Jump to content
TNG Community

Blocking emails or IPs


Chris Lloyd

Recommended Posts

Chris Lloyd

I have a couple of persistent spammers who are signing up for user accounts and although I can easily delete them (I am deleting their requests several times per week) I would like some way of blocking their email addresses or their IP from accessing my site.

Any ideas please?

Link to comment
Share on other sites

Chris Lloyd
14 hours ago, Ken Roy said:

Chris,

Install the No Captcha reCAPTCHA Add-on  The hooks for captcha have been in TNG since TNG v6 and this mod will be part of TNG v12

Tried it Ken but for some reason I only get the recaptcha input. Click continue and it comes back to the input box.

Will have to revert to 'normal' however since my first post 14 hours ago I have had the same 2 applying for user accounts!

Link to comment
Share on other sites

Chris,

I would report this problem to Bryan Larson using the Contact Mod Developer links.  This is the mod which was incorporated into TNG v12, so if there are issues with it, they need to be resolved soon, since TNG v12 is about to come out.

Link to comment
Share on other sites

I sent a message to Bryan and the TNG v12 beta testers list.  I don't use that mod, but rather use the Image Captcha Mod which uses the same TNG hooks for new registration, contact us, and suggest.

Link to comment
Share on other sites

Michael,

You should be able to continue to use your preferred captcha mod in TNG v12. 

You will need to rename the distributed TNG_captcha.php file to something like TNG_captcha_v12.php or something like that in order to get any of the other captcha mods installed.

Link to comment
Share on other sites

Actually, the TNG hooks for captcha have been there since TNG v6.  TNG v12 is the first time that TNG will actually provide a TNG_captcha.php file.

In order to install a different captcha than the one provided, you will need to rename the distributed TNG_captcha.php file, so that the mod you want to use will install.

In order to use the distributed captcha version you will need to request the keys, unless you are already using the No Captcha reCAPTCHA Add-on in which case you will have the keys but will need to save them in the TNG Setup > General Settings

Link to comment
Share on other sites

On 4/27/2018 at 7:58 PM, Chris Lloyd said:

Tried it Ken but for some reason I only get the recaptcha input. Click continue and it comes back to the input box.

Will have to revert to 'normal' however since my first post 14 hours ago I have had the same 2 applying for user accounts!

Hi Chris,

I was the original developer of that mod which has been integrated into TNG V12. The issue you describe has been reported before by a small number of users. It appears to be related to server configuration, but I have not been able to pin it down yet. I have reported this to Darrin, but I don't know if he has done anything with it either. For the purpose of identifying the problem a little better, could you tell me who your host is?

Thanks,

Bryan

Link to comment
Share on other sites

Chris,

I have done some research and may have a solution to the problem with my Captcha mod. Would you be kind enough to test it for me? I need to test it on a site that is affected by the issue you described.

Please replace:

global $currentuser;
if ( $currentuser || $_SESSION['passedcaptcha'])
	return;

with:

ini_set("allow_url_fopen", 1);

global $currentuser;
if ( $currentuser || $_SESSION['passedcaptcha'])
	return;

near the top of TNG_captcha.php in the No Captcha ReCaptcha add-on.

 

Please let me know if this resolves the issue for you. If it does, I will let Darrin know so he can update it for the TNG V12 package.

Thanks,

Bryan

Note: Thanks goes to Oliver Schwabedissen for pointing me in the right direction.

Link to comment
Share on other sites

  • 2 weeks later...
Chris Lloyd
On 5/2/2018 at 9:22 AM, bsl20b50 said:

Please let me know if this resolves the issue for you. If it does, I will let Darrin know so he can update it for the TNG V12 package.

Thanks,

Bryan

Note: Thanks goes to Oliver Schwabedissen for pointing me in the right direction.

Thanks Bryan

Been away for a few days - will try this edit over the weekend and get back to you.

