How to Build a Twitter Direct Messages Spam Filter in PHP

After my completely ironic article on “How to Become a Social Media Guru“, I thought it was best to come back down to earth with something practical! This article is an antidote to Step 2- Automated Direct Messages!

Do you ever get frustrated with the amount of Twitter direct message spam you get? It has been a constant issue for me. I was getting so many spammy direct messages each day that I was missing legitimate ones! You know the kind of ones I am talking about don’t you?…

• “check for fake followers, and more…”
• “funny picture of you…”
• “Get a chance to win…”
• “Help Yourself To This 100% Proven $30k Per Month…”
• “Hey someperson has been saying…”
• “join and follow me…”
• “please like my facebook page…”
• “rumour going around about you…”
• “somebody is saying horrible things about you..”.
• “Thank you for following,”
• “Thanks 4 following,”
• “X uses TrueTwit validation service…”

Need I get on? You get the picture!

Whilst I was building my first Twitter app, Twools, I suddenly realised that I could potentially write a simple app which could scan my direct messages for spammy phrases and delete them. I could then run this on a schedule (say every 30 mins) and I would no longer be drowning in spam!

Well, I have to say, since implementing this, I have radically reduced the amount of spam I have received and I never lose important direct messages any more.

But why keep this to myself? We’re all in this together after all. In this post I show you how you can build the same spam filter. This spam filter is built into Twools, but if you need something standalone then this is your app! This article might look a little technical, particularly if PHP code scares you. But please don’t be frightened- I still hope you’ll be able to take something from this article, and if this is something you’d like to use yourself, you can always use Twools.

Opt Out

But before I do, there are some quick and easy things you can do to reduce the amount of direct message spam you get. You can’t guard against DM viruses like the “somebody is saying horrible things about you” phishing attacks, but you can opt out of receiving automatic direct messages from services like SocialOomph. Since SocialOomph is one of the most popular auto DM tools out there, you’ll be cutting down on a lot of spam. Social Oomph go through the process step by step here.

Unfortunately there are many other services that people use to send automated direct messages like AutoFollowBack (now FollowerBlitz). Whilst some say they are building opt out services, there is still no way to stop receiving the spam.

Then there is the dreaded TrueTwit validation service. TrueTwit is a tool some people use that sends out a direct message to new followers. The direct message contains a link which is designed to check whether you are a human or not and so supposedly reduce the amount of bot or spammy followers. The problem is that TrueTwit effectively turns all its users into spam bots by forcing them to send out useless direct messages. The only way to opt out of receiving TrueTwit direct messages is by signing up to their Pro account. It doesn’t seem right, but I was desperate. I can confirm that I am a signed up user of TrueTwit Pro- although not to use their service as intended!

What You Need

As with Twools, I am using the server side language PHP. You don’t need to know PHP to run this script, but you do need a website or server that has PHP. You’ll also need to know how to upload the script- probably using an FTP programme.

Register Your App

Firstly you will need to register your app with Twitter. The only person who will be using it will be you and the app’s details will be stored in the script. Follow the steps in my How to Create a Twitter App in 8 Easy Steps and you’ll end up with these 4 keys:

• Consumer Key
• Consumer Secret
• OAuth Access Token
• OAuth Access Token Secret

Also, make sure you allow your app to access your direct messages. This app will need that!

Download the App

I’ve put the spam filter on github. You can have a look around here, or just download as a zip file here. There are two main files, the first is called TwitterAPIExchange.php. You won’t need to touch this. This is the magic PHP wrapper which helps us connect to Twitter’s API. The other file is called cleandm.php and is our little script that does the spam filtering. Open that up in your favourite text editor. Don’t worry if you aren’t used to this kind of thing it’s quite easy.

Add Your Details

At the top of the cleandm.php file you’ll see quite a few phrases that I have put in an array called $spamFilter. You can change some of these, delete some and add more. Just make sure you put them in double quotes and that you put a comma at the end.

// An Array of phrases for spam filter to delete direct messages
$spamFilter = array(
    "Brilliant ✓ Come here first ➜",
    "but checkout my videos:)",
    "check for fake followers, and more",
    "funny picture of you",
    "Get a chance to win",
    "Help Yourself To This 100% Proven $30k Per Month",
    "Hey someperson has been saying",
    "I started using this new app for my Twitter",
    "join and follow me",
    "like us on facebook",
    "please like my facebook page",
    "please like my FB page",
    "rumour going around about you",
    "somebody is saying horrible things about you",
    "Someone is making up a horrible",
    "Thank you for following",
    "Thank you for the follow",
    "Thanks 4 following",
    "Thanks 4 the follow",
    "Thanks again for the follow",
    "Thanks for connecting",
    "Thanks for following",
    "Thanks for the follow",
    "Thanks for the the follow",
    "Thanks so much for following",
    "Thanks so much for the follow",
    "Thx 4 the follow",
    "Thx for follow",
    "uses TrueTwit validation service",
    "Welcome  #my Friend#",
    "You can auto follow back",
    "You;ve GOTTA See this!"
	);

Once you’ve done this, you need to put your four keys that you saved from your Twitter app:

/** Set access tokens here - see: https://dev.twitter.com/apps/ **/
$settings = array(
    'oauth_access_token' => "YOUR_OAUTH_ACCESS_TOKEN",
    'oauth_access_token_secret' => "YOUR_OAUTH_ACCESS_TOKEN_SECRET",
    'consumer_key' => "YOUR_CONSUMER_KEY",
    'consumer_secret' => "YOUR_CONSUMER_SECRET"
);

That’s it!

Now, you’ll need to upload both these files to a directory on your website. For example /spamfilter/. Just run the script from your browser and the spam filter will do its trick.

Warning!

Of course, this script is very rough and ready and I don’t recommend running it exactly like this, at least not without knowing the risks.

Firstly, this script WILL DELETE YOUR DIRECT MESSAGES! I know that’s obvious, but make sure you are comfortable with this script deleting messages based on the keywords and phrases in the spamFilter array!

Secondly. the script contains your app’s keys in the clear. If a hacker were to get hold of these they could get access to your Twitter account. With this in mind, I would recommend that you put the script out of your public web directory. You could then run it on a schedule every 30 minutes or so. If you are interested, let me know in the comments and I’ll try and help you out here.

Thirdly, this script is put out here just as it is. It’s a simple yet rough and ready script that works for me. Only use if you are happy to accept the risks!

These points being made, I really hope it helps and that you end up being spam free!

The Script

As I said, I’ve put the spam filter on github here. You can also download the app as a zip file here.

Here is the full code here. Enjoy!

<?php

// An Array of phrases for spam filter to delete direct messages
$spamFilter = array(
    "Brilliant ✓ Come here first ➜",
    "but checkout my videos:)",
    "check for fake followers, and more",
    "funny picture of you",
    "Get a chance to win",
    "Help Yourself To This 100% Proven $30k Per Month",
    "Hey someperson has been saying",
    "I started using this new app for my Twitter",
    "join and follow me",
    "like us on facebook",
    "please like my facebook page",
    "please like my FB page",
    "rumour going around about you",
    "somebody is saying horrible things about you",
    "Someone is making up a horrible",
    "Thank you for following",
    "Thank you for the follow",
    "Thanks 4 following",
    "Thanks 4 the follow",
    "Thanks again for the follow",
    "Thanks for connecting",
    "Thanks for following",
    "Thanks for the follow",
    "Thanks for the the follow",
    "Thanks so much for following",
    "Thanks so much for the follow",
    "Thx 4 the follow",
    "Thx for follow",
    "uses TrueTwit validation service",
    "Welcome  #my Friend#",
    "You can auto follow back",
    "You;ve GOTTA See this!"
	);

/** Set access tokens here - see: https://dev.twitter.com/apps/ **/
$settings = array(
    'oauth_access_token'        => "",
    'oauth_access_token_secret' => "",
    'consumer_key'              => "",
    'consumer_secret'           => ""
);

// That's it for editing folks! Don't edit below this line unless you know what you're doing!
// ------------------------------------------------------------------------------------------

// Include the PHP Wrapper
require_once('TwitterAPIExchange.php');

// We need this 'multineedle_stripos' function for the spam filter...
function multineedle_stripos($haystack, $needles) {
    foreach($needles as $needle) {
        if(stripos($haystack, $needle)) {$found = 1; }
    }
	if($found != 1) {$found = false;}
    return $found;
}

// Let's get the URL for the direct messages in the Twitter API
$url = 'https://api.twitter.com/1.1/direct_messages.json';

// Let's scan the first 50 dms (you can change this if you like)
$getfield = '?count=50';

// Because we only need Read only access, we only need to do a GET request (POST requests are needed for writing- eg. creating a tweet)
$requestMethod = 'GET';

// Let's make that API Request. Are you ready?! The returned data from Twitter will be in JSON format. We're going to convert that into XML using the json_decode function.
$twitter = new TwitterAPIExchange($settings);
$string = json_decode($twitter->setGetfield($getfield)
             ->buildOauth($url, $requestMethod)
             ->performRequest(),$assoc = TRUE);

echo "<h3>Deleting Spam...</h3>";			
// Now we're going to cycle through each direct message and scan them for spam			 
foreach($string as $items)
 {
	// If the direct message contains text from our spam array, let's delete it
  	if(multineedle_stripos($items['text'], $spamFilter) !== false)
		{
			// Start our counter to check if there has been any spam deleted
			$i++; 
  			// Let's get the URL for the Twitter API for deleting a direct message
			$url = 'https://api.twitter.com/1.1/direct_messages/destroy.json';
			// Because we're deleting a direct message, we need to do a POST request...
  			$requestMethod = 'POST';
			// Let's get the id of the direct message we want to delete...
  			$postfields = array('id' => $items['id']);
			// Let's make that API request to delete the direct message. No going back now!
  			$twitter = new TwitterAPIExchange($API_settings);
			$do = $twitter->buildOauth($url, $requestMethod)
        			      ->setPostfields($postfields)
           	 			  ->performRequest();
			// Output the HTML to say we've deleted that tweet.
			echo "<strong>DELETE:</strong> ".$items['text']."<br />";
		}
 }
if($i<1) {echo "<p>No spam in direct messages found.</p>";}
?>