Skip to Content Skip to Menu

CB Antispam released with great protection tools

  • nant
  • nant
  • OFFLINE
  • Posts: 12339
  • Thanks: 1467
  • Karma: 877
11 years 6 months ago - 11 years 6 months ago #226719 by nant
This thread discusses the big news CB Antispam released with great protection tools .

Great job once again Kyle!
Congratulations to Kyle (krileon) for the great new major release!

Keep up the great work. :)
Last edit: 11 years 6 months ago by nant.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2334
  • Thanks: 117
  • Karma: 13
11 years 6 months ago #226724 by activha
Wonderful ans vert useful plugin.

Could you tell us how and where phrases for anti spam can be translated ?

How does it fit with admin tools ? Can both tools be used at the same time for front end login control ?

Thanks

Please Log in or Create an account to join the conversation.

  • dotcom22
  • dotcom22
  • OFFLINE
  • Posts: 522
  • Thanks: 14
  • Karma: 4
11 years 6 months ago #226735 by dotcom22
This plugin seem to be very complete and powerful... I looked on all settings but I'm a bit lost and unfortunately like all Incubator project no documentation are provided.

My goal was to only block user IP after (for example after 5 login attempt) for prevent brute force attack. So if I understand correctly is only required to:

- Go to Configuration plugin
- Go to Tab Login
- Go to Tab Auto-block
- Enable block

Could you confirm if this is right please ?

thank

I use Joomla 3.3.6 - CB 2.0.4 - CBSubs 4 - Several Incubator plugins

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
11 years 6 months ago - 11 years 6 months ago #226741 by krileon

Could you tell us how and where phrases for anti spam can be translated ?

All strings can be translated. Even the Question captcha mode questions and answers can be translated.

How does it fit with admin tools ?

I've no idea what admin tools is. CB AntiSpam acts on CB triggers so its goal is to only protect CB sites. It also only functions for frontend as there's plenty of tools to block backend (best case for backend is htaccess lockdown admin).

Can both tools be used at the same time for front end login control ?

I don't see why not.

Could you confirm if this is right please ?

Yup, that's correct location. Set the Attempts to 5 and adjust the other settings as needed as well to have your desired results.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 11 years 6 months ago by krileon.

Please Log in or Create an account to join the conversation.

11 years 6 months ago #226753 by researchware
Replied by researchware on topic CB Antispam released with great protection tools
Delighted to see a plugin to combat SPAM, but what we really need is something that can pattern match against registrations data to provide automatic blocks. We get a lot of robotic registrations with pretty consistent patterns: For example:
Name - Sleegrern SleegrernAZ
E-mail - teeptesty@hotmail.com
Username - Sleegrern

The "lastname" will always end in 2 Upper case characters and first, last, and username all match (except for the 2 uppercase characters) OR we get some where first, last, and username all match exactly. These are and a few other repeating patterns are all generated by SPAM-bots out there. A CB plugin that let use set up rules using REGEX patterns for these three fields and block if the pattern is matched would be HUGELY helpful.

We can not block by IP or email domain as the IPs vary widely and the emails are generally hacked accounts on popular email services like hotmail, yahoo, gmail, etc.). The best option would be something to detect the robot generated patterns of name and username and block if the pattern is matched.

Any chance you may add a feature like this to the new anit-spam plugin? Or is there any otther way this could be done with existing CB plugin(s)?

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
11 years 6 months ago - 11 years 6 months ago #226773 by krileon

Delighted to see a plugin to combat SPAM, but what we really need is something that can pattern match against registrations data to provide automatic blocks. We get a lot of robotic registrations with pretty consistent patterns: For example:
Name - Sleegrern SleegrernAZ
E-mail - teeptesty@hotmail.com
Username - Sleegrern

The "lastname" will always end in 2 Upper case characters and first, last, and username all match (except for the 2 uppercase characters) OR we get some where first, last, and username all match exactly. These are and a few other repeating patterns are all generated by SPAM-bots out there. A CB plugin that let use set up rules using REGEX patterns for these three fields and block if the pattern is matched would be HUGELY helpful.

You don't need a plugin for this. You've been able to do this for years now. Just add custom regex validation to your fields by editing them in CB > Field Management and setting "Authorized input:" to "Custom PERL regular expression" now add your custom validation to "Perl Regular Expression:". Then they'll never even make it past registration validation and will fall into failed registration attempts and be subject to blocking if you enable and use it.

We can not block by IP or email domain as the IPs vary widely and the emails are generally hacked accounts on popular email services like hotmail, yahoo, gmail, etc.). The best option would be something to detect the robot generated patterns of name and username and block if the pattern is matched.

Nothing can detect such patterns reliably. What if a legitimate user has 2 upper case letters? You just lost a customer or user due to it. Spam registrations will always be a reality. The idea behind CB AntiSpam is to cut back on them. Human spam bots, like what you're probably experiencing, will always surpass stuff like this because it's a person sitting there inputting the data. Spam bots won't or shouldn't make it past the new captcha in CB AntiSpam so you should be able to completely eliminate automatic bots; you can also use ReCaptcha captcha mode if you like which uses advanced image recognition deterrent techniques.

Any chance you may add a feature like this to the new anit-spam plugin?

Nope.

Or is there any otther way this could be done with existing CB plugin(s)?

In addition to the above you can use CB Auto Actions to check against post data and try to fail the registration. Conditionals has a REGEX operator so you could regex a field value to see if it contains a match to something you don't like then set a $_PLUGIN error which should stop registration using a Code action with PHP Method. Be careful though as simply checking for 2 capital letters at the end of a last name could easily backfire and block many legitimate users.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 11 years 6 months ago by krileon.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum