Thanks.

Reply

max October 14, 2011 at 5:20 pm

Is a there a way to remove the line “Security Question:” ??

I tried to erase only the text, but the empty line remains…?!

Thanks!

Reply

James November 3, 2011 at 9:37 am

Max, not without altering the code but that’s a great idea for an upgrade. For now, you can just comment out this line in the plugin file.
echo '

';


Should be around line 202.

Reply

Sarah December 1, 2011 at 11:44 pm

I installed this on a multisite, but it seems each site can set up their own settings. Is there a way to set the options once for the entire network?

Reply

Justin Alexander December 2, 2011 at 4:09 am

So, potentially bad news: This plugin took hundreds of plugins that were hitting my Akismet filter and killed them dead as a doornail. And they stayed dead for a long, long time. But starting yesterday afternoon, my spam filter has been getting slammed once again. I can only assume that somebody out there has cracked the plug-in and is auto-answering the math question.

Not sure what can be done about it, but I’m hoping somebody cleverer than I will be able to modify the plug-in so that it can go back to killing my spam problem.

Reply

Anders December 2, 2011 at 4:55 pm

A small question:

I have changed the value:
define (‘BSBM_NOTICE_MESSAGE’,'Udfyld venligst ovenstÃ¥ende’);

However it does not come through – it still displays.
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

I have gone around it by deleting:
echo $options['bsbm_notice_message'];
But can I do some kind of “refresh” instead?

Reply

Phil June 29, 2012 at 10:50 am

Where is that located anders?

Reply

Sky December 4, 2011 at 3:24 pm

Thanks for the Spam block plugin! I am using Plugin 2.2.2 which has been working until yesterday when some people managed to populated bunch of spams on my blog.

What could be the problem? Thanks.

Reply

James December 4, 2011 at 8:10 pm

It depends on how they got in there. If your using Akismet that should catch any that manage to get past the plugin.

Reply

Sky December 5, 2011 at 2:21 pm

Thanks, James. There are two or three random posts that full of garbage and mis-spelled words on some pages. I am currently not using payment required Akismet. Will have to find a free plugin similar to Akismet if any.

Reply

James December 5, 2011 at 5:50 pm

Sky, you can still get Akismet free. You just need a personal key and donate $0.

Reply

Sky December 7, 2011 at 2:54 pm

Thanks, James.

I’ve installed a free plugin named Growmap Anti Spambot yesterday. There are no spams this morning so far. Hopefully, my blog will be spam free with your plugin and Growmap Anti Spambot activated.

MC February 9, 2012 at 3:51 pm

In the settings fields that allow HTML, how do I code a link? The typical HTML link code doesn’t work. Thanks.

Reply

MC February 9, 2012 at 4:15 pm

And how about for multisites? Is there a way to apply it across the network or does it need to be activated on a site by site basis?

Reply

Blaise March 28, 2012 at 3:33 am

Hi ! I was just about to translate your plugin into the languages my blog is using when I noticed that version 2.2.3 is not quite “standard” as far as po/mo files are handled in wordpress… :-(
Were you by any chance looking for new possible enhancements ?

Reply

The Dude April 16, 2012 at 1:00 pm

The plugin has helped kill nearly 90% of spam, however, i am now starting to get some comment spam despite this plugin. I would suggest that authors of plugin extend/renew the options as the more popular it becomes, the more spammers will try to crack it.
But overall, thumbs up for the plugin authors. The plugin works great and i am a very satisfied user.

Reply

Tom April 23, 2012 at 6:21 am

Hello,
to begin with a praise to the good Captcha plug-in!

I have in addition, however, one more question:

If a visitor or member of my web page enters a wrong Captcha code, he is forwarded on an empty white page. I do not find this so good if visitors of the page are not any more on the real page and are not able in addition also any more about the ‘back-button’ back on the homepage!

How can I change this that the user is escorted after a wrong input again to the homepage or to the formular?

Greetings
Tom (Germany)
(Sorry for my bad english!)

Reply

Phil June 29, 2012 at 10:06 am

Can you remove the “IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)” all together? I just get a random yellow box

Reply

bbpress July 5, 2012 at 6:24 am

How to make this plugin work with bbpress forum plugin?

Like solving the maths question before submitting new topic or before replying to any old topic?

Please help
Thanks

Reply

Viklit July 15, 2012 at 2:41 pm

I would absolutely love this but am on blogger – darn it.

Reply

Jenn July 19, 2012 at 4:21 pm

Hello,

Thank you for such a fabulous plugin. I have a quick question – is there a way to manually add the code for the security check to the plugin WPTouch? It uses its own mobile theme. Thanks in advance!

