eCard module - disable sending when "a href" in Message area

wise_mike

Joined: 2008-10-21
Posts: 158
Posted: Mon, 2012-11-12 10:58

I use the eCard module, and recently I found some auto bot sending messages with gibberish text and links, like:

Quote:
52LVNo <a href="http://pobphotcsgrc.com/">pobphotcsgrc</a>, tulrbyychsil, [link=http://czwqohvsvonz.com/]czwqohvsvonz[/link], http://jrmuwjmwjrvj.com/

I want to disable sending the message if it has something like: "a href" or a given word something.

Thanks,

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Tue, 2012-11-13 00:06

So they are getting by the recapcha?
never used to module but the docs suggest it has that capability.

Dave_____________________________________________
Blog & G2 || floridave - Gallery Team

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Tue, 2012-11-13 02:17

Something like:
http://jsfiddle.net/UKJkK/embedded/result/

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
wise_mike

Joined: 2008-10-21
Posts: 158
Posted: Tue, 2012-11-13 03:28

It doesn't have a recapcha, that's why I want to add an option to disable sending if it has the above words in my first post, or give a warning like when it gives when there is a missing email address or something.

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Tue, 2012-11-13 14:30

Would something like:
http://jsfiddle.net/UKJkK/embedded/result/
Work?

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
wise_mike

Joined: 2008-10-21
Posts: 158
Posted: Tue, 2012-11-13 17:02

Unfortunately, the bot was still able to send, don't know how! You think disabling paste option would work? or bots has other ways around that?

 
tempg

Joined: 2005-12-17
Posts: 1857
Posted: Tue, 2012-11-13 17:23

Bots can generally get around js fairly easily. You can do this with php (in the same file that actually does the sending) but it's a bit complicated to do in a way that's friendly to human users that (for whatever reason) want to use a hyperlink (or one of the other words you specify) in the message; it'll also take time to do it in a way that would let Gallery users easily add and remove words/phrases from the listing.

wise_mike wrote:
It doesn't have a recapcha

I can't install right now to test, but I did check the code and found references to captcha_protect_form. If it's not working, first check to make sure that you have the latest version. The docs specifically say that RECAPTCHA was added in v3 a long while ago--and there's a captcha in the screenshot image. Maybe it requires a setting be checked, or installation of another module.

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Thu, 2012-11-15 06:11
Quote:
You think disabling paste option would work?

It might. try adding

<script>
  $(document).ready(function () {
    $('#g-text').bind('copy paste', function (e) {
       e.preventDefault();
    });
  });
</script>

to modules/ecard/views/ecard_form.html.php just before the </body>

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
wise_mike

Joined: 2008-10-21
Posts: 158
Posted: Wed, 2012-11-21 20:07

Seems the script uses something other the normal ways of paste, as it still sends spam.. how can I fix that?

Re the captcha that looks in the modules page, it is just an image, I re-installed final version and there is no captcha.

 
tempg

Joined: 2005-12-17
Posts: 1857
Posted: Fri, 2012-11-23 13:56

I don't know what's going on with the ecard captcha, but if it's not working, the easiest solution would be to get it working or add your own; there are several around the internet that you could download. Having said that, just to be sure we're on the same page, you have activated the reCAPTCHA module, is that correct? (It's a separate module that ships with Gallery.)

Also, how do you know that a robot is sending out forms? How do you see that?

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Sat, 2012-11-24 02:37

I don't use the ecard module or the captcha module. Do I need to install both as well as the module order module to verify that they work together?

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
tempg

Joined: 2005-12-17
Posts: 1857
Posted: Sat, 2012-11-24 16:02

@floridave: I don't use them either, but I know that the ecard module uses the recaptcha module to implement the captcha part. Without the recaptcah module, you'd likely get an error or see the blank space that the OP reports. I didn't think about module order, but that could be a factor. (I still don't have a test site back up to test with yet; working on it.)

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Sat, 2012-11-24 17:38

Installed the recaptcha module and the ecard module. Configured the recaptcha with the keys it needed.
Tried to send a ecard with the wrong text for the recaptcha and it did not send. With the correct text for the captcha it sends the card.

So, to me it is working as expected.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
wise_mike

Joined: 2008-10-21
Posts: 158
Posted: Sat, 2012-11-24 21:09

Sorry, as tempg said, I didn't know that recaptcha module was linked to the ecard module.. I'll enable it and check.. thanks.