Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

[SOLVED] Block IP-address in Chronoforms V4

jo
jos-zeist 17 Dec, 2012
I have one (1) email address that is constantly spamming us and therefore I want to block the IP-address of the sender. On the forum I found a solution for a server side script to use in V3.
I tried to implement it but the IP address was not blocked.
Can you please tell me what the best way is to block a (and maybe also, multiple) IP-adress(es).
Gr
GreyHead 18 Dec, 2012
Hi jos-zeist,

You can do this with a Custom Code action in the On Submit event:
<?php
$banned_ips = array(
  '111.111.111.111',
  '999.999.999.999'
);
$ip_address = JRequest::getString( 'REMOTE_ADDR', '', 'server' );
if ( in_array($ip_address, $banned_ips) ) {
  $mainframe->redirect('http://www.ic3.gov/default.aspx');
}
?>

Bob
jo
jos-zeist 18 Dec, 2012
Thanks for the code Bob. Just to be sure: I put a "Custom Server Side"-event with this PHP code in the "On Submit"-field AFTER the (re-)captcha-event but before the Email-event and DBsave-event, correct?
Gr
GreyHead 18 Dec, 2012
Hi jos-zeist,

I'd probably put it before the Check ReCaptcha on the grounds that the sooner you kill the submission the better - but that's personal taste rather than necessity. But definitely before you do anything like Email or DB Save.

You can change the ReDirect URL too - that just one I found to put in the HoneyPot trap. It goes to the FBI spam reporting site.

Bob
jo
jos-zeist 18 Dec, 2012
Bob, after I put in this custom check the form would not be send, it just reloaded. As if it failed: in the fail box of this check I put a loop event (as a read elsewhere in a tutorial/how-to I believe). Attached is a screenshot of how my screen looks. Please advise.
Gr
GreyHead 18 Dec, 2012
Hi jos-zeist,

Sorry, I missed a ) in this line (now fixed).
if ( in_array($banned_ips, $ip address) ) {


Bob

PS There may be other typos !
jo
jos-zeist 18 Dec, 2012
Unfortunately that did not solve the problem Bob.
The form reloads and in the email box, the following text appears:
<script type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy78485 = 'jos' + '@'; addy78485 = addy78485 + 'aaaaaaaaaaa' + '.' + 'nl'; document.write('<a ' + path + '\'' + prefix + ':' + addy78485 + '\'>'); document.write(addy78485); document.write('<\/a>'); //-->\n </script><script type='text/javascript'> <!-- document.write('<span style=\'display: none;\'>'); //--> </script>Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken. <script type='text/javascript'> <!-- document.write('</'); document.write('span>'); //--> </script>
Translation of the message: This e-mail address is secured from spambots. Javascript needs to be enables to view it.
(Note: I replaced part of my email address with aaaaaaaaaaa)

This only occurs when I insert your code. So maybe there is indeed another typo. I do not have enough PHP knowledge to debug the code. So I hope you can give it another try.
Thanks in advance,
Jos
Gr
GreyHead 18 Dec, 2012
Hi jos-zeist,

Please see this FAQ

And I think I suggested that you put the code in a Custom Code action rather than a Custom Serverside Validation action. Unless that is you want to re-route your spammer back to the form to try again?

Bo
jo
jos-zeist 19 Dec, 2012
Back again Bob.
Now I put the PHP code in a Custom Code action which I put at the top of the On Submit field.
The form works again but...... it doesn't block the IP addres :-(
I tested this by entering the spammers IP plus my own IP address and I could submit the form, received an email and the database entry was done. So unfortunately it doesn't make a difference with or without custom code.

Any more thoughts?

Best Regards,
Jos
Gr
GreyHead 20 Dec, 2012
Hi Jos,

I think I got by code backwards :-( Please try changing this line 

if ( in_array($ip address, $banned_ips) ) {

I've updated my earlier post so all the code is there.

Bob
jo
jos-zeist 20 Dec, 2012
I had my hopes set high and was ready to toast with you.... but the code still does not prevent me from submitting the form. Despite putting my IP address in the array.
I hope you are not loosing patience with me and ask you to take another look, Bob.

Best regards,
Jos
Gr
GreyHead 20 Dec, 2012
Hi Jos,

Please take a Form Backup using the icon in the Forms Manager and post it here (as a zipped file) or PM or email it to me and I'll take a closer look.

Bob
Gr
GreyHead 21 Dec, 2012
Hi Jos,

Sorry another typo of mine :-(

I missed the _ in $ip_address. I fixed my first post again.

Bob
jo
jos-zeist 21 Dec, 2012
YES!! Now it works fine. Thanks Bob.
This topic is locked and no more replies can be posted.