Support

Admin Tools

#26880 Geoblock sender emails

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 15 February 2017 17:17 CST

Thursday, 12 January 2017 11:02 CST

ml09616
 Hi Folks,
I have looked at the post #23751 relating to email geoblocking, but this is slightly different.

I use AdminTools to geoblock access to my website, and this works well.
Problem is that some people use proxy servers, or VPN, and these may have valid IP addresses which are NOT Geoblocked by AdminTools.

So, if someone accesses my site (from a NOT Geoblocked country), and uses the 'Contact Us' page to send an email, I would like to block the sending based on the email country identifier only (eg, .ru, .pl, .ua etc ------ ie, wider than specific email domains, such as mail.ru, mail.pl etc).

is there any way I can do this?

thanks,
Mike

Friday, 13 January 2017 01:51 CST

nicholas
The feature does exist, since 2010 :) The problem is that you're framing your question wrong.

Technically speaking, what you are trying to do is NOT GeoBlocking. GeoBlocking is IP blocking based on the IP-derived country information. You are trying to block requests irrespective of their detected geographic origin. Here's the thing. What you are trying to do is content-based blocking, i.e. whenever unwanted content is present in the submitted request you want the request discarded instead of served. This is exactly what the Anti-spam Bad Words filtering feature does in Admin Tools.

You can add the domains you want to filter as Bad Words, per the documentation page above. Any time someone enters an email address or any other content containing that domain name in the public frontend of your site Admin Tools will block the request and log a security exception with the reason "Bad Words Filtering".

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 13 January 2017 19:19 CST

ml09616
Thanks Nicolas for your reply.
I understand that my objective is not technically "Geoblocking", I just used that phrase for simplicity, to signify 'country' blocking.

I did try your suggestion using Anti Spam Bad Words, but couldn't get it to work..... maybe it was the component I was using???
I configured the Anti Spam word as ".pl" (without the quotes), and tried 2 'Contact Us' messages, one with an email address of [email protected] and the other with the .pl in the message text....

Both emails were transmitted and received, so it didn't work (unless there was something else I was doing wrong).

I used the ".pl" only, as opposed to a full domain, since there could be an unlimited number of domains, and I want to block ALL from ".pl" (and other country codes).

I will look into perhaps trying t block using cPanel email filtering.

I will continue to fiddle around.... THanks again for your quick reply.

Mike

Saturday, 14 January 2017 13:34 CST

nicholas
.pl will not work. Bad Words filtering works by doing a pattern search across word boundaries. The dot is a word boundary. You need to enter full domain names there for that trick to work.

Also note that trying to block .pl would be way too generic anyway. It will most certainly filter out content you want and you didn't think would get blocked.

Moreover, this approach for protecting against spam is extremely naive and bound to fail miserably. All Ukrainian, Russian and Arabic-speaking spammers I come across these days use popular, generic mail services (GMail, Yahoo, Hotmail) which you can't afford to block. It's only a matter of time until the regional spammers do the same.

You know what's the obvious solution to your problem? Regular spam filters which classify messages as spam or ham (seriously, the opposite of spam is called "ham") based on content. The drawback is that your contact form email address is no longer whitelisted as safe and you MAY end up losing legitimate email mistakenly marked as spam.

Finally, there's the non-obvious solution to your problem. CAPTCHA. Joomla comes with ReCAPTCHA integration and it can be used in the contact form. It will obviously not work if the spammers employ real, breathing humans to submit the contact form spam instead of bots. You can't fight that.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 15 January 2017 18:15 CST

ml09616
Thanks again Nicholas......

you are an absolute legend!! and I agree with every word you say, especially spammers using generic services like GMail etc.

I will use regualr spam filters, and I also already use a Captcha.
I will also use the cPanel filter for "ending in...." and put the ".ua" etc in there.
I know this has downsides, and will not stop the clever ones, but at this stage, I am getting lots of spam with return email addresses like [email protected] etc, so this simple filter will stop these (until they wise up!)

I know this whole issue is a hard thing to fight effectively..... we can only try.

thanks yet again Nicholas.

Mike

Monday, 16 January 2017 01:27 CST

nicholas
You're welcome :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 15 February 2017 17:17 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2017-02-15 17:17 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!