Support

Admin Tools

#30762 Anti-spam Bad Words import

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by DaveOzric on Thursday, 10 January 2019 09:19 CST

DaveOzric
Hello, per some other ticket I read you can export and import a list of bad words. Is there some instructions for this? I don't see anything on the page. https://www.akeebabackup.com/documentation/admin-tools/waf-bad-words.html

Thank you

DaveOzric
Additionally, is it possible to block a URL in a web form with AT? Most spammers add some link to the form.

dlb
Under Export Settings you could select only the Bad Words and leave the others set to No. That would allow you to export only the bad words and import them into another site.

If I understand you correctly, if you add the URL as a bad word that should prevent it being used in a form.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

DaveOzric
Oh, I see it's a global export. Thanks

No, I am trying to figure out using any method of how to block a user from entering a link or url into a form. Not related to bad words. Is there some way to do this with AT? Most spam has some link in it that they enter the form message. Blocking this like a bad word would solve a lot of problems. In theory at least.

dlb
The URL is the bad word. Add "www.cnn.com" to your bad words list and it becomes banned.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

DaveOzric
That's just silly, how can I add every link including tiny url, etc. to this list. Can something like http:// be used or is that too broad? wildcard perhaps, http://*

Surely there must be a different way, lets not think bad word filter but some other feature of AT.

dlb
Ah, now I get it. When you said you wanted to block a URL, I was thinking of a specific URL, not just a URL in general. You're right of course, you can't put everything possible in the bad words list.

Using http/https would frustrate legitimate users who put in an address and include the protocol. I can't think of any way to do it but there are many clever things that can be done with Admin Tools. I'll check with Nicholas and Davide in the morning to see if they can suggest anything. They are both gone for the day by now.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

DaveOzric
Thanks, much appreciated.

nicholas
Akeeba Staff
Manager
Banning all URLs from all or even specific fields is unadvisable as it'd break the site. Remember that from the server's point of view there's no such thing as a "form". There's only data sent by GET or POST (or PUT, but PHP lumps that with POST data). Also, since this kind of rule would apply at the web server level, before Joomla loads, there'd be no way to tell if there's a logged in user or not. This means that anything that requires a URL, even articles, would be broken.

Now, you may wonder, why would banning URLs for a specific field be problematic? Because the field name is not guaranteed to be unique.

Moreover, writing that .htaccess rule would be a real pig since there's no good way to distinguish URLs and domain names (which is what you're really interested in!) over run together words. For example, akeeba.rocks is an honest to God domain name I have bought. Someone who can't be bothered spelling could also very plausibly write "i love your software akeeba.rocks man!" (which is an actual message I have received in the contact form and explains how I ended up snatching that domain name, hehe). So how can you tell them apart? You can't. You'd end up banning any two words separated with a comma.

I think that this approach is wrong. Most spam I've come across has specific keywords which are extremely unlikely to be used by our legitimate users. I also don't care if a spam contact form is stored in the database (it will be removed in 6 months anyway), I only care I don't receive it by email. Mail servers and mail clients are really good at figuring out which one of these are spam. I just have to check my spam every week or so for the occasional false positive.

Beyond that, other things which help with contact form spam are: CAPTCHAs (they can be beaten but it's more involved), Project Honeypot (there's integration for it in Admin Tools) and if the contact form software supports it Akismet (which is an extra paid service, well worth its money for reducing spam). In case you're wondering, the reason we can't implement Akismet integration in Admin Tools is the same reason you can't ban URLs in all form fields: you can't really know which fields come from forms and every request to Akismet costs you in page load time.

I hope that helps.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

DaveOzric
I guess that's why I could find no solution anywhere. I feared as much but have implemented all other possible spam reduction short of Akismet.

Thanks for the help.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!