Cheers

Chris

Link to comment
Share on other sites

Chris Lloyd
On 5/2/2018 at 9:22 AM, bsl20b50 said:

Chris,

I have done some research and may have a solution to the problem with my Captcha mod. Would you be kind enough to test it for me? I need to test it on a site that is affected by the issue you described.

Please replace:


global $currentuser;
if ( $currentuser || $_SESSION['passedcaptcha'])
	return;

with:


ini_set("allow_url_fopen", 1);

global $currentuser;
if ( $currentuser || $_SESSION['passedcaptcha'])
	return;

 

Hi Bryan

No joy with the change . I have cleared my cache etc as well but get the following on the contact us page:

image.png

and then it reverts to the I am not a robot after checking the box. Get the same on the register for account.

Cheers

Chris

Link to comment
Share on other sites

  • 5 weeks later...

One of the ways I use to stop spam, is to remove all links from the index page.

Send a form instead of using "href=" links... You can check my site: https://xerxx.se/ - lots of links but that's only what they look like.

I suspect that "form-URLs" are collected by spiders and they don't find these "links" as there's no href to follow. I have had one spam application during all these years.

(At another site we have had two "Advertise here" pages fully open for anyone for several years. Not a single spam ad so far... No "real" link go there)


Here's the how-to if you're interested:


1. Create a .css class in mytngstyle.css:

/* Class for form-links */
/* These "links" open a page by sending a form instead of a http-link */
/* Add special text-styles if your links are styled */
.formlink {
    text-decoration: underline;
    cursor: pointer;
    color: #000066; /* Whatever your default link colour is */
}
.formlink:hover {
    color: #660000; /* Whatever your link hover colour is */
}


2. Create a JavaScript function and a form in index.php - place it inside a html block, almost anywhere:

<script type="text/JavaScript">
function openPage(page) {
    var f = document.getElementById('pageform');
    f.action = page;
    f.submit();
}
</script>

<form id="pageform" method="post" action="#"></form>

If you want these links on all pages, I think you can place the above in the footer.php file too, immediately before or after the line <hr size="1" />

 

3. Create the "links" in index.php. Basic format is:

<span class="formlink" onclick="openPage('XXXXX');">YYYYY</span>

XXXXX: Inside the single-quotes is the name of the page/script and all necessary parameters.

YYYYY: Here is the text you want for your link.

As an example, this line in index.php

echo "<li><a href=\"surnames.php\">{$text['mnulastnames']}</a></li>\n";

is changed into:

echo "<li><span class=\"formlink\" onclick=\"openPage('surnames.php');\">{$text['mnulastnames']}</span></li>\n";

For, f.ex, a person you add parameters like this:

echo "<li><span class=\"formlink\" onclick=\"openPage('getperson.php?personID=I1249&tree=tredNr2');\">{$admtext['father']}</span></li>\n";

 

Some clever Search-&-Replace could do it, I guess (I use a totally customized index myself).

Of course you can use it on single links - like the Contact link.

 

Just my USD 0.02

Erik

 

EDIT PS: To remove all links from the index page is a good way to stop spiders from crawling your tree as they find no "entrance" from index.php...

Edited by XerxX
Added PS
Link to comment
Share on other sites

Michael, I think that's not an easy task: There are 18 templates...

But you can start, after you have saved your original index.php, by just copy-&-paste the css-class (first code-snippet) to your mytngstyle.css and the function and form (second code-snippet) to your index.php - immediately before or after the <hr size="1" /> at the bottom of the script.

Then try to edit a link like I showed above (the bold parts are to be replaced):

echo "<a href=\"surnames.php\">{$text['mnulastnames']}</a></li>\n";

The part

<a href=\"

is replaced by

<span class=\"formlink\" onclick=\"openPage('

(note the singlequote at the end). The part

\">

is replaced by

');\">

(note the singlequote at the beginning). And finally the part

</a>

is replaced by

</span>

Save, clear your cache and test.

The colours of the link may not be the nicest. Your original colours may be found in templatestyle.css, or if not then in genstyle.css (in your [root/]css drawer).

If you want the underline to appear on hover; simply move the line

text-decoration: underline;

to the .formlink:hover part.

 

Good luck!

Erik

EDIT: Sorry! Shouldn't hi-jack this thread. Starta new one if you want to discuss what I wrote.

Edited by XerxX
Link to comment
Share on other sites

  • 8 months later...

Replying here because I'm not sure where else (other than start a new topic) would work.  Same question - block IP address - but different problem.  For the public area of my site, someone is going through individuals and clicking on "Suggest" and then submitting fictitious names and email addresses then using the "description of proposed changes" to list various websites.  

Any ideas on how to prevent someone (or some THING) from doing this is appreciated.  There is no "captcha" associated with making proposed changes.  I know I could limit access by requiring everyone to get a user name and password but I really don't want to do that.

Thanks in advance 

Link to comment
Share on other sites

2 minutes ago, LJLachance said:

There is no "captcha" associated with making proposed changes. 

Captcha has been available in TNG since TNG v6, but until TNG v12 you needed to install one of the captcha mods.  With TNG v12 you need to either use the provided Google reCaptcha by saving the keys in the correct Admin > Setup > General Settings area or install one of the other mods.

Captcha in TNG is available for New User requests and for Suggestions and Contact Us.  I personally use the Image Captcha mod

Link to comment
Share on other sites

Ken, thanks for the detail on captcha which I could install.  I think if would be far better if suggestions were only allowed for registered and logged in users.  Is this a possibility?  There's really no need for the general public to suggest changes to anything because if they've gone that far, they must be related and might as well become a registered user???

Or, would there be a way to restrict/prohibit the use of url's in the comments area?

Thoughts?

Larry

Link to comment
Share on other sites

Larry, Just my personal opinion and it is your site but if you prevent suggestions from the general public, and allow only suggestions from logged in users,  then you might loose valuable clues... I say this because i make suggestions correcting entries in peoples trees and pointing them to the appropriate documentation all the time and while we might have common relations, they are usually not close enough for me to want to register on the respective site as it is just another password i have to remember and i usually stumble on these pages while searching for clues... Jim 

Link to comment
Share on other sites

I agree with Jim.  I chose to allow visitors to surf my site without a user name and over the years got value corrections and additions from others.  My Roy ancestor only had one son who got married 3 times and had 19 children, 18 of which have descendants to today, since we are talking of the late 1600s and early 1700s there is no way that I know all current branches

Logged in users who are granted the submitter role can enter corrections on the site which need to be approved before they are posted.  I use that approach since my master database is on my laptop, so it needs to be updated with the changes made by submitters.

Link to comment
Share on other sites

To both Jim and Ken - I DO like the idea of having people being able to suggest changes, logged in or not.  And I use Ken's method of registered users submitting changes as well but, someone is out there typing in data with urls for various sites.  Of course I'm the only one getting it so it's not a tremendous issue. If they are taking the time to type these things then I believe they'd take the time to enter a captcha code as well.  Then again, maybe bots are smart enough these days to fill in a name, two emails and a comment and press send... 

Maybe I'll just go ahead and put captcha on the suggest change dialog and see what happens.  It would be nice to be able to block specific IP addresses from the site in general.  Or maybe I'll just find the address and block it at the server level.

Anyway, thanks for the thoughts, much appreciated.

Larry

Link to comment
Share on other sites

  • 3 weeks later...
On 2/18/2019 at 4:57 PM, Ken Roy said:

Captcha has been available in TNG since TNG v6, but until TNG v12 you needed to install one of the captcha mods.  With TNG v12 you need to either use the provided Google reCaptcha by saving the keys in the correct Admin > Setup > General Settings area or install one of the other mods.

Captcha in TNG is available for New User requests and for Suggestions and Contact Us.  I personally use the Image Captcha mod

Thanks for the info. That mod works great. Hope it stops the spam emails. I even changed the email address and that did not even stop for one day.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...