BobD Posted May 2, 2021 Report Share Posted May 2, 2021 Why am I constantly getting emails that the subject line starts with " Comments (Our Family History!)" then includes the Web address of my Family Tree, and finishes by trying to sell me something. This only started happening about a year ago. I mark them as SPAM in my email but since they come from all different email addresses, they continue to go to my inbox and they seldom go to my spam folder. Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted May 2, 2021 Report Share Posted May 2, 2021 Bob, You have to be more specific. What TNG version are you using, Which security meassures did you take to prevent spam, which security mods do you have installed? Do you recieve the spam mail via the mailsystem of your hosting provider or via another emailsystem? Do you have a screenshot of a spam email? You could check the link below to see if your emailaddress has been compromised. Have I Been Pwned: Check if your email has been compromised in a data breach Kind regards, Rob Quote Link to comment Share on other sites More sharing options...
Chris Lloyd Posted May 2, 2021 Report Share Posted May 2, 2021 Are you using any spam control on your contact page? Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted May 3, 2021 Report Share Posted May 3, 2021 Hi Chris, Since many genealogists have the personal data of living people in their databases they must take meassures to mitigate the risk of that specific data being compromized. I'm not using any specific spam control on my contactpage. I do however apply several meassures to mitigate the risks of recieving spam and theft of my data. To achieve this I have implemented meassures within TNG, my hostingprovider, my FTP server, my email client and within windows itself. In general: I use strong passwords and change them from time to time I use a password manager (in my case BitWarden but there others that are good too (internet provides several sites that do a comparison between password managers) TNG: I use https// My site is open to registered users only. I use recaptcha V2 I customized my Index.php to open with the login.php. I use robots.txt to tell bots not to crawl my website I use the bot-trap mod to keep bots out that don't comply with the robot.txt settings. I can reccomend this mod for it really helps to keep bots out. I use a dedicated email account for my genealogy related email (email client hosted via my hostingprovider) I customized my .htaccess file denying certain DNS from accessing my site (i.e Deny from 80.248.225.154) I use the Password Generator by Michel Kirsch to generate strong passwords for myself and my users Hostingprovider: My genealogy related email is handled via my hosting provider who uses several spam filters to protect my email account. FTP server: See the link How to secure an FTP Server or SFTP Server: 8 essential tips (cerberusftp.com) to read about securing your FTP server. Email client: All other email is handled via my Internet Service Provider (ISP) who uses sevaral spam filters to protect my email account. Within Windows: I custimized my hosts file to blacklist several DNS (i.e. 0.0.0.0 006.free-counter.co.uk and many more) and locked the hosts file from being hijacked. EDIT: I use Duckduckgo as my search engine, Malwarebytes and Ghostery to upgrade my browsing security. I always empty my browser cache when I close my browser. So I take quite a few meassures in trying to keep my data and the data of my users safe. Is it enough? most likely not but the least I can do is try is to keep my doors closed. Kind regards, Rob Quote Link to comment Share on other sites More sharing options...
Katryne Posted May 3, 2021 Report Share Posted May 3, 2021 Hello Rob ! Could you give us the content of your robot.txt, please ? Quote Link to comment Share on other sites More sharing options...
Rob Severijns Posted May 3, 2021 Report Share Posted May 3, 2021 (edited) Hello Katryne, My robots.txt looks like this: User-agent: * Disallow: /bot-trap Disallow: / The bottrap line is placed by the bot-trap mod. A lot more info on robots.txt can be found via the link below. Robots.txt EDIT: The fololowing link gives a lot of info on security and TNG too. Security Rob Edited May 3, 2021 by Rob Severijns Added an extra link on security Quote Link to comment Share on other sites More sharing options...
Katryne Posted May 3, 2021 Report Share Posted May 3, 2021 Merci Rob ! I had already the bot-trap line. I added the 3rd line. Quote Link to comment Share on other sites More sharing options...
Roelj Posted May 3, 2021 Report Share Posted May 3, 2021 After reading this discussion i have tried to install the bots-trap.mod, but i fails. Obvisiously because i have placed the config-files and mods outside the TNG-root. Clicking on the "Run Checks"-button gives a 404-page error, because it is not linking to my mods. I tried to contact the mod-author, but his website is not reachable. Would anybody know how i can modify the mod-file to make it work? Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 8, 2021 Report Share Posted May 8, 2021 the run check button runs the program mods/bot-trap_v12005/bt_check.php which means "TNGRootFolder/mods/bt_check.php" if your mods folder is outside the TNGRootFolder, the program is not found. Try to modify the cfg file : replace : window.open('mods/bot-trap_v12005/bt_check.php','_blank') with window.open($modspath/bot-trap_v12005/bt_check.php','_blank') the program will run. BUT ! The bot-trap folder is created at ../../bot_trap which means "above/above/" mods folder and In your case, probably out of the site's scope... The author uses old code with ../ notation in place of TNG facilities as $tngpath, $modspath, etc... I don't understand why you hide your mods folder...? The best you can do is to move your mods folder to its original place... Michel Quote Link to comment Share on other sites More sharing options...
