Blocks blog spam

Sblam! — installation


Find a script on your website which is reponsible for receiving form data and include sblamtest.php in your script:

include_once "sblamtest.php";

Within your script find the code that checks for validity of the input data, and insert the following lines after that code. The point is to check the post before saving it to a database, but only after it's been verified to be correct and complete as far as your website is concerned:

$result = sblamtestpost();

Result is a number:

  • 0 signals an error. Post has not been checked.
  • 2 signals a certain spam, which can be deleted without hesitation.
  • 1 signals a probable spam (which you might want to queue for moderation).
  • -1 signals a probable non-spam (as above)
  • -2 signals a certain non-spam, which can be safely published.

Do not try to send spams for testing! If you send spams convincig enough the filter will take you for a spammer and block your IP! Read testing section on this page first.

The simplest implementation is:

if ($result > 0) {
  die('<h1>Sorry! Our spam filter has mistaken your post for spam!</h1>
  <p><a href="'.sblamreporturl().'">Report an error</a>.</p>');

You can assume that when anyone reads your spam message, the filter was mistaken. The sblamreporturl() funtion returns a unique URL, where the user can report the false positive.

Unusual field names?

If your form uses unusual field names (usual are text, author, email, url), you should specify them. NB: pass only names of the fields, not their content (script will read content from $_POST automatically).

<input type="text" name="thenick">

Order of the fields is: text, author's name, e-mail address given by the author and link to their homepage. Insert NULL if a certain field is not present on your form.

$result = sblamtestpost(array('commentos', 'thenick', 'eemail', 'wideweblink'));

Please note that field names are given in array(), and not as separate function arguments.

Additional JavaScript

You're not required to place this JavaScript on your page, but if you do, filtering will be more accurate.

Location of the script in the code is quite important. The script must be placed directly after the closing tag of the form (</form>) which you want to have filtered:

<form action="…" method="post">…</form>
<script src="/sblam.js.php"></script>

Correct the path to /sblam.js.php if your site does not have it's own domain or you're going to place Sblam! files somewhere else than in the root of your site.


Do not send spams for testing! If you send spams convincig enough the filter will take you for a spammer and block your IP!

To test whether blocking works, send "to jest test spamu". This is a special text (meaning it's a spam test in Polish) that causes Sblam! to return 1 without blacklisting its sender.

If the text "to jest test spamu" does not cause the message to be rejected as spam, then probably Sblam! cannot figure out names of fields in your form. See unusial fields above.

To check accepted posts, just send some usual text or copy a previous non-spam post.