Contact Us IP Ban [Support Thread]

[1100101]

Prevents some spam sent using the contact us form by temporarily banning the spammer from using the contact us form by IP.

By default if more than 3 messages are sent via the contact us form in any 30 minute period from a single IP then the IP is blocked from sending any messages via the contact us form for 30 minutes. If the spammer continues to attempt to send mail from the contact us form their ban period will be reset and their ban period will be extended.

An admin page Admin->Configuration->IP Ban Setup is added to the Zen Cart admin to allow the number of attempts allowed, the attempt period and the ban period to be set.

Please report any bugs/issues here

Thank you,
sj

[cowgirlmodel]

Can this mod be combined w/ captcha_using_ttf addon? The only file that seemed to conflict was contact us/header.php . I wasn't able to combine the 2 mods to make it work.

Also not sure if checksums.md5 file is supposed to be uploaded into the store root folder?

Thanks.

[1100101]

This module can be combined with the "CAPTCHA using TTF & GD" module. You are correct in stating that only contact_us/header_php.php conflicts.

However, please be aware that the version of contact_us/header_php.php used in the CAPTCHA mod is from an earlier version of Zen Cart (presumably 1.3.8) and it is not compatible with php 5.3 and possibly not compatible with Zen Cart 1.3.9.

In order to combine the two modules I have merged Captcha into the Contact Us IP Ban file. I have not tested this but I imagine it will work, it is attached.

The files: Checksums.md5, gpl2.txt, install_ip_ban.sql, readme_ip_ban.txt, uninstall_ip_ban.sql should NOT be uploaded to your server.

install_ip_ban.sql should be pasted into the SQL patch page in your Zen Cart admin as described in the readme.

ONLY the folder "includes" and its contents, located inside the "package" folder, should be uploaded to your site. The "includes" folder should be uploaded to the store root. The "package" folder itself should not be uploaded.

I hope this helps,
sj

[apsona]

There is another alternative that I have found very effective at keeping bot spam out. Basically all you do is make the contact us form's action URL be "#", and use JavaScript to modify it to its real value when the page loads. The result is that spam bots cannot submit the form, since they don't know the real action URL (because most spam bots don't evaluate JavaScript).

In the context of Zen Cart, the modification I used was this. At about line #17 of the file includes/templates/template_default/templates/tpl_contact_us_default.php, replace the line

Code:

<?php echo zen_draw_form('contact_us', zen_href_link(FILENAME_CONTACT_US, 'action=send')); ?>

with

Code:

<?php echo zen_draw_form('contact_us', '#'); ?>

And at the bottom of the file, add this:

Code:

<script>
document.forms.contact_us.action = "<?php echo  zen_href_link(FILENAME_CONTACT_US, 'action=send') ?>";
</script>

The only downside is that it doesn't work if the user's browser doesn't have JavaScript enabled, but that's usually not a major concern.

I'd like to know what you folks think of this approach.

Regards,
Apsona

[cowgirlmodel]

There is another alternative that I have found very effective at keeping bot spam out. Basically all you do is make the contact us form's action URL be "#", and use JavaScript to modify it to its real value when the page loads. The result is that spam bots cannot submit the form, since they don't know the real action URL (because most spam bots don't evaluate JavaScript).


The only downside is that it doesn't work if the user's browser doesn't have JavaScript enabled, but that's usually not a major concern.

I'd like to know what you folks think of this approach.

Regards,
Apsona

So Apsona, you don't even use a captcha on your site with this modification? Would it work for the product reviews, account registration, and tell a friend forms too?

[apsona]

cowgirlmodel - Correct, there is no need for any extra CAPTCHA code. And yes, the technique works with any HTML form, although the code sample I provided was intended specifically for the contact us form in Zen Cart.

There is one case I have found I need to guard against: When I tried this technique with my Wordpress installation, it was failing because the bots know the standard structure of the form submission URL (something like http://mysite/blog/wp-comments-post.php) so they just blindly post to that URL, and I still get spammed. The remedy was to change the name of submission URL as well. This is another minor tweak that might be necessary within Zen Cart, too.

Apsona

[cowgirlmodel]

The files: Checksums.md5, gpl2.txt, install_ip_ban.sql, readme_ip_ban.txt, uninstall_ip_ban.sql should NOT be uploaded to your server.

install_ip_ban.sql should be pasted into the SQL patch page in your Zen Cart admin as described in the readme.

ONLY the folder "includes" and its contents, located inside the "package" folder, should be uploaded to your site. The "includes" folder should be uploaded to the store root. The "package" folder itself should not be uploaded.

Thanks SJ. I kind of figured that about those files, so didn't upload them - just installed the sql patch. But I did want to make sure.

Thanks for the heads-up on the TTF & PHP 5.3; I hope they will update the code for that mod soon. It does seem to work great on ZC139, except that it deletes the typed-in message if they get the captcha wrong. Also, I usually don't just overwrite files - I will double check to make sure I compared the TTF header w/ ZC139. Can't remember if that was a changed file or not.

I will reinstall the IP ban and try the new header this week. Let you know if anything does not appear to work.

Thanks!

[highlander]

Where do I download the Contact Us IP Ban module? I can't seem to locate a link anywhere. It sounds like a very useful mod.

[1100101]

Hey!

It is available in the zen cart add on section: http://www.zen-cart.com/index.php?ma...index&cPath=40

Here is a direct link: http://www.zen-cart.com/index.php?ma...oducts_id=1684

Hope this helps.

[tobindonal]

Hi,

I'm using 1.3.9h

captcha add_on installed which is
CAPTCHA User Verification for Zen-Cart 1.3.9

as per a couple of posts on the install, when i compared it seemed to conflict on the header_php.php...

regardless in the spirit of things, i installed regardless confident i could reverse if needed...

everything seemed to install fine, and on my contact page my captcha is working fine...

however the ip_ban is not working...

i configured it from admin. to allow 2 tries 3 tries etc. etc. and then proceeded to send plenty of contact messages within the allowed time which i left at 30mins and they all sent...

there was no message displayed banning me (should there be?)

the only thing i could think of is that i am working at present on a test site on my localhost...could this be the issue>>>??

any help would be appreciated...im finally hoping to go live next week and this type of feature working would be a great help methinks...

thanks

donal