TOPIC:

Spam getting past custom validation 2 weeks 16 hours ago #252335

  • Topic Author
  • zeroalpha
  • Offline
  • Fresh Breezer
  • Fresh Breezer
  • Posts: 7
  • Thanks: 0
I'm getting daily spam through my breezingform. I just set up a custom regex validation to only allow basic english sentences and to block html web links but spammers are still able to post links:

var bad = /(http|www|html|.ru|.com|.net|href)/;

But spammers are still able to post links. If I copy and paste their own spam into my form to test it, it successfully detects the spam. I am using google recaptcha also. How are these spammers able to bypass my regex validation?

Please Log in or Create an account to join the conversation.

Spam getting past custom validation 1 week 5 days ago #252363

  • tihana.krivic's Avatar
  • tihana.krivic
  • Offline
  • Moderator
  • Moderator
  • Posts: 2935
  • Karma: 3
  • Thanks: 255
Hi,

could you please post here the whole code of validation ?

It is always very difficult to be totally free from spam as soon as you offer online forms

You can protect your forms with recaptcha and honeypot:
crosstec.org/en/support/online-documenta...ts/210-honeypot.html

Also, you can protect every website using this:
www.vi-solutions.de/en/joomla-plugin-plgspambotcheck
and this:
www.projecthoneypot.org/

Regards,
Tihana

Please Log in or Create an account to join the conversation.

Spam getting past custom validation 1 week 5 days ago #252376

  • Topic Author
  • zeroalpha
  • Offline
  • Fresh Breezer
  • Fresh Breezer
  • Posts: 7
  • Thanks: 0
function ff_data_validation(element, message)
{
var pattern = /^[a-z][a-z0-9.,:\/\\'+=\-?\n\s]*$/i;
if (!pattern.test(element.value)){
if (message=='') message = element.name+" faild in my test.\n"
ff_validationFocus(element.name);
return message;
} // if
var bad = /(http|www|html|.ru|.com|.net|href)/;
if (bad.test(element.value)){
if (message=='') message = element.name+" faild in my test.\n"
ff_validationFocus(element.name);
return message;
} // if
return '';
} // ff_data_validation


When I test my validation it works fine.
Here is the last spam I received. They can even beat my 350 character limit:

Доброго дня!

Если вы хотите улучшить видимость своего члена и хуя поиске пизды и улучшить его размер до конского ялдыка, то моя помощь будет очень необходимой для Вас.
<b>Поток доверия Porno - система предназначеная для определения степени надежности секса на основе качества обратных анусов, указывающих на Ваш пенис.</b>

Если Вам интересно, прочитайте методику в моем блоге https://deleted

Конкретно, в чём заключается суть моего способа по прокачке жопы с помощью наращивания потока спермы:

Я проставлю 15 качественных ссылок на Ваш сайт на валютных ресурсах с высоким пенисом и Ваша жопа сайта увеличится до 29 сантиметров.

Писюны на авторитетных порносайтах размещаются в жопе и навсегда.
Услуга на 100% безопасна для онанистов и педофилов России включая Панду и зоофилию, потому что мой метод белый и натуральный.
Вы заметите заметное преимущество перед Вашими конкурентами и улучшите продажу оружия и наркотиков типа героин и кокаин.

Похожих агенств по продвижению сайтов в ТОП не предоставляет никто кроме меня. Отзывы о повышении пениса и жопы изучить тут на бирже онанистов и извращенцев, все они положительные, так как покупатели полностью довольны проделанной мною работой и заказывают продвижение в жопу сразу для 7 своих жен и друзей и делают повторные заявки на анал и педофилию.

Статьи о моём сервисе можно увидеть на других сайтах, например <a href=" www.deleted ">Предложение владельцу сайта deleted bc275ec

Please Log in or Create an account to join the conversation.

Last edit: Post by zeroalpha.

Spam getting past custom validation 1 week 5 days ago #252381

  • tihana.krivic's Avatar
  • tihana.krivic
  • Offline
  • Moderator
  • Moderator
  • Posts: 2935
  • Karma: 3
  • Thanks: 255
Hi,

please see if this will help:
function ff_data_validation(element, message)
{
var pattern = /^[a-z][a-z0-9.,:\/\\'+=\-?\n\s]*$/i;
if (!pattern.test(element.value)){
if (message=='') message = element.name+" faild in my test.\n"
ff_validationFocus(element.name);
return message;
} // if
var bad = /\b(http|www|html|.ru|.com|.net|href)\b/ig;
    if (!bad.test(element.value)) return '';
        if (message=='') message = element.name+" faild in my test.\n";
        ff_validationFocus(element.name);
        return message;
return '';
} // ff_data_validation

Regards,
Tihana

Please Log in or Create an account to join the conversation.

Spam getting past custom validation 1 week 5 days ago #252385

  • Topic Author
  • zeroalpha
  • Offline
  • Fresh Breezer
  • Fresh Breezer
  • Posts: 7
  • Thanks: 0
Thanks. I'll see how it goes and report back

Please Log in or Create an account to join the conversation.

Spam getting past custom validation 2 days 7 hours ago #252838

  • Topic Author
  • zeroalpha
  • Offline
  • Fresh Breezer
  • Fresh Breezer
  • Posts: 7
  • Thanks: 0
Spam has reduced a lot! I improved my validation script. Here I have a a good list to only accept english and some characters and a bad list to block common website links:
function ff_data_validation(element, message)
{
 var goodlist = /^[a-z][a-z0-9.,:\/\\'+=\-?\n\s]*$/i;
 var badlist = /(http|www|html|.ru|.com|.net|href)/;
    if (!goodlist.test(element.value) || badlist.test(element.value)) {
        if (message=='') message = element.name+" faild in my test.\n"
        ff_validationFocus(element.name);
        return message;
    } // if
    return '';
} // ff_data_validation

It seems the professional spammers are able to bypass client side validation easily though. I have checked my google recaptcha settings and increased the security level and removed alternative domain names. I have also made sure to force ssl only in my joomla global configuration settings.

Does anyone have any examples on how to write a server side validation test?

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
  • 2
Moderators: ForumSupport
Time to create page: 0.051 seconds

BreezingForms Pro 1.4.7 for WordPress Released!

Available in the membership section.

September Discount!

Massive discounts on all subscriptions!

Get Your Subscription Here

Quick Links

Downloads

BreezingForms

ContentBuilder

BreezingCommerce

Templates

Documentation

BreezingForms

ContentBuilder

BreezingCommerce

Apprendre BreezingForms (French Community)

Apprendre et maîtriser BreezingForms par des tutoriels et exemples, le tout en français

breezingforms.eddy-vh.com

Questions et réponses sur les forums de l'AFUJ

AFUJ

Special Offer

Summer Sale! All subscriptions at a special price!

Includes prio support, all of our current and future Joomla!® extensions and Joomla!® templates for the duration of your membership.

Get it from here

3rd Party Discount - 25% Off

We help you to keep your costs under control. If you are a new member and purchased a form building tool from a different form vendor, then you'll get a 25% discount on our subscription plans.

How to receive the discount:

Send us a quick email to sales@crosstec.org with a proof of purchase (for example a paypal receipt), await payment instructions and enjoy your membership!