Reply

jolly August 7, 2012 at 10:43 am

Hi – Can you help me to get the answer box for the math question to appear. I need to add a grey outline or background to it. I have tried turning off styling and on . Can you tell me which lines address the border and background in the bsbm.css to change to correct this.

Thank you so much.

Reply

Phil August 23, 2012 at 11:40 am

Hi James – Just a small suggestion (if you haven’t had this one before) but a lot of people tab to the next box while filling in forms.

On the log in screen with your plugin, the tab misses your question out and moves onto *Remember me

Thanks for the plugin – Phil

Reply

Gordon September 13, 2012 at 7:42 pm

Hi James,

Love your plug-in, but I have a couple suggestions.

1) You should not be storing the answer to the math question directly on the client page. Right now there’s a couple hidden INPUT boxes named “mathvalue0″ and “mathvalue1″ which contain the numbers. Very easy for a bot to figure out how to scrape that off the page and answer correctly.

Instead, store the answer in a session variable, which is stored server-side and inaccessible by a bot.

2) The actual math question itself should be obfuscated, the text “What is 6 + 14″ is plain enough that a semi-intelligent bot could see a blank input box below a textual math question and put two-and-two-together (pun intended!)

Instead, the plug-in should generate an image of the number – the act of generating the image should fill the session variable I mentioned in (1). This will make it much much harder for a bot to “scrape” the page. As a bonus it makes it easy to then have a “refresh” button beside the image that can generates a new question if the user desired.

You can throw some unique-IDs into the mix to prevent multiple simultaneous open tabs or windows from messing things up, although this would be a minor issue.

I’m working on this right now for my own site. If you’re interested in the code when I’m done, shoot me an email.

Reply

Gordon September 14, 2012 at 12:36 pm

James – I finished the code. I ended up using a salted hash for the answer instead of a session variable (that way there are no issues with multiple tabs etc.)

Also, I found and fixed a bug where the “BSBM_EMPTY_ERROR” and “BSBM_ANSWER_ERROR” error messages were reversed – look near line 325.

Can I send you the code? I can’t find you email anywhere on your site here.

It’d be nice to have this code already in the repository so when I install your plugin for future customers of mine I don’t have to manually modify it every time.

Reply

sky October 2, 2012 at 2:28 pm

Hi James,

Block Spam By Math has helped a great deal blocking those spams for quite some time. However, I’ve just found that there are 10-15 anti-aging cream spams on my blog today. Do you have any suggestions in blocking those annoying spams? Thanks.

Reply

Anas October 12, 2012 at 5:28 pm

Hello there,

Thank you for the plugin.

I am facing a couple of problems that could be related.

1) The question is placed below the submit button. I tried to change it from the settings that you provided but whenver I change it from the default the question disappears.

2) Another issue is that the answer field can’t be selected. In some browsers it would select with a double click and in others it wouldn’t at all.

Could the second issue be because of the first?

Would really appreciate your advice.

Thank you.

Reply

Robert Wilkins January 24, 2013 at 12:54 pm

Seems like an awesome plugin. For some reason, I’m using it on an ecommerce site and the math ? does show up on new user registration, but it is not showing on “login” form for existing members. I have it set to show up for everyone so maybe it just can’t work with this scenario.

Reply

Jacques Davis January 25, 2013 at 1:10 pm

James,

I love this plugin!

Could you please provide specific instructions to make this work with another wonderful plugin, “Contact Form 7″.

Reply

Nanako April 4, 2013 at 5:06 am

After update (3.5.1), Block-Spam-By-Math-Reloaded doesn’t work.

Reply

Kirsten April 11, 2013 at 9:34 am

I installed the plugin and this is not showing up in my theme at all. How can I manually add it?

Reply

nesthib April 14, 2013 at 6:16 pm

Hi!

It looks like in the version found on https://wordpress.org/extend/plugins/block-spam-by-math-reloaded/ the definition of the salt is erroneous. I had to replace the double quotes by single quote to prevent considering the salt as a PHP variable (“$2a$07$secretsaltstringASDFAS$” by default in the sources).

As the generation of the salt and the crypt fail, the hashed value is always “*0″ which allows any answer to validate the comment.

Replacing the double by single quotes is sufficient to solve the problem.

Reply

Douglas November 18, 2013 at 12:23 pm

Noted that the block spam by math is no longer showing up on the comment form. Did something change?

Reply

Leave a Comment

What is 3 + 5 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

Previous post:

Next post: