Support

Admin Tools

#28368 Block RSForm submission based on a word

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 04 October 2017 17:17 CDT

DaveOzric
Hello, all my sites using RSForm are being spammed by a business funding spammer and recaptcha is not working. I read the documentation but the anti spam word filter does not seem to work or I am not doing it correctly. Is there a different way to prevent these submissions from being sent? Firewall Blacklist or something? What about .htaccess?

They use different IP addresses so it's too hard to block them that way.

All the messages have BusinessFunds365 in the name or messages.

Thank you

nicholas
Akeeba Staff
Manager
In fact, Anti Spam Word is exactly what you are supposed to use as long as the form component goes through Joomla! when submitting the form. I have not used RSForm so I can't tell you if that requirement is met. I can, however, tell you how Admin Tools should be configured.

Extensions, Components, Admin Tools, Web Application Firewall, Configure WAF. Click on Active Request Filtering, set Anti-spam filtering based on Bad Words list to Yes.

Extensions, Components, Admin Tools, Web Application Firewall, Anti-spam Bad Words. Click on green New button at the toolbar. In the Word field type BusinessFunds365 and click on the Save & Close button.

That's all :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

DaveOzric
Hi Nicholas, thank you for this info. I did indeed need to enable this so it works. These sleeze balls keep changing the name so it's going to be difficult to keep up with them.

I am noticing all the IPs they use are in Poland. How effective is the GEO blocker? I don't need any traffic from Poland to my sites.

Do you have any other suggestions?

Thank you again.

nicholas
Akeeba Staff
Manager
The GeoIP blocker has the precision of its third party GeoIP library (MaxMind). They claim 95% accuracy for the free version of their database (the one installed by default with our software for obvious licensing issues) and 99% for the paid one. For the purpose you are inquiring that 95% figure of the free version is more than adequate.

I have to remind you, however, that blocking the entire Poland may not be a good idea. You will also block legitimate visitors from this country. You know your site and its demographic best, I just have to warn you :)

Finally, if you see that their IPs are always in the same range you can use the IP Blacklist in Admin Tools to block a range of IPs (instead of an entire country with GeoIP blocking). I've had a similar case of spammers using actual humans to beat reCAPTCHA on my blog. They were coming from India but so does a not insignificant chunk of my visitors. I observed that their IPs always came from the same narrow block, indicating that they were operating off an office building. I went on a limp and blocked a range of 64 IPs around the ones spamming me. I haven't heard from them in a month!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!