Osclass forums
Development => Plugins => Topic started by: Liath on March 28, 2017, 02:33:11 am
-
PREMIUM PLUGIN - Now available on Osclass Market for FREE!!!
Download here: https://market.osclass.org/plugins/security/anti-spam-protection-system_787 (https://market.osclass.org/plugins/security/anti-spam-protection-system_787)
!!! See known issues on the end of this post !!!
This plug-in has been developed as a spam protection and security module. On the one hand, it detects the most spam on your site and marks it for you for further processing, on the other hand it secures your user accounts against unauthorized access.
The spam is not automatically deleted, it is only marked and displayed in your admin area, so that you can recognize it more quickly and decide for yourself what happens with it. This is intended to prevent you from accidentally deleting incorrectly marked ads that do not contain spam.
Spam protection for
- Ads
Here you can check for possible duplicates, check the MX record of the used e-mail address, add a bottrap, block e-mail addresses or hosters, define stopwords, and automatically remove unwanted ads.
- Comments
Here you can check the comments, whether links or links are in the title or comment, block email addresses or hosters, define keywords, and automatically remove unwanted comments
- Contact E-mails
Here you can activate a check of the contact messages to sellers, whether the message contains links, block email addresses or hosters, and define keywords
The security of the user accounts is ensured by a built-in login limit, which ensures that a user account is blocked after too many unsuccessful logon attempts and the user is notified accordingly by e-mail. All e-mails are easy to edit and could be self-designed with the built-in template editor. A link can also be installed, which allows the user to unlock his account again.
Safety Precautions for
- User accounts
Here you can activate and set the login limit. In addition, a bottrap can be added to the login form. You can also set whether the corresponding user should only be blocked or banned. To be able to use the bottraps in all forms, it may be necessary to edit one or two files. You can find a tutorial in the corresponding section.
- Administrator accounts
Here you can activate and set the login limit. In addition, a bottrap can be added to the login form. You can also set whether the corresponding user should only be blocked or banned.
- Registrations
Here you can activate a check for newly registered user accounts. You can determine, that specified e-mail addresses may be used exclusively or not at all. You can also check the e-mail address and the IP of the user at StopForumSpam, if one of them is listed as a spammer.
- Account Cleanup
If you have constantly user accounts which are not used, you can have them automatically deleted after a fixed interval. You also have the option to search user accounts and remove unwanted user accounts.
There are inbuild some tools, to help you to control your accessibility and your security. This tools can block or control whole user groups and keep an eye on your file system integrity.
Tools for
- Good / Bad users
For example, you can prohibit specific users from publishing new ads, write comments or send contact messages to sellers. On the other hand, you can also free selected users from the spam check.
- IP Ban list
Here you can save IP's that you want to deny access to your page. In addition, you can still determine where the blocked users are forwarded.
- TOR Network Control
Here you can control, if users of the TOR Network are allowed to use your page. You have control about the actions they can do or not.
- File system monitor
This tool will help you to take control over your files. If any change are happen, you will be informed about that.
- Admin security (from Version 1.7.5)
This protection keeps an eye on your admin accounts. When any changes are happen to your admin accounts (new, changed or deleted account) you will be informed about that.
So that you can use the plugin optimally, there is the possibility to adjust the appearance and behavior. You can determine how you are made aware of suspicious activities and where the appropriate hints appear.
If you are running several OSClass pages, you can easily export all settings and import them again on all other pages. This can save a lot of time.
To get an overview of the activities of the plugin, everything is stored in a global log. There you can see whether ads, comments or contact messages have been blocked, if user or administrator accounts have been blocked and for what reason something has happened. The log can be deleted automatically after an adjusted interval or at any time manually.
A tutorial on how to use and operate the plugin can be found in the help for the plugin. There everything is explained, but actually the plugin is self-explanatory.
Known issues
- PHP-Error while installation: Fatal error: Can't use method return value in write context in ../class.spamprotection.php
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg148947/#msg148947 (https://forums.osclass.org/plugins/(plugin)-spam-protection/msg148947/#msg148947)
- SQL-Error while installation: Invalid default value for 'dt_date_banned'
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155824/#msg155824 (https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155824/#msg155824)
Big thanks to Aficionado, TangoX, SteveJohnson, dev101 for your help and support
-
Looks great! Should give it a go.
Many thanks for your hard work, Liath
-
Hi, I tried installing the plugin on osclass 3.0.1 and after hitting isntall, this error came up:
Fatal error: Can't use method return value in write context in /home/sportexd/public_html/osclass/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 249
Can you please help. I really need a spam protection plugin.
Thank you!
-
Hi, I tried installing the plugin on osclass 3.0.1 and after hitting isntall, this error came up:
Fatal error: Can't use method return value in write context in /home/sportexd/public_html/osclass/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 249
Can you please help. I really need a spam protection plugin.
Thank you!
I think you run an old version of Osclass (3.0.1) and that plugin is not compatible with a so old version.
-
it's not depend on the osclass version i think, but you should urgently upgrade it to the newest version...
you could try to change some lines of code in the given file:
search for:
// Check for blocked mailaddresses
if ($this->_get('sp_blocked') == '1' && !empty($this->_get('blocked'))) {
if ($this->_checkBlocked($item['s_contact_email'])) {
return array('params' => $item, 'reason' => 'Blocked E-Mail-Address found. Please check this ad manually');
}
}
// Check for blocked mailaddress tld
if ($this->_get('sp_blocked_tld') == '1' && !empty($this->_get('blocked_tld'))) {
if ($this->_checkBlockedTLD($item['s_contact_email'])) {
return array('params' => $item, 'reason' => 'Blocked E-Mail-Address TLD found. Please check this ad manually');
}
}
and replace it with:
// Check for blocked mailaddresses
$blocked = $this->_get('blocked');
if ($this->_get('sp_blocked') == '1' && !empty($blocked)) {
if ($this->_checkBlocked($item['s_contact_email'])) {
return array('params' => $item, 'reason' => 'Blocked E-Mail-Address found. Please check this ad manually');
}
}
// Check for blocked mailaddress tld
$blocked_tld = $this->_get('blocked_tld');
if ($this->_get('sp_blocked_tld') == '1' && !empty($blocked_tld)) {
if ($this->_checkBlockedTLD($item['s_contact_email'])) {
return array('params' => $item, 'reason' => 'Blocked E-Mail-Address TLD found. Please check this ad manually');
}
}
@Aficionado
can you contact me please?
-
@Aficionado
can you contact me please?
Sure, if you tell me how.
-
it's not depend on the osclass version i think, but you should urgently upgrade it to the newest version...
can you contact me please?
If it is not an Osclass old version problem, then it is a problem with an old PHP version (pre 5.5).
-
If it is not an Osclass old version problem, then it is a problem with an old PHP version (pre 5.5).
Yes, i think so...
Sure, if you tell me how.
Idk... is it allowed to post mailaddresses here? its reall hard to go in contact with the member here :o
you could use.... "the name of my blog"@gmx.de
-
Plugin couldn't be installed because it triggered a fatal error
this is the error i receive after trying to install this plugin....no other error shows like this line have error or something like that....
my osclass is 3.6.1 and PHP version: 5.4.45
please help me to solve it......
-
Plugin couldn't be installed because it triggered a fatal error
this is the error i receive after trying to install this plugin....no other error shows like this line have error or something like that....
my osclass is 3.6.1 and PHP version: 5.4.45
please help me to solve it......
PHP 5.4 is 2012. Update to 5.6 or later and try again.
-
will updating can cause any error to my current website or it will not
-
will updating can cause any error to my current website or it will not
"Updating" php is usually a click in Cpanel or an extra line in .htaccess, both can be reverted easily.
And no, Osclass runs fine upto PHP 7.0.17 (not sure with PHP 7.1).
-
does upgrading php alone is enough or do i have to install any dependency .....
-
does upgrading php alone is enough or do i have to install any dependency .....
What kind of hosting plan do you have ? Shared ?
-
vps
-
vps
Well, sorry but i have no idea in that case.
-
ok thanks for your support
-
102
down vote
accepted
As Jacob mentioned, the CentOS packages repo appears to only have PHP 5.3 available at the moment. But these commands seemed to work for me...
rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm
yum remove php-common # Need to remove this, otherwise it conflicts
yum install php56w
yum install php56w-mysql
yum install php56w-common
yum install php56w-pdo
yum install php56w-opcache
php --version # Verify version has been upgraded
You can alternatively use php54w or php55w if required.
CAUTION!
This may potentially break your website if it doesn't fully resolve all your dependencies, so you may need a couple of extra packages in some cases. See here for a list of other PHP 5.6 modules that are available.
If you encounter a problem and need to reset back to the default, you can use these commands:
sudo yum remove php56w
sudo yum remove php56w-common
sudo yum install php-common
sudo yum install php-mysql
sudo yum install php
(Thanks Fabrizio Bartolomucci)
going to try this if it is success will let you know...
-
Liath, please don't forget about the remaining issues.
@Liath Any news on a new version containing: 1 (http://forums.osclass.org/general-help/duplicate-posts/msg147867/#msg147867), 2 (http://forums.osclass.org/general-help/duplicate-posts/msg148050/#msg148050), 3 (http://forums.osclass.org/general-help/duplicate-posts/msg148025/#msg148025), 4 (http://forums.osclass.org/general-help/duplicate-posts/msg148061/#msg148061)?
Thanks!
Cheers!
-
Liath, please don't forget about the remaining issues.
@Liath Any news on a new version containing: 1 (http://forums.osclass.org/general-help/duplicate-posts/msg147867/#msg147867), 2 (http://forums.osclass.org/general-help/duplicate-posts/msg148050/#msg148050), 3 (http://forums.osclass.org/general-help/duplicate-posts/msg148025/#msg148025), 4 (http://forums.osclass.org/general-help/duplicate-posts/msg148061/#msg148061)?
Thanks!
Cheers!
I know :)
this is next after i have finished another project
-
@aficionado
after php upgrade site not working and in log receiving continuous error like
Call to undefined function utf8_decode() in /public_html/oc-includes/osclass/compatibility.php on line 73
-
@aficionado
after php upgrade site not working and in log receiving continuous error like
Call to undefined function utf8_decode() in /public_html/oc-includes/osclass/compatibility.php on line 73
got myself solved
-
after activating the plugin and if i view the source code for the honey pot in item page or contact page i cant find the honey pot entry ....
please some one confirm....i need to know this works for me or not...plz help
-
did you named the honeypot field and checked the checkbox for activating the honeypot? It doesnt have a name like honeypot! The default name is sp_price_range
Which Theme are you using? The Honeypot uses the Hooks item_edit and item_post, so you should search there where all other plugins hooks on the item-page
-
Hi liath will test what you said and report back...
i have simple item moderation plugin and if a new post comes it will make that post to wait for my moderation, but this plugin makes them the new post activate and not allowing me to moderate....
-
how to make it so that the simple itme moderation plugin will block the ads and after i approve post comes online like before
-
@liath
checked for sp_price_range, and it is not appearing in item post page.
also if i save the setting in the plugin it is creating header already send error in error_log
PHP Warning: Cannot modify header information - headers already sent by (output started at /oc-includes/osclass/utils.php:1740) in /oc-includes/osclass/utils.php on line 1745, referer: page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
using modern theme
-
also if i save the setting in the plugin it is creating header already send error in error_log
PHP Warning: Cannot modify header information - headers already sent by (output started at /oc-includes/osclass/utils.php:1740) in /oc-includes/osclass/utils.php on line 1745, referer: page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
using modern theme
Maybe you have changed some files and introduced white space in some PHP files. Because i can save the settings of the plugin without any error or problem like this.
-
how to make it so that the simple itme moderation plugin will block the ads and after i approve post comes online like before
Apparently you can't mix two plugins like that.
-
I'm working on an update, for now following changes are done
- correcting some translations
- fixed PHP < 5.6 Bug (i hope... can't test it)
- adding similar_text() method for duplicate search
- now you can choose between search in all items or per user for duplicates
- adding item comment check (still in development)
Have done this suggestions:
@Liath Any news on a new version containing: 1 (http://forums.osclass.org/general-help/duplicate-posts/msg147867/#msg147867), 2 (http://forums.osclass.org/general-help/duplicate-posts/msg148050/#msg148050), 3 (http://forums.osclass.org/general-help/duplicate-posts/msg148025/#msg148025), 4 (http://forums.osclass.org/general-help/duplicate-posts/msg148061/#msg148061)?
I'm preposting this update info, because i want to know which features you all want for checking the comments, which mechanism you think are needed and what would be a nice have?
Following features are implemented for comment spam check
- Check comments for links/urls
- Ban Email-Addresses/TLD's for comments
- Define stopwords for comments
Also planned is a protection for contact forms, where admins and user can setup this protection. Suggestions are welcome.
This version 1.4.0 is not yet available for download
------------------
checked for sp_price_range, and it is not appearing in item post page.
it is important to select a categorie first, then the hook is activated and the honeypot is "shown"
-
Liath, do you have an email address/contact form where I could contact you, as I want to send you something?
-
it's not allowed to post my emailaddress here :-\ but you could try it on my blog... or
Idk... is it allowed to post mailaddresses here? its reall hard to go in contact with the member here :o
you could use.... "the name of my blog"@gmx.de
-
Email sent. Talk to you there. :)
-
some updates...
Following features are implemented for comment spam check
- Check comments for links/urls
- Ban Email-Addresses/TLD's for comments
- Define stopwords for comments
I think this should be enough for item comments, now going on to the "Contact Author" Form... your suggestions for features are welcome :)
-
"Contact Author" Form...
Hidden field, for bots
-
Following features are integrated for contact mail protection
- de/activate check for links/urls in message
- de/activate honeypot protection
- same email/stopword protection as for ads or comments
i've build the honeypot with double protection... one inputfield has to be filled out (this happens automatically via javascript) and the other has to be blank (looks like a captcha)
For this case, that a mail was identified as spam, the user gets a warning, that the mail has to be moderated, is this succesful done, can the mail be forwarded manually.
If he dont want this mail to be moderated, he can delete it immediatelly to secure his privacy.
New version is uploaded to the market, please have patience until it is available.
-
Liath, please note that at check listing spam, you have the same button twice for blocking the user.
Liath, in your next version could you please add another button next to Block User, for BAN User!, that uses the standard Osclass Ban rules (http://localhost/oc-admin/index.php?page=users&action=ban) and completely bans the user IP & Email, using SPAM as a reason?
I'm asking this because on my website, everyone can post an ad and many users can't be blocked as they don't have an account.
So we should have the option to Block and to Ban an user.
Blocking the user should stop that username/email from adding listings by deactivating the user and banning the user should create a ban rule for that IP/email (stopping even the unregistered users).
Also, please don't forget about the issue with the clicking on the item ID in the Blocked ads summary, that doesn't do anything.
This issue is still present.
Thanks!
-
Liath, please note that at check listing spam, you have the same button twice for blocking the user.
Nope, Block user is shown once for me.
-
@Aficionado Tested 2 mins ago on localhost, with an unregistered user (osclass 3.7.3, plugin v1.4.0 (http://amfearliath.tk/osclass-spam-protection/)).
-
oooh damn... you're right :o
i see that this option is still unfinished, will temporarily remove the button and add them to next version, at moment i'm building a login limit for this plugin and dont want to interrupt
-
With all these features being added, you'll have to change the name of this plugin from Spam Protection, to Osclass Security Suite. ;D
Anyway, you're doing an amazing job.
Thanks a lot for your effort!
-
i was thinking about to change the name ;D
because i want to add more features to secure our osclass installations. Suggestions always welcome ;)
P.S.
A personal note... the license for this plugin is the WTFPL (https://en.wikipedia.org/wiki/WTFPL). It means that everyone can take the code and make improvements. Everyone who want to work on it is welcome.
-
Do you have github account ?
-
yes, i can try to upload it there
edit: done (osclass-spam-protection)
-
Do you have github account ?
yes, i can try to upload it there
Good idea, let's build a community around this plugin. ;)
-
;D you are welcome to join
-
If you put a contact email in your github profile we can speak :)
-
ups... done xD
-
i was thinking about to change the name ;D
because i want to add more features to secure our osclass installations. Suggestions always welcome ;)
Login protection for example ?
-
...at moment i'm building a login limit for this plugin and dont want to interrupt
;D
-
https://forums.osclass.org/plugins/(plugin)-limit-login/
By the way . Where is jay ?(trains)
Other features like limit login does not feat into spam protection profile plugin .
-
https://forums.osclass.org/plugins/(plugin)-limit-login/
By the way . Where is jay ?(trains)
Other features like limit login does not feat into spam protection profile plugin .
Everything fit in a security plugin, Liath said he is considering to turn it into a security plugin.
The limit plugin is probably discontinued and un supported. I have it and displays several errors, never fixed.
-
https://forums.osclass.org/3-7-x/plugin-updates-problem-from-market/
-
After Osclass Market REFUSING to update the plugin (and no replies from anyone from Osclass), i manually downloaded and updated.
BUT i get this (updated but a new update is available ????!!) and not sure what happens and what to do:
-
The reason why you see this message is probably that your daily cron has not yet executed another daily upgrade check, so it should disappear within the next day.
-
Liath,
Some tests for 1.41. Tested on a live site with 9000+ ads. PHP 7.1.18 and Litespeed server.
Duplicate check enabled for ALL ads, using Title and md5 option. Works but seems heavy. Took 5-6 seconds.
Duplicate check enabled for ALL ads, using Title and similar check with 85%. Works and seems light for me. Took 1-2 seconds.
Thanks for the update and your work.
-
The reason why you see this message is probably that your daily cron has not yet executed another daily upgrade check, so it should disappear within the next day.
I will keep an eye open and let you know.
-
As discussed before, consider introducing a limit to last N items or so, or items newer than 30-90 days only.
It will have similar effect, but with much higher efficiency. For large projects with 100k-1M items this plugin can bring entire server down.
-
As discussed before, consider introducing a limit to last N items or so, or items newer than 30-90 days only.
It will have similar effect, but with much higher efficiency. For large projects with 100k-1M items this plugin can bring entire server down.
Maybe also an other way to limit the server load is to check in the specific category (and subcategories) and not to all categories. Since the duplicates will rarely be posted in different ROOT categories (for example Cars and Jobs).
-
Don't have much experience with duplicates, but any pattern that can reduce the search will help, because scanning entire database (that is not the major problem here) and comparing (this one is) is slow. Additional issue are multi-language sites, where each item can have N descriptions that needs to be considered (even if empty).
-
Don't have much experience with duplicates, but any pattern that can reduce the search will help, because scanning entire database (that is not the major problem here) and comparing (this one is) is slow. Additional issue are multi-language sites, where each item can have N descriptions that needs to be considered (even if empty).
An other slow-down factor could be a busy site, with users posting ads at the same time. I don't have such and can't check it, but seems like a possible scenario.
-
or items newer than 30-90 days only.
This is a really good idea and will be definitely implemented
@dev101 or some other developer
I need to know, how the update is working? Will the plugin at first deinstalled and reinstalled or is there some other mechanism?
-
If you ask about market/dashboard auto-update, I think it will simply download .zip, extract it and overwrite the original content. Nothing is changed inside database.
-
Hi, i have been using the plugin for some weeks and it works perfectly fine. however it stopped working after the last update. When i try to save the settings, it automatically redirects to homepage with this url
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php
-
If you ask about market/dashboard auto-update, I think it will simply download .zip, extract it and overwrite the original content. Nothing is changed inside database.
i had the case, that i've made some changes on the database... added new tables, when the file will be executed, it doesn't throw out any errors?
Hi, i have been using the plugin for some weeks and it works perfectly fine. however it stopped working after the last update. When i try to save the settings, it automatically redirects to homepage with this url
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php
which version u r using?
-
If you ask about market/dashboard auto-update, I think it will simply download .zip, extract it and overwrite the original content. Nothing is changed inside database.
i had the case, that i've made some changes on the database... added new tables, when the file will be executed, it doesn't throw out any errors?
Hi, i have been using the plugin for some weeks and it works perfectly fine. however it stopped working after the last update. When i try to save the settings, it automatically redirects to homepage with this url
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php
which version u r using?
The latest version released few days ago
-
1.4.0, 1.4.1 or 1.5.0?
Last 3 days i worked alot on this plugin ;)
oh, now i saw that 1.4.1 is published in market... so i think you are using this
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.phpthis is the right url to save the settings, this file processing the form data and send it to the class, can you see any error or something else? what happened if you turn on debug mode in osclass?
-
@Liath and @ojasweb
Personally i could never save any options in this plugin, because i get a 403 (forbidden) from mod_security. I always disable mod_security to change settings.
FYI
-
@Liath and @ojasweb
Personally i could never save any options in this plugin, because i get a 403 (forbidden) from mod_security. I always disable mod_security to change settings.
FYI
i can't understand why this happened and dont know how to solve this :/
-
If you ask about market/dashboard auto-update, I think it will simply download .zip, extract it and overwrite the original content. Nothing is changed inside database.
i had the case, that i've made some changes on the database... added new tables, when the file will be executed, it doesn't throw out any errors?
Sorry, I do not understand - what errors do you expected? Anyway, you have 2 options in that case:
1) Instruct users to uninstall old version, and then install new one.
2) Keep version in database and check for changes every time, then perform an upgrade. This is common, most convenient for end-user, but takes comparison every time request is made.
It is up to you how do you wish to proceed. But, if you already did this past few version, then it is already too late to go with option (2) imho, just provide some readme file in the root (and help page).
-
Personally i could never save any options in this plugin, because i get a 403 (forbidden) from mod_security. I always disable mod_security to change settings.
Ask your hosting support to provide you with mod_security logs and paste it here, that is the only way to find out what rules were triggered.
-
Ask your hosting support to provide you with mod_security logs and paste it here, that is the only way to find out what rules were triggered.
Well i prefer to disable for a while, instead of the trouble to change the plugin(s) work. Not worth it.
-
Sorry, I do not understand - what errors do you expected?
Following i mean:
all databases for this plugin will added through
if (!$this->dao->importSQL($sql)) {
throw new Exception( "Error importSQL::spam_prot<br>".$file ) ;
}
example in file all versions before was like:
CREATE TABLE `/*TABLE_PREFIX*/t_spam_protection_items` (
then i thought about errors while executing the sql statements, that existing tables cant be overwritten, so i went to a small alternative
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_items` (
now i don't know if this is enough to prevent errors with it... but i think it should be ok, or not?
-
Well, it is normal that PHP did not throw any errors, but that does not mean that SQL didn't. In any case, you are calling importSQL only during plugin install, right? When you simply overwrite the files, plugin is not technically re/installed, just updated with php/html/js code. But, errors will be thrown eventually, when you ask for non-existent columns and data.
Again, when you need to properly update your plugin, keeping older versions in mind, you have to check for the currently active version, then perform special upgrade functions per each scenario, and those upgrade functions should only do the necessary modification to the existing table(s). Check upgrade-funcs.php in osclass core, it is the same principle you can use for plugins. In order for this to work, you must store plugin version @ database.
-
ok thx, i'll take a look there
-
Ask your hosting support to provide you with mod_security logs and paste it here, that is the only way to find out what rules were triggered.
Well i prefer to disable for a while, instead of the trouble to change the plugin(s) work. Not worth it.
This really needs to get fixed, as other people will be experiencing the same issue and won't know how to deal with it.
PS: Maybe dev101 will also get involved HERE (https://github.com/AmFearLiath/osclass-spam-protection) as he's a guru developer also :D
-
This really needs to get fixed, as other people will be experiencing the same issue and won't know how to deal with it.
of course, but first i need to know how this is triggered... i can't reproduce it by myself, so i don't know why this happens
-
Personally i could never save any options in this plugin, because i get a 403 (forbidden) from mod_security. I always disable mod_security to change settings.
Ask your hosting support to provide you with mod_security logs and paste it here, that is the only way to find out what rules were triggered.
All i know is that it comes from mod_security 'COMODO WAF' rules. If you search google, there are a lot of these problems with Wordpress.
-
And if anyone cares, he can test with those:
https://waf.comodo.com/
-
@ Aficionado
You missed the point :)
Many run in shared hosting env, and they cannot disable mod_security, as your's allows you to do it.
-
but why this didnt happen in other plugins, i'm just using function osc_set_preference() to save the settings :o
-
@ Aficionado
You missed the point :)
Many run in shared hosting env, and they cannot disable mod_security, as your's allows you to do it.
Nope. I also run in shared plan. But i can enable/disable mod_security but no rules (or view any logs). Via Cpanel.
-
1.5.0 dev leftovers:
PHP Fatal error: Uncaught Error: Class 'Debugger' not found
Just tested latest version on shared hosting with mod_security (don't know signature rules, but obviously not Comodo's) and settings are saved w/o issues.
-
PHP Fatal error: Uncaught Error: Class 'Debugger' not found
damn, always i forget to remove -.- is fixed now
-
Nope. I also run in shared plan. But i can enable/disable mod_security but no rules (or view any logs). Via Cpanel.
I know, what I meant some hostings do not allow you to disable either mod_security nor edit/change rules. It's fixed condition.
-
i'll try some different rules on my root, maybe i can reproduce it and find the error
-
@Liath and @dev101
It is the following rule that triggers 403
211540: COMODO WAF: Blind SQL Injection Attack
See what my support send me. This is the best i can do.
-
hmm, maybe its my regex to check honeypot settings for a valid classname?
$(document).on("keyup", "input[name=honeypot_name]", function(){
var string = $(this).val(),
reg = new RegExp("^[A-z0-9_-]+$");
if (string.length < 1) {
$(this).removeClass("valid invalid");
$("#validname").html("").css("color", "");
} else if (reg.test(string)) {
$(this).removeClass("invalid").addClass("valid");
$("#validname").html("valid").css("color", "green");
} else {
$(this).removeClass("valid").addClass("invalid");
$("#validname").html("invalid").css("color", "red");
}
});
-
Is .htaccess editor removed from 1.5? If so, it should be removed from description/help, too.
There are minor typos in Security Settings (trys -> tries).
-
Is .htaccess editor removed from 1.5? If so, it should be removed from description/help, too.
No, it's not removed
There are minor typos in Security Settings (trys -> tries).
thx, will fix it
-
In 1.5 the login block/ban is kinda dangerous.
The "Action done after false logins" should have a configurable duration (one hour, one day, one week) and after that the account should be back to normal.
Also what happens when the user blocked is the admin ?
Still i think you should work with IP. Not user accounts/email. IPs.
-
1.4.0, 1.4.1 or 1.5.0?
Last 3 days i worked alot on this plugin ;)
oh, now i saw that 1.4.1 is published in market... so i think you are using this
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.phpthis is the right url to save the settings, this file processing the form data and send it to the class, can you see any error or something else? what happened if you turn on debug mode in osclass?
1.4.1 is in the plugin directory. Unfortunately, i don't seem to know how to turn on debug mode in osclass.
-
1.4.1 is in the plugin directory. Unfortunately, i don't seem to know how to turn on debug mode in osclass.
Enable debug to LOG
https://doc.osclass.org/Debug_PHP_errors
-
In 1.5 the login block/ban is kinda dangerous.
The "Action done after false logins" should have a configurable duration (one hour, one day, one week) and after that the account should be back to normal.
good idea, but at first i have to figure out, how i can add jobs to cron automatically
Also what happens when the user blocked is the admin ?
it shouldn't be possible, because the system will save the used mail address, admins log in with username... also everytime an user was blocked, he get a mail with an unblock link... so for the case blocking admins would work, he could unban his account immediatelly
when accounts are banned, you can see the rules on
admin -> show more -> user -> ban rules
-
1.4.1 is in the plugin directory. Unfortunately, i don't seem to know how to turn on debug mode in osclass.
Enable debug to LOG
https://doc.osclass.org/Debug_PHP_errors
I enabled debug however the behavior remains the same - redirecting me to homepage.
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php
Maybe installing the previous version would be the best option for me, but then where do i get it?
-
Maybe installing the previous version would be the best option for me, but then where do i get it?
when you have succesfully activated the debug mode, take a look at ../oc-content/debug.log right after you have saved your settings
Maybe installing the previous version would be the best option for me, but then where do i get it?
i don't think this depends on the plugin version, maybe there is something else we have to figure out... but
https://market.osclass.org/oc-content/plugins/market/download.php?code=spam-protection@1.3.4
-
@Liath i still strongly believe that you should work with IPs and not accounts. Every Wordpress plugin i have seen does that and even Limit Login plugin for Osclass that i have, works also with IPs.
-
I enabled debug however the behavior remains the same - redirecting me to homepage.
index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php
Maybe installing the previous version would be the best option for me, but then where do i get it?
No, check oc-content directory for debug.log and see if there are errors in there.
-
@Liath i still strongly believe that you should work with IPs and not accounts. Every Wordpress plugin i have seen does that and even Limit Login plugin for Osclass that i have, works also with IPs.
the User IP is already added to ban list, you mean i should only ban ip instead of Email and IP?
edit:
IP's could easily be changed, when someone tries to hack an user account, it isn't the safest way to ban only IP i think...
-
We should have both options at our disposal: deactivate account and Ban account (ban rule for email and IP).
-
this is how it works momentarily... i can add an option to ban only IP
-
@Liath i still strongly believe that you should work with IPs and not accounts. Every Wordpress plugin i have seen does that and even Limit Login plugin for Osclass that i have, works also with IPs.
the User IP is already added to ban list, you mean i should only ban ip instead of Email and IP?
edit:
IP's could easily be changed, when someone tries to hack an user account, it isn't the safest way to ban only IP i think...
IPs can be changed but again they will be banned even when changed. Right ?
Yes i mean you should drop email/account block and work with IPs. My opinion. From what i have seen so far from plugins of WP.
-
i will made it optionally in next version, for my case i want to work with both on ban list, maybe there are some more...
-
Login hacking happens mainly for the admin(s) account(s). Brute Force for example. Otherwise who else would want to hack an account of a normal user ?
Nobody.
-
hmm, right... it's only useful to spam around or when you can pay directly with this account like paypal or amazon...
should really be enough to ban only IP
-
hmm, right... it's only useful to spam around or when you can pay directly with this account like paypal or amazon...
should really be enough to ban only IP
Yes, spammers would want to hack a normal user account. But spammers are ... just spammers not hackers. And not that dangerous and not that clever.
-
it's updated
-
Along with the Login protection, there must be a page with the banned accounts/IPs (and when they were added and when they will be released) and the ability for the admin to manually unblock them.
-
Here is my thoughts for user : Enable and disable posting .
https://github.com/osclass/Osclass/issues/1264
The only thing is to keep a user disable date (as integer) in a table and some math on user login (disable date +2 weeks(admin option ) to "enable posting "the user .
Works as a "limit login" but with a defined period of time
Also keep track of items with temporary no user owner
(If a user has 4 items and 2 are marked as spam ,restrict actions on the 2 legit items (display ads instead of contact form , no link to user profile...etc )
-
Here is my thoughts for user : Enable and disable posting .
https://github.com/osclass/Osclass/issues/1264
The only thing is to keep a user disable date (as integer) in a table and some math on user login (disable date +2 weeks(admin option ) to "enable posting "the user .
Works as a "limit login" but with a defined period of time
Also keep track of items with temporary no user owner
(If a user has 4 items and 2 are marked as spam ,restrict actions on the 2 legit items (display ads instead of contact form , no link to user profile...etc )
While nice ideas, they are complicated and will make the life of the admin even harder.
Blocking user accounts features based on # flagged spam ads could be inaccurate, since spam scanning is not always correct. Not due to the plugin but due to other facts, like stop-words as substrings etc etc.
-
Thanks guys, i found these errors:
PHP Fatal error: Call to undefined function show_ads() in /home/..../oc-content/themes/fino/main.php on line 485
PHP Notice: Undefined offset: 0 in /home/sellstpn/public_html/oc-content/plugins/realestate_attributes/helper.php on line 7
-
Thanks guys, i found these errors:
PHP Fatal error: Call to undefined function show_ads() in /home/..../oc-content/themes/fino/main.php on line 485
PHP Notice: Undefined offset: 0 in /home/sellstpn/public_html/oc-content/plugins/realestate_attributes/helper.php on line 7
The Fatal error is ... FATAL. A theme problem probably. Do you have some ads plugin ? Did you modified anything ?
As for the second error it is just a Notice and you can ignore it for now.
-
Should be 2 versions of scanner .
On every item post where item, if found as spam should be marked as disabled ,delaying enabled with some hours until admin or moderator take some actions
And mass scanner where spam results should be higligted for admin .
On each versions admin should take actions (block item,block user ,disable item,disable user)
I've implemented a machine learning algoritm (spam check,smart string comparation) in one of my test plugins ,but without some real 10-20000 items in database i was not able to test it right .
Now that lorem items plugin is ready i can build a db with 10-20000 items to see m.l.a speed in real conditions .
If m.l.a is speedy maybe we can merge it to this plugin
-
Should be 2 versions of scanner .
On every item post where item, if found as spam should be marked as disabled ,delaying enabled with some hours until admin or moderator take some actions
And mass scanner where spam results should be higligted for admin .
On each versions admin should take actions (block item,block user ,disable item,disable user)
You are a developer and not an ads admin and it shows :)
The key here is to make the life of admin as easy as possible. We don't want to check spam ads and take actions. We want to flag as accurately as possible and automatically delete them (via Butler plugin).
What you describe takes time and can't be done if you get 200-400 or more ads per day. I get around 200+ per day from each of my 4 Osclass sites, and i don't want to check anything. I prefere to loose a few ads, marked as spam without been so, than to check each and every of them.
-
Should be 2 versions of scanner .
On every item post where item, if found as spam should be marked as disabled ,delaying enabled with some hours until admin or moderator take some actions
And mass scanner where spam results should be higligted for admin .
On each versions admin should take actions (block item,block user ,disable item,disable user)
You are a developer and not an ads admin and it shows :)
The key here is to make the life of admin as easy as possible. We don't want to check spam ads and take actions. We want to flag as accurately as possible and automatically delete them (via Butler plugin).
What you describe takes time and can't be done if you get 200-400 or more ads per day. I get around 200+ per day from each of my 4 Osclass sites, and i don't want to check anything. I prefere to loose a few ads, marked as spam without been so, than to check each and every of them.
I agree with Aficionado.
We need to simplify things, not overcomplicate them.
Plus there's an issue with performance when you add tons of features to a plugin like this.
-
The reason why you see this message is probably that your daily cron has not yet executed another daily upgrade check, so it should disappear within the next day.
You were right (as usual).
-
So we should have the option to Block and to Ban an user.
done
Also, please don't forget about the issue with the clicking on the item ID in the Blocked ads summary, that doesn't do anything.
done
or items newer than 30-90 days only.
done
The "Action done after false logins" should have a configurable duration (one hour, one day, one week) and after that the account should be back to normal.
should be done using internal cron, couldn't test it with all durations
-
The "Action done after false logins" should have a configurable duration (one hour, one day, one week) and after that the account should be back to normal.
should be done using internal cron, couldn't test it with all durations
Not sure what you mean by that.
-
i have integrated it, but i'm not sure that it works fine with all cron update durations (hour, day, week)
-
i have integrated it, but i'm not sure that it works fine with all cron update durations (hour, day, week)
I will try it and let you know of my findings ....
Is it stable enough for a production site, because i can't test it otherwise in real world ...
-
i've tested it in all possivle combinations and dont figured out any errors, but cant give a warranty xD
-
@Liath does the admin get any email when failed logins happen or a ban ? How do we know it is working (the Login part) ?
-
@Liath does the admin get any email when failed logins happen or a ban ? How do we know it is working (the Login part) ?
no, its not implemented, but should be i think...
-
1.5.2
PHP Warning: Invalid argument supplied for foreach() in /home/oc-content/plugins/spamprotection/admin/check.php on line 122
and several undefined index and undefined offset notices.
-
1.5.2
I was banned all right as a user and got the email as a user ok.
One small problem. The urls in the email to unblock or recover are not hyperlinked.
-
1.5.2
Duplicate Check for title using similar text.
Got one flagged with "Duplicate title found for ItemID: 25451. Similarity: 100%". The problem is that they are not similar at all.
The spam title is "Home buying and selling" and the similar (25451) is "La Mirada Realtor for La Mirada homes".
Totally off. NOTE that it was flagged when i MOVED the ad to the proper category myself.
-
Instead of storing ban info into database (and putting db server to even more work), you can use sessions, which are auto-cleared by the system every 1440 seconds or so. Just an idea to make plugin faster, and those who get banned will probably go away after few minutes.
-
An other thing: Since Osclass admin login is not the same with user login (right ?), i guess the user login is checked ?
I ask this since in Wordpress the login is universal and the protection also.
-
PHP Warning: Invalid argument supplied for foreach() in /home/oc-content/plugins/spamprotection/admin/check.php on line 122
added an if to check if it is an array, but need a deeper look to know why it is not to prevent empty title or description.
and several undefined index and undefined offset notices.
can you post the exact messages please?
1.5.2Duplicate Check for title using similar text.Got one flagged with "Duplicate title found for ItemID: 25451. Similarity: 100%". The problem is that they are not similar at all.The spam title is "Home buying and selling" and the similar (25451) is "La Mirada Realtor for La Mirada homes".Totally off. NOTE that it was flagged when i MOVED the ad to the proper category myself.
it means that it was flagged after just moving to another category?
Instead of storing ban info into database (and putting db server to even more work), you can use sessions, which are auto-cleared by the system every 1440 seconds or so. Just an idea to make plugin faster, and those who get banned will probably go away after few minutes.
maybe i'm wrong, but when the user deletes his cookies and get another session id, the ban won't work anymore?
An other thing: Since Osclass admin login is not the same with user login (right ?), i guess the user login is checked ?
it seems that the form data is the same as for user, just using name instead of email
-
Here they come:
[04-May-2017 13:39:32 America/Los_Angeles] PHP Notice: Undefined index: fk_i_item_id in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 9
[04-May-2017 13:39:32 America/Los_Angeles] PHP Notice: Undefined index: fk_i_user_id in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 10
[04-May-2017 13:39:32 America/Los_Angeles] PHP Notice: Undefined index: s_user_mail in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 11
[04-May-2017 13:39:32 America/Los_Angeles] PHP Notice: Undefined index: s_user_mail in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 94
[04-May-2017 13:39:32 America/Los_Angeles] PHP Notice: Undefined index: s_user_mail in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 95
[04-May-2017 13:39:32 America/Los_Angeles] PHP Warning: Invalid argument supplied for foreach() in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 122
-
maybe i'm wrong, but when the user deletes his cookies and get another session id, the ban won't work anymore?
Oh, true, overlooked that part. Well, if they try to login, they have to accept cookies and it would probably work for the basic bot/security surveys and humans, but, you are right, it will leave a loophole for the persistent.
-
1.5.2Duplicate Check for title using similar text.Got one flagged with "Duplicate title found for ItemID: 25451. Similarity: 100%". The problem is that they are not similar at all.The spam title is "Home buying and selling" and the similar (25451) is "La Mirada Realtor for La Mirada homes".Totally off. NOTE that it was flagged when i MOVED the ad to the proper category myself.
it means that it was flagged after just moving to another category?
Yes. Tomorrow i will have more ads posted by users and let you know. This one was just move from admin dashboard.
-
An other thing: Since Osclass admin login is not the same with user login (right ?), i guess the user login is checked ?
it seems that the form data is the same as for user, just using name instead of email
because after i was IP banned as a user and couldn't login anymore, i was able to login as an admin.
-
Yes, login is completely separated.
-
Here they come:
...
strange, this can only be, when no more information in database are available... maybe id was changed or information was deleted?
Yes. Tomorrow i will have more ads posted by users and let you know. This one was just move from admin dashboard.
thank you
because after i was IP banned as a user and couldn't login anymore, i was able to login as an admin.
Perfect, so admins can not ban themselves
-
Here they come:
...
strange, this can only be, when no more information in database are available... maybe id was changed or information was deleted?
Maybe because i UNinstalled your plugin and re-installed 1.5.2.
More details tomorrow about all this when traffic comes in.
-
Maybe because i UNinstalled your plugin and re-installed 1.5.2.
of course... after uninstalling the plugin, the database will be cleared and all informations about previous spam ads are lost
-
because after i was IP banned as a user and couldn't login anymore, i was able to login as an admin.
perfect, so admins couldn't be ban their self
True but also the Admin login is unprotected that way. And most hacking happens in there. We're lucky hackers don't know Osclass scripts and details.
-
True but also the Admin login is unprotected that way. And most hacking happens in there. We're lucky hackers don't know Osclass scripts and details.
first i have to look if and how it is possible, if it is i will add this in one next of versions
edit:
after this is done, i think really i have to think about this again...
With all these features being added, you'll have to change the name of this plugin from Spam Protection, to Osclass Security Suite. ;D
but for this i have to check if old plugin is installed and deinstall it safely without clearing database, then install new plugin
-
Along with the Login protection, there must be a page with the banned accounts/IPs (and when they were added and when they will be released) and the ability for the admin to manually unblock them.
1.5.3 - done
-
Along with the Login protection, there must be a page with the banned accounts/IPs (and when they were added and when they will be released) and the ability for the admin to manually unblock them.
1.5.3 - done
Where exactly is that ? I don't see it anywhere.
-
Now all bans and blocks are logged in database, when there are entrys, a new button appears in admin header... from there you come to the new ban overview with some actions..
but this works only for new bans or blocks
i also found the possibility to protect the admin login, have added a honeypot and working now on nearly the same protection like as for user login
-
Now all bans and blocks are logged in database, when there are entrys, a new button appears in admin header... from there you come to the new ban overview with some actions..
but this works only for new bans or blocks
For some reasons i can't find any such option. Just made manually 3 banned accouns but nothing is shown anywhere.
-
please ensure, that PREFIXt_spam_protection_ban_log was created in your database, if not, you can run this statement there
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
`pk_i_id` INT(10) NOT NULL AUTO_INCREMENT,
`i_user_id` int(10) DEFAULT NULL,
`s_user_email` varchar(100) DEFAULT NULL,
`s_user_ip` int(11) DEFAULT NULL,
`s_reason` text DEFAULT NULL,
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`dt_date_released` datetime DEFAULT NULL
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
but remember to change the prefix :D
-
Uninstalled the plugin, and trying to install as new. But i get:
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/public_html/oc-content/plugins/spamprotection/assets/create_table.sql
It seems that 4 tables are created but the 5th fails (the ban_log one).
-
please ensure, that PREFIXt_spam_protection_ban_log was created in your database, if not, you can run this statement there
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
`pk_i_id` INT(10) NOT NULL AUTO_INCREMENT,
`i_user_id` int(10) DEFAULT NULL,
`s_user_email` varchar(100) DEFAULT NULL,
`s_user_ip` int(11) DEFAULT NULL,
`s_reason` text DEFAULT NULL,
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`dt_date_released` datetime DEFAULT NULL
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
but remember to change the prefix :D
There is an error in the code above (and the one included in the plugin) at line
`dt_date_released` datetime DEFAULT NULL
there is a "," missing, and that is the cause of my problems. I will check further.
-
In 1.5.3 when an IP is banned, there is no way for the admin to "release" that IP. Only to unblock a user account.
Also the email sent to blocked users has the links but they are not hyperlinked (you can't just click them).
-
1.5.3 When the admin Edit or Move an ad via admin dashboard of listings, the Ad gets flagged as SPAM with no reason as duplicate.
-
This "Warning! Only 0 login attempts remaining" could be improved, since it doesn't really mean anything.
-
Also the email sent to blocked users has the links but they are not hyperlinked (you can't just click them).
Did some more tests on this.
Using Gmail the links are working (hyperlinked).
Using Thunderbird (mozilla) email client, they do not. This seems to be a general Osclass problem, i see a related issue at github.
-
1.5.3 When the admin Edit or Move an ad via admin dashboard of listings, the Ad gets flagged as SPAM with no reason as duplicate.
I can confirm this.
Also, using plugins like Renew Ads which lets the user repost his listings, gets the ad flagged as spam when reposted.
-
1.5.3
[05-May-2017 02:10:07 America/Los_Angeles] PHP Fatal error: Uncaught Error: Call to undefined method spam_prot::_unbanUser() in /home/public_html/oc-content/plugins/spamprotection/index.php:398
Stack trace:
#0 /home/public_html/oc-includes/osclass/classes/Plugins.php(34): sp_unban_cron()
#1 /home/public_html/oc-includes/osclass/helpers/hPlugins.php(34): Plugins::runHook('cron_hourly')
#2 /home/public_html/oc-includes/osclass/cron.php(70): osc_run_hook('cron_hourly')
#3 /home/public_html/index.php(78): require_once('/home/...')
#4 {main}
thrown in /home/public_html/oc-content/plugins/spamprotection/index.php on line 398
(i'm using external CRON if that makes any difference and not the internal)
-
rename
function unbanUser
to
function _unbanUser
inside /class/class.spamprotection.php
-
Thanks @dev101
@Liath
[05-May-2017 08:08:59 America/Los_Angeles] PHP Warning: Invalid argument supplied for foreach() in /home/public_html/oc-content/plugins/spamprotection/admin/ban_log.php on line 26
-
There is an error in the code above (and the one included in the plugin) at line
`dt_date_released` datetime DEFAULT NULL
there is a "," missing, and that is the cause of my problems. I will check further.
just delete this line, its not needed anymore...
[05-May-2017 08:08:59 America/Los_Angeles] PHP Warning: Invalid argument supplied for foreach() in /home/public_html/oc-content/plugins/spamprotection/admin/ban_log.php on line 26
its because of the missing table...
1.5.3 When the admin Edit or Move an ad via admin dashboard of listings, the Ad gets flagged as SPAM with no reason as duplicate.
I can confirm this.
Also, using plugins like Renew Ads which lets the user repost his listings, gets the ad flagged as spam when reposted.
i'll take a look on this
next one will be a bigger update, so i cant upload changes now...
-
[05-May-2017 08:08:59 America/Los_Angeles] PHP Warning: Invalid argument supplied for foreach() in /home/public_html/oc-content/plugins/spamprotection/admin/ban_log.php on line 26
its because of the missing table...
.
Nope, no missing tables. Everything is in there.
-
ok, i'll look over this
-
ok, i'll look over this
See:
-
@Liath Please in the next version include some email warning to the site admin about user/IP ban or lockout. It is very important to know when something starts to happen, in case your plugin can't stop it or when we want to ban the IPs via .htaccess/router or other way.
Also i'm not sure the banned user should receive an email and give him the option to clear his ban.
-
@Liath Please in the next version include some email warning to the site admin about user/IP ban or lockout. It is very important to know when something starts to happen, in case your plugin can't stop it or when we want to ban the IPs via .htaccess/router or other way.
ok
Also i'm not sure the banned user should receive an email and give him the option to clear his ban.
when the "attacker" would have access to the email, he could use password recovery to break into this account... so i think its ok to do this
-
Also i'm not sure the banned user should receive an email and give him the option to clear his ban.
when the "attacker" would have access to the email, he could use password recovery to break into this account... so i think its ok to do this
Not sure what you mean. It is ok to send email or it is ok not to send email ?
-
i think its ok to send the mail with unban link...
when someone wants to hack your account and he has access to your mail account, he wouldnt try to hack the password, he would use the password recovery...
if anyone just forgot his password and banned himself, he has the possibility to unban self, without admin has anything to do
-
i think its ok to send the mail with unban link...
when someone wants to hack your account and he has access to your mail account, he wouldnt try to hack the password, he would use the password recovery...
if anyone just forgot his password and banned himself, he has the possibility to unban self, without admin has anything to do
Ok, could you please tell me where and how to build the UNBAN link and the PASS Recovery link? Is that Osclass core doing those ?
I can't find where you construct them. Because they miss a TAG and some email clients don't hyperlink the links in the email.
-
I can't find where you construct them. Because they miss a TAG and some email clients don't hyperlink the links in the email.
i will add this tag, but...
.../class.spamprotection.php
function _informUser($email) {
if ($this->_checkEmail($email)) {
$ip = $this->_IpUserLogin();
$user = User::newInstance()->findByEmail($email);
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}');
$content[] = array(osc_page_title(), $user['s_name'], $email, date("Y/m/d H:i", time()), $ip, osc_base_url(true).'?page=sp_activate_account&email='.$email.'&token='.md5($user['s_secret']), osc_recover_user_password_url());
$mail_title = __("False logins on {PAGE_NAME}", "spamprotection");
$mail_body = __('Hello {MAIL_USER},','spamprotection').'<br /><br />
'.__('We have detected some false logins for your account {MAIL_USED} on {PAGE_NAME}. Last false login was on {MAIL_DATE} from IP {MAIL_IP}','spamprotection').'<br /><br />
'.__('In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don\'t remember your password.','spamprotection').'<br /><br /><br />
'.__('Unban your account: {UNBAN_LINK} ','spamprotection').'<br /><br />
'.__('Password recovery: {PASSWORD_LINK} ','spamprotection').'<br /><br />
'.__('Best regards','spamprotection').'<br />
{PAGE_NAME}';
$title = osc_mailBeauty($mail_title, $content);
$body = osc_mailBeauty($mail_body, $content);
$params = array(
'from' => osc_contact_email(),
'from_name' => osc_page_title(),
'subject' => $title,
'to' => $email,
'to_name' => $user['s_name'],
'body' => $body,
'alt_body' => $body,
'reply_to' => osc_contact_email()
);
$return = false;
if (osc_sendMail($params)) {
$return = true;
}
return $return;
}
}
-
I see, so there is a problem with Osclass core ? What do you think ?
Here what i get as an email (from the message body, original):
Hello Testing,<br /><br />
We have detected some false logins for your account test@mywebsite.com on mywebsite.com. Last false login was on 2017/05/05 12:33 from IP 100.100.100.100<br /><br />
In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don't remember your password.<br /><br /><br />
Unban your account: https://www.mywebsite.com/index.php?page=sp_activate_account&email=support@mywebsite.com&token=c2780fba6f2044a42fa63cf559d2fcd9 <br /><br />
Password recovery: https://www.mywebsite.com/user/recover <br /><br />
Best regards<br />
mywebsite.com
-
you received this mail as plain text or html? At moment i'm using the same template for plain and html
-
you received this mail as plain text or html? At moment i'm using the same template for plain and html
X-Mailer: PHPMailer 5.2.21 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
-
you could try to replace this function...
function _informUser($email) {
if ($this->_checkEmail($email)) {
$ip = $this->_IpUserLogin();
$user = User::newInstance()->findByEmail($email);
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}');
$content[] = array(osc_page_title(), $user['s_name'], $email, date("Y/m/d H:i", time()), $ip, osc_base_url(true).'?page=sp_activate_account&email='.$email.'&token='.md5($user['s_secret']), osc_recover_user_password_url());
$mail_title = __("False logins on {PAGE_NAME}", "spamprotection");
$mail_body_plain = __('Hello {MAIL_USER},','spamprotection').'\r\n\r\n
'.__('We have detected some false logins for your account {MAIL_USED} on {PAGE_NAME}. Last false login was on {MAIL_DATE} from IP {MAIL_IP}','spamprotection').'\r\n\r\n
'.__('In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don\'t remember your password.','spamprotection').'\r\n\r\n\r\n
'.__('Unban your account: {UNBAN_LINK} ','spamprotection').'\r\n\r\n
'.__('Password recovery: {PASSWORD_LINK} ','spamprotection').'\r\n\r\n
'.__('Best regards','spamprotection').'\r\n
{PAGE_NAME}';
$mail_body_html = __('Hello {MAIL_USER},','spamprotection').'<br /><br />
'.__('We have detected some false logins for your account {MAIL_USED} on {PAGE_NAME}. Last false login was on {MAIL_DATE} from IP {MAIL_IP}','spamprotection').'<br /><br />
'.__('In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don\'t remember your password.','spamprotection').'<br /><br /><br />
'.__('Unban your account: <a href="{UNBAN_LINK}">{UNBAN_LINK}</a> ','spamprotection').'<br /><br />
'.__('Password recovery: <a href="{PASSWORD_LINK}">{PASSWORD_LINK}</a> ','spamprotection').'<br /><br />
'.__('Best regards','spamprotection').'<br />
{PAGE_NAME}';
$title = osc_mailBeauty($mail_title, $content);
$body_plain = osc_mailBeauty($mail_body_plain, $content);
$body_html = osc_mailBeauty($mail_body_html, $content);
$params = array(
'from' => osc_contact_email(),
'from_name' => osc_page_title(),
'subject' => $title,
'to' => $email,
'to_name' => $user['s_name'],
'body' => $body_html,
'alt_body' => $body_plain,
'reply_to' => osc_contact_email()
);
$return = false;
if (osc_sendMail($params)) {
$return = true;
}
return $return;
}
}
edit:
at moment i'm working on admin login protection, have made an update check, want to integrate import/export for settings and database, after this i'll take a look on the errors/bugs posted here and publish new version
-
you could try to replace this function...
