search

zero-24 / plg_contact_antispamextended

This Joomla Plugin implements an additional Anti-spam Protection Layer to your Joomla Contact Forms
3 stars 0 forks source link

black and Whitelists #2

Open daestx opened 6 months ago

daestx commented 6 months ago

Hi Tobias, first I'd like to thank you for this Joomla extension. Currently the webpage of our society is flodded by spam mails we usually receive via the contact form. Since usually the attacker hides his personal IP by a Tor exit node, I was already thinking of blocking exit nodes from accessing the webpage.

Anyhow, I did found your Extension and it looks promising. After installation I activated the Plugin when searching for "AntiSpamExtended" in the list. I found the entry fields for the Blacklist and added some comma separated words to be filtered. But I have some questions now: 1) Is there a limit of how many items i can put in? 2) can I use wildcards such as dream* at it will filter for dreamsex as well? 3) Is it possible to use a standard list from an external text file? 4) When the plugin identifies a word from the blacklist, it will show a 403 error. Would it be possible to redirect to another webpage instead?

On top, I found out that if the message contains just one word, which is also part of the blacklist, The contact form is not blocked.

Any response is highly appreciated. Thank you.

zero-24 commented 6 months ago

Hi,

  1. Is there a limit of how many items i can put in?

Not a limit set by me but by the field length of the database field where the settings are stored. So it depends on the length of the words you put in there, in the end its also not something i can extend easily as I'm using the core default settings here.

2. can I use wildcards such as dream* at it will filter for dreamsex as well?

There is no need to add the asterics to it. You can put in "dream" and that will filter "dreamsex" already.

3. Is it possible to use a standard list from an external text file?

What do you mean by that? Do you have an example?

4. When the plugin identifies a word from the blacklist, it will show a 403 error. Would it be possible to redirect to another webpage instead?

As of now not within my plugin but you can redirect the 403 message to another page? Would that solve your issue?

On top, I found out that if the message contains just one word, which is also part of the blacklist, The contact form is not blocked.

Can you show me an example? On a quick look it seams to be that an text will be blocked in such cases but maybe I missunderstand something? https://github.com/zero-24/plg_contact_antispamextended/blob/master/antispamextended.php#L165-L168

daestx commented 6 months ago

Hi, so thanks for the response. Here some additional info for:

3: I don't know if there is a defined standard, but as an example I found this as a block list: https://github.com/fedmich/WordPress_Blacklist/blob/master/comment-blacklist.txt

4: The use case could be that I could give some feedback or redirect to some funny external site. In case of a generic 403 redirection, I cannot identify what was the root cause. I mean was it just a mistake or broken link or a spammers attack.

5 Here some examples:

  1. I put http on the blacklist, because usually spammers try to include links in the content. This one was not filtered

Check out these very best methods for Internet site advertising: [url=https://telegra.ph/Prodvizhenie-sajta-ssylkami-Seo-prodvizhenie-557938-12-05]https://telegra.ph/Prodvizhenie-sajta-ssylkami-Ssylochnoe-prodvizhenie-sajta-223264-12-05[/url].

From your response, I'd expect that https is then filtered as well.

  1. I put "sex" on the blacklist, and then used this single word in the content. This Contact form message was not blocked as well.

By the way, are you filtering both, subject and content?

zero-24 commented 5 months ago

Sorry for the late reply.

3: I don't know if there is a defined standard, but as an example I found this as a block list: https://github.com/fedmich/WordPress_Blacklist/blob/master/comment-blacklist.txt

That list could be added manually as comma seperated list. An upload itself is not aviable.

4: The use case could be that I could give some feedback or redirect to some funny external site. In case of a generic 403 redirection, I cannot identify what was the root cause. I mean was it just a mistake or broken link or a spammers attack.

Right now I'm just issuing an 403 without any redirect. So you could use the error.php of the template to do your redirects when you wish. I could also add an redirect URL too not sure whether thats needed.

I put "sex" on the blacklist, and then used this single word in the content. This Contact form message was not blocked as well.

I can not confirm that, just to be sure do you have enabled the plugin there? And when you have more than one item for the list you would need to add a comma seperated message.

By the way, are you filtering both, subject and content?

Both also the custom fields when you have any in the form and also only for the core com_contact form when you are running an non-core contact form where the onValidateContact event is not triggered my plugin is not triggered.

zero-24 commented 5 months ago

I put http on the blacklist, because usually spammers try to include links in the content. This one was not filtered

image image

On my end that has been blocked.

From your response, I'd expect that https is then filtered as well.

Yes.