Contact Us IP Ban [Support Thread]

[1100101]

Prevents some spam sent using the contact us form by temporarily banning the spammer from using the contact us form by IP.

By default if more than 3 messages are sent via the contact us form in any 30 minute period from a single IP then the IP is blocked from sending any messages via the contact us form for 30 minutes. If the spammer continues to attempt to send mail from the contact us form their ban period will be reset and their ban period will be extended.

An admin page Admin->Configuration->IP Ban Setup is added to the Zen Cart admin to allow the number of attempts allowed, the attempt period and the ban period to be set.

Please report any bugs/issues here

Thank you,
sj

[cowgirlmodel]

Can this mod be combined w/ captcha_using_ttf addon? The only file that seemed to conflict was contact us/header.php . I wasn't able to combine the 2 mods to make it work.

Also not sure if checksums.md5 file is supposed to be uploaded into the store root folder?

Thanks.

[1100101]

This module can be combined with the "CAPTCHA using TTF & GD" module. You are correct in stating that only contact_us/header_php.php conflicts.

However, please be aware that the version of contact_us/header_php.php used in the CAPTCHA mod is from an earlier version of Zen Cart (presumably 1.3.8) and it is not compatible with php 5.3 and possibly not compatible with Zen Cart 1.3.9.

In order to combine the two modules I have merged Captcha into the Contact Us IP Ban file. I have not tested this but I imagine it will work, it is attached.

The files: Checksums.md5, gpl2.txt, install_ip_ban.sql, readme_ip_ban.txt, uninstall_ip_ban.sql should NOT be uploaded to your server.

install_ip_ban.sql should be pasted into the SQL patch page in your Zen Cart admin as described in the readme.

ONLY the folder "includes" and its contents, located inside the "package" folder, should be uploaded to your site. The "includes" folder should be uploaded to the store root. The "package" folder itself should not be uploaded.

I hope this helps,
sj

[apsona]

There is another alternative that I have found very effective at keeping bot spam out. Basically all you do is make the contact us form's action URL be "#", and use JavaScript to modify it to its real value when the page loads. The result is that spam bots cannot submit the form, since they don't know the real action URL (because most spam bots don't evaluate JavaScript).

In the context of Zen Cart, the modification I used was this. At about line #17 of the file includes/templates/template_default/templates/tpl_contact_us_default.php, replace the line

Code:

<?php echo zen_draw_form('contact_us', zen_href_link(FILENAME_CONTACT_US, 'action=send')); ?>

with

Code:

<?php echo zen_draw_form('contact_us', '#'); ?>

And at the bottom of the file, add this:

Code:

<script>
document.forms.contact_us.action = "<?php echo  zen_href_link(FILENAME_CONTACT_US, 'action=send') ?>";
</script>

The only downside is that it doesn't work if the user's browser doesn't have JavaScript enabled, but that's usually not a major concern.

I'd like to know what you folks think of this approach.

Regards,
Apsona

[cowgirlmodel]

The files: Checksums.md5, gpl2.txt, install_ip_ban.sql, readme_ip_ban.txt, uninstall_ip_ban.sql should NOT be uploaded to your server.

install_ip_ban.sql should be pasted into the SQL patch page in your Zen Cart admin as described in the readme.

ONLY the folder "includes" and its contents, located inside the "package" folder, should be uploaded to your site. The "includes" folder should be uploaded to the store root. The "package" folder itself should not be uploaded.

Thanks SJ. I kind of figured that about those files, so didn't upload them - just installed the sql patch. But I did want to make sure.

Thanks for the heads-up on the TTF & PHP 5.3; I hope they will update the code for that mod soon. It does seem to work great on ZC139, except that it deletes the typed-in message if they get the captcha wrong. Also, I usually don't just overwrite files - I will double check to make sure I compared the TTF header w/ ZC139. Can't remember if that was a changed file or not.

I will reinstall the IP ban and try the new header this week. Let you know if anything does not appear to work.

Thanks!

[cowgirlmodel]

There is another alternative that I have found very effective at keeping bot spam out. Basically all you do is make the contact us form's action URL be "#", and use JavaScript to modify it to its real value when the page loads. The result is that spam bots cannot submit the form, since they don't know the real action URL (because most spam bots don't evaluate JavaScript).


The only downside is that it doesn't work if the user's browser doesn't have JavaScript enabled, but that's usually not a major concern.

I'd like to know what you folks think of this approach.

Regards,
Apsona

So Apsona, you don't even use a captcha on your site with this modification? Would it work for the product reviews, account registration, and tell a friend forms too?

[apsona]

cowgirlmodel - Correct, there is no need for any extra CAPTCHA code. And yes, the technique works with any HTML form, although the code sample I provided was intended specifically for the contact us form in Zen Cart.

There is one case I have found I need to guard against: When I tried this technique with my Wordpress installation, it was failing because the bots know the standard structure of the form submission URL (something like http://mysite/blog/wp-comments-post.php) so they just blindly post to that URL, and I still get spammed. The remedy was to change the name of submission URL as well. This is another minor tweak that might be necessary within Zen Cart, too.

Apsona

[cowgirlmodel]

Tried the combined header, but didn't work. I think the header was fine; the form displayed normally and the ban worked, but form wouldn't post/send; it kept saying I didn't enter the correct validation code, then after the specified # of attempts, it locked me out.

That's ok though; the captcha program works fine now; if it doesn't work when my server goes to php5.3, I'll reinstall ip ban for it. Thanks again for your help!

[1100101]

Hey.

I'm really sorry to hear that, I'm not exactly sure what's causing the mixed module not to work with my edits; perhaps I missed a line.

Thank you for posting your results. I hope captcha works well for you. If you would like me to take another look at the integration of the two I could do that, just let me know.

[cowgirlmodel]

My best guess is that includes/languages/english/extra_definitions/YOUR_TEMPLATE/contactus.php is conflicting w/ languages/english/extra_definitions/captcha.php - however this is just a guess and could be totally wrong; I know nothing about programming.

Please don't go to any extra work for me. TTF Captcha is working fine for me at this point, and until they update it, it might be a waste of time for you to reconcile your updated version of Contact Us IP Ban w/ it. However, you may want to make a note of this conflict in the download area for others who might try the same thing?

I appreciate your mentioning that TTF Captcha IS outdated, b/c I went back and updated those files that overwrite the ZC139 files. Usually I'm really careful about things like that, but overlooked it in this case and overwrote them. I don't know if my little updates will actually fix the TTF problems when my server goes to php5.3; but at least I know to check for it when that happens.