Forums

Hi there,

I've been getting some weird entries from my chronoform appearing both by email and in the mysql db table. I've tracked this down to "content spamming" by an IP already listed on the projecthoneypot website.

This is the first set of forms I've put online, and I'm looking for some help in preventing further attacks. It's not really causing a huge problem in the website, but it has very much scared the content manager for the site.

Can anyone give any guidance on how to prevent Content Spammers without making the form more difficult for my very untechnical members? I'd prefer to steer clear of image verification if possible.

Thanks!
Jim

Hi Jim,

You could try installing sh404SEF and using the Project HoneyPot filter - it also has an IP blacklist facility. You need to install sh404SEF, turn on Extended Display, then go to the sh404SEH Config | Security tab

sh404SEF is from extensions.Siliana.com - the J1.5 version is still in beta though so tread gently.

Bob

Thanks for the quick response as ever!

I've actually just moved away from sh404sef on the advice of Max, as I was getting some file not errors in my apache logs!

You've pointed me in the right direction though, as it seems there are some joomla plugins that specifically block addresses from projecthoneypot.

I was pretty surprised to find we have been hit so soon, as this is a very low traffic site. 😟

Regards,
Jim

Hi Jim, you don't have CAPTCHA turned ON ? what may help you, an IP black list in per form will help ?

Hi Max,

no, I'm not using CAPTCHA. My user base is basically IT illiterate 😶 , and I've had to make things as idiot proof as possible. An IP blacklist seems to be the best way to go, although I've also considered making the form visible to registered users only, but most of the users haven't created an account yet.

The Joomla extensions directory has 2 possible candidates in "Bad Behaviour Plugin" and "HTTP:BL Plugin". These both appear to use updated blacklists to deny access to spammers.

Jim

Hi Jim, I can't understand, why don't you enable Chronoforms core captcha ??

Hi Jim, I can't understand, why don't you enable Chronoforms core captcha ??

This is basically a case of not trying to push the users too far too quickly.
Before I took over development of the website, they were submitting results on postcards, and sending them through the mail. I need to keep things as simple as possible for my particular set of users, as they are a varied bunch of people in a rural area. 75% of the league members don't even have a pc, so its been a struggle to get things as far as I have! 😀 Some of the teams don't have any Internet access between them, so we have to input results for them. 😲

Ok, IP blacklist feature will need some coding and many changes to the component, we can go another way which will not be very flexible, what about the IPs, are they too many ? they have some range?

Hi Max,

don't change the component on my behalf! 🤣

The conclusion I've come up with is to give the league secretary 3 choices:
1) Do nothing:
The bad results aren't that frequent (yet) and they aren't causing a big problem

2) Use graphical "capcha":
Members will need to type a number from on the screen

3) Move form to REGISTERED area:
Members will need to register on the forum AND login to the site before they can post results.

4) Install one of the anti spam packages from the Joomla Extensions Library:
This could slow the web site down even further, and I've already got some performance complaints to talk over with the hosting provider.

Thanks again for your advice on this one.
Jim

No problems, I wish she will like one of them!

Best regards

Max