Ken Roy Posted May 8, 2021 Report Share Posted May 8, 2021 Michel, The Bot-Trap mod needs serious updates. Someone who better understands web servers need to help update this mod. Changing the cfg file to use $modspath does not resolve all issues with this mod. The run check fails with several PHP errors because the bt-check.php module cannot find the TNG files. 1 hour ago, Michel KIRSCH said: I don't understand why you hide your mods folder...? As to renaming the mods folder, it is a valid TNG approach to prevent others from access folders on one's web site. Quote Link to comment Share on other sites More sharing options...
Roelj Posted May 8, 2021 Report Share Posted May 8, 2021 Thank you both Ken and Michel for the answers. As Ken allready wrote it is a suggetion that TNG makes to store some files outside the TNG-root. So i have created a tng_config folder outside the public html where all config-files are stored. i have also created a tng_data folder which includes backups, extensions, gedcom, gendex and mods. It works fine with all TNG-functions and with all other mods that i have installed. Roel hhtps://roeljongman.nl Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 8, 2021 Report Share Posted May 8, 2021 1 hour ago, Ken Roy said: The Bot-Trap mod needs serious updates OOOOhhh Yes ! Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 8, 2021 Report Share Posted May 8, 2021 5 hours ago, Ken Roy said: As to renaming the mods folder, it is a valid TNG approach to prevent others from access folders on one's web site Renaming the mods folder is one thing. Moving it is another thing. If code must be running from this folder (and it is the case of bot-trap), the program has no way of knowing where it is installed and where the tngroot is... The program can not access the config.php to know in which folder it stay... Michel Quote Link to comment Share on other sites More sharing options...
Roelj Posted May 8, 2021 Report Share Posted May 8, 2021 I do not have enough programming knowledge, but the only thing i can say is that all other mods (44) that i have installed, just work fine with my configuration. The path to the mods folder is defined in the config.php which is reached by the subroot.php. Roel https://roeljongman.nl Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 8, 2021 Report Share Posted May 8, 2021 I understand Roel, but i think bot-trap is the only one which create a subfolder in the TNG root and use program files that are stored in this subfolder. If the mods directory is not in the TNG root, the program can not see where it stay... I test some solutions to let it work in these conditions, but nothing found...(except saying bot-trap what's the name of the TNGroot directory before it installs) Sorry Michel Quote Link to comment Share on other sites More sharing options...
Roelj Posted May 8, 2021 Report Share Posted May 8, 2021 Ok. Fair enough. I will think about my possibilities: move the mods bacj to the TNG-root or not use the bot-trap-mod Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 8, 2021 Report Share Posted May 8, 2021 OR recreate a subfolder "mods" in the TNGroot, extract the bot-trap zip in it and proceed to a manual installation... Michel Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 8, 2021 Report Share Posted May 8, 2021 maybe a solution : - recreate the mods folder in yout tngroot - change the name of the mods folder in your settings to this new mods folder - extract this version 6 (the same as the 5 but without error message when running the check) - install the mod via the mod manager (don't be afraid : Mod Manager will show that you have only one Mod !) - adjust your preferences in the Mod with the Edit options (mail,etc..) - REset the name of your mods folder in your settings I think this will be OK, but you have no more access to the settings of this mod. To uninstall it, you must follow the same procedure... Michel bot-trap_v12.0.0.6.zip Quote Link to comment Share on other sites More sharing options...
Roelj Posted May 9, 2021 Report Share Posted May 9, 2021 Unfortunally this solution did not work. I did as you described and tried to install the mod. The run checks worked fine now but then i got the message 'unable to install' See screenshot below. Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 10, 2021 Report Share Posted May 10, 2021 Roel, the install program search for the line User-agent: * in your robots.txt file, but doesn't fint it. look in this file, maybe is it one space too much or too less in this lines, or it doesn't exists... the file exists, it is verified. Michel Quote Link to comment Share on other sites More sharing options...
Roelj Posted May 12, 2021 Report Share Posted May 12, 2021 This was indeed the problem. It works now. Quote Link to comment Share on other sites More sharing options...
Michel KIRSCH Posted May 12, 2021 Report Share Posted May 12, 2021 OK Roel. Michel Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.