#30762 – Anti-spam Bad Words import

Posted in ‘Akeeba Admin Tools for Joomla!’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Wednesday, 09 January 2019 10:29 CST
Hello, per some other ticket I read you can export and import a list of bad words. Is there some instructions for this? I don't see anything on the page. https://www.akeebabackup.com/documentation/admin-tools/waf-bad-words.html

Thank you
Custom Fields
Joomla! version (in x.y.z format)
3.9.1
PHP version (in x.y.z format)
7.1
Admin Tools version (x.y.z format)
5.2.1
Edited by DaveOzric on 2019-01-09 16:29
 
Wednesday, 09 January 2019 10:32 CST
Additionally, is it possible to block a URL in a web form with AT? Most spammers add some link to the form.
 
Wednesday, 09 January 2019 10:48 CST
Under Export Settings you could select only the Bad Words and leave the others set to No. That would allow you to export only the bad words and import them into another site.

If I understand you correctly, if you add the URL as a bad word that should prevent it being used in a form.




Dale L. Brackin


Support Specialist






English: native






Please keep in mind my timezone and cultural differences when reading my replies. Thank you!






Wednesday, 09 January 2019 10:53 CST
Oh, I see it's a global export. Thanks

No, I am trying to figure out using any method of how to block a user from entering a link or url into a form. Not related to bad words. Is there some way to do this with AT? Most spam has some link in it that they enter the form message. Blocking this like a bad word would solve a lot of problems. In theory at least.
 
Wednesday, 09 January 2019 11:00 CST
The URL is the bad word. Add "www.cnn.com" to your bad words list and it becomes banned.




Dale L. Brackin


Support Specialist






English: native






Please keep in mind my timezone and cultural differences when reading my replies. Thank you!






Wednesday, 09 January 2019 11:06 CST
That's just silly, how can I add every link including tiny url, etc. to this list. Can something like http:// be used or is that too broad? wildcard perhaps, http://*

Surely there must be a different way, lets not think bad word filter but some other feature of AT.
Edited by DaveOzric on 2019-01-09 17:06
 
Wednesday, 09 January 2019 12:22 CST
Ah, now I get it. When you said you wanted to block a URL, I was thinking of a specific URL, not just a URL in general. You're right of course, you can't put everything possible in the bad words list.

Using http/https would frustrate legitimate users who put in an address and include the protocol. I can't think of any way to do it but there are many clever things that can be done with Admin Tools. I'll check with Nicholas and Davide in the morning to see if they can suggest anything. They are both gone for the day by now.




Dale L. Brackin


Support Specialist






English: native






Please keep in mind my timezone and cultural differences when reading my replies. Thank you!






Wednesday, 09 January 2019 12:24 CST
Thanks, much appreciated.
 
Thursday, 10 January 2019 01:37 CST
Banning all URLs from all or even specific fields is unadvisable as it'd break the site. Remember that from the server's point of view there's no such thing as a "form". There's only data sent by GET or POST (or PUT, but PHP lumps that with POST data). Also, since this kind of rule would apply at the web server level, before Joomla loads, there'd be no way to tell if there's a logged in user or not. This means that anything that requires a URL, even articles, would be broken.

Now, you may wonder, why would banning URLs for a specific field be problematic? Because the field name is not guaranteed to be unique.

Moreover, writing that .htaccess rule would be a real pig since there's no good way to distinguish URLs and domain names (which is what you're really interested in!) over run together words. For example, akeeba.rocks is an honest to God domain name I have bought. Someone who can't be bothered spelling could also very plausibly write "i love your software akeeba.rocks man!" (which is an actual message I have received in the contact form and explains how I ended up snatching that domain name, hehe). So how can you tell them apart? You can't. You'd end up banning any two words separated with a comma.

I think that this approach is wrong. Most spam I've come across has specific keywords which are extremely unlikely to be used by our legitimate users. I also don't care if a spam contact form is stored in the database (it will be removed in 6 months anyway), I only care I don't receive it by email. Mail servers and mail clients are really good at figuring out which one of these are spam. I just have to check my spam every week or so for the occasional false positive.

Beyond that, other things which help with contact form spam are: CAPTCHAs (they can be beaten but it's more involved), Project Honeypot (there's integration for it in Admin Tools) and if the contact form software supports it Akismet (which is an extra paid service, well worth its money for reducing spam). In case you're wondering, the reason we can't implement Akismet integration in Admin Tools is the same reason you can't ban URLs in all form fields: you can't really know which fields come from forms and every request to Akismet costs you in page load time.

I hope that helps.




Nicholas K. Dionysopoulos


Lead Developer and Director






Greek: native


English: excellent


French: basic






Please keep in mind my timezone and cultural differences when reading my replies. Thank you!






Thursday, 10 January 2019 09:19 CST
I guess that's why I could find no solution anywhere. I feared as much but have implemented all other possible spam reduction short of Akismet.

Thanks for the help.
 
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.

Support Information

Working hours: Typically we work Monday to Friday, 9am to 7pm Cyprus timezone (EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets, but we cannot respond to them, outside of our working hours.

Support policy: Read the complete support policy which is part of our Terms of Service. We kindly remind our subscribers that they have already explicitly and unconditionally accepted the Terms of Service.

Cookies Notification - Action required

This website uses cookies to provide user authentication and improve your user experience. Please indicate whether you consent to our site placing these cookies on your device. You can change your preference later, from the controls which will be made available to you at the bottom of every page of our site.