function _informUser($email) {
if ($this->_checkEmail($email)) {
$ip = $this->_IpUserLogin();
$user = User::newInstance()->findByEmail($email);
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}');
$content[] = array(osc_page_title(), $user['s_name'], $email, date("Y/m/d H:i", time()), $ip, osc_base_url(true).'?page=sp_activate_account&email='.$email.'&token='.md5($user['s_secret']), osc_recover_user_password_url());
$mail_title = __("False logins on {PAGE_NAME}", "spamprotection");
$mail_body_plain = __('Hello {MAIL_USER},','spamprotection').'\r\n\r\n
'.__('We have detected some false logins for your account {MAIL_USED} on {PAGE_NAME}. Last false login was on {MAIL_DATE} from IP {MAIL_IP}','spamprotection').'\r\n\r\n
'.__('In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don\'t remember your password.','spamprotection').'\r\n\r\n\r\n
'.__('Unban your account: {UNBAN_LINK} ','spamprotection').'\r\n\r\n
'.__('Password recovery: {PASSWORD_LINK} ','spamprotection').'\r\n\r\n
'.__('Best regards','spamprotection').'\r\n
{PAGE_NAME}';
$mail_body_html = __('Hello {MAIL_USER},','spamprotection').'<br /><br />
'.__('We have detected some false logins for your account {MAIL_USED} on {PAGE_NAME}. Last false login was on {MAIL_DATE} from IP {MAIL_IP}','spamprotection').'<br /><br />
'.__('In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don\'t remember your password.','spamprotection').'<br /><br /><br />
'.__('Unban your account: <a href="{UNBAN_LINK}">{UNBAN_LINK}</a> ','spamprotection').'<br /><br />
'.__('Password recovery: <a href="{PASSWORD_LINK}">{PASSWORD_LINK}</a> ','spamprotection').'<br /><br />
'.__('Best regards','spamprotection').'<br />
{PAGE_NAME}';
$title = osc_mailBeauty($mail_title, $content);
$body_plain = osc_mailBeauty($mail_body_plain, $content);
$body_html = osc_mailBeauty($mail_body_html, $content);
$params = array(
'from' => osc_contact_email(),
'from_name' => osc_page_title(),
'subject' => $title,
'to' => $email,
'to_name' => $user['s_name'],
'body' => $body_html,
'alt_body' => $body_plain,
'reply_to' => osc_contact_email()
);
$return = false;
if (osc_sendMail($params)) {
$return = true;
}
return $return;
}
}
That seems to work just great.
-
1.4.1 version from Osclass Market. It seems that ads flagged as spam from the plugin (and not manually) are not deleted (recognised) by Butler plugin. For some reason.
Anyone else ?
It seems that the reason the Butler stopped deleting spam ads is a blocked also user/ad. Not sure why this changed, maybe due to 4.7.3 since i didn't change anything else. We will see ...
-
On the form of registration and authorization need a trap for bots
-
On the form of registration and authorization need a trap for bots
already implemented since 1.5.0
-
If it is of any help to Liath, in 1.5.3 the admin edited or moved ads become flagged as duplicate/spam ONLY if the Duplicate check is enabled in the WHOLE ads and NOT per user.
-
Liath one Question: When i manualy flag as spam a listing (not with your plugin), i see the ad is JUST marked as spam. When your plugin marks as spam an ad, it is flagged as spam AND Invalidated. Why is what ?
-
If it is of any help to Liath, in 1.5.3 the admin edited or moved ads become flagged as duplicate/spam ONLY if the Duplicate check is enabled in the WHOLE ads and NOT per user.
thank you
Liath one Question: When i manualy flag as spam a listing (not with your plugin), i see the ad is JUST marked as spam. When your plugin marks as spam an ad, it is flagged as spam AND Invalidated. Why is what ?
i did it on this way, because in first tests, ads wasnt really disabled, maybe i did something wrong... after fixing all i leave it on this way
-
v.1.6.0 is done
New Features
- Admin Login Protection
- Registrations check (allow/disallow email provider)
- Import/Export for settings and/or database
- Plugin settings (Optional Icon for sidebar, optional buttons in topbar)
- Optional update check, looks for changes in database
- Design improved
I didn't found the error because of false flagged spam ads after moving to another category, will change this soon.
@_CONEJO
What was wrong with my last post?
-
@_CONEJO
What was wrong with my last post?
The text was really really tiny, just removed the "size" tags
-
thank you, sometimes the editor doesnt work properly... normally i edit it by myself, but i must be blind this time ::)
-
1.6b
PHP Fatal error: Redefinition of parameter $type in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1310
-
sorry... fixed now
-
[11-May-2017 09:40:21 America/Los_Angeles] PHP Fatal error: Uncaught Error: Call to a member function numRows() on boolean in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php:1211
Stack trace:
#0 /home/public_html/oc-content/plugins/spamprotection/functions/frontend.php(114): spam_prot->_countLogin('domains@domain...', 'user')
#1 /home/public_html/oc-includes/osclass/classes/Plugins.php(34): sp_check_user_login()
#2 /home/public_html/oc-includes/osclass/helpers/hPlugins.php(34): Plugins::runHook('before_validati...')
#3 /home/public_html/oc-includes/osclass/controller/login.php(41): osc_run_hook('before_validati...')
#4 /home/public_html/index.php(122): CWebLogin->doModel()
#5 {main}
thrown in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1211
[11-May-2017 09:40:32 America/Los_Angeles] PHP Notice: Undefined index: token in /home/public_html/oc-content/plugins/spamprotection/functions/backend.php on line 141
[11-May-2017 09:40:32 America/Los_Angeles] PHP Fatal error: Uncaught Error: Call to a member function numRows() on boolean in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php:1211
Stack trace:
#0 /home/public_html/oc-content/plugins/spamprotection/functions/backend.php(150): spam_prot->_countLogin('***', '***')
#1 /home/public_html/oc-includes/osclass/classes/Plugins.php(34): sp_check_admin_login()
#2 /home/public_html/oc-includes/osclass/helpers/hPlugins.php(34): Plugins::runHook('before_login_ad...')
#3 /home/public_html/oc-admin/login.php(32): osc_run_hook('before_login_ad...')
#4 /home/public_html/oc-admin/index.php(60): CAdminLogin->doModel()
#5 {main}
thrown in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1211
-
wasn't easy to find the error, but its fixed now
-
wasn't easy to find the error, but its fixed now
[11-May-2017 12:11:16 America/Los_Angeles] PHP Fatal error: Uncaught Error: Class 'Debugger' not found in /home/public_html/oc-content/plugins/spamprotection/index.php:162
Stack trace:
#0 /home/public_html/oc-includes/osclass/classes/Plugins.php(148): include_once()
#1 /home/public_html/oc-includes/osclass/classes/Plugins.php(526): Plugins::loadActive()
#2 /home/public_html/oc-load.php(259): Plugins::init()
#3 /home/public_html/index.php(23): require_once('/home/website/...')
#4 {main}
thrown in /home/public_html/oc-content/plugins/spamprotection/index.php on line 162
-
>:( i've searched all files... but forgot to deactivate case sensitive -.-
sorry again, it's fixed now
-
>:( i've searched all files... but forgot to deactivate case sensitive -.-
sorry again, it's fixed now
You are forgiven :)
Don't worry, no problem.
-
Thanks, but I annoy myself about this ;D
-
Thanks, but I annoy myself about this ;D
This last beta of 1.6 installed well, asked me for db upgrade via a popup window (!) and seems fine. I will leave it on a live site with debug.log enabled and let you know (tomorrow) of the results.
Thanks Liath a lot for this plugin. Most usefull plugin, along with the Renew plugin.
-
Thank you also for your support
-
I see that in 1.6 no email is sent to the banned user any more. At least, i didn't got any (as a test user).
-
I've tested one minute ago and got the mail like usual :o
-
I've tested one minute ago and got the mail like usual :o
Just tested it again now and i just got the account disabled message (wrong message btw since i only ban IP and not account) and no email.
Could that i ban IP only be the reason not sending email ? Have you changed maybe the logic ?
-
(wrong message btw since i only ban IP and not account)
i didn't implemented different messages matching to the settings, maybe i should
why you didn't got the mail... idk :/ but i'll take a look if there is working something wrong
-
(wrong message btw since i only ban IP and not account)
i didn't implemented different messages matching to the settings, maybe i should
why you didn't got the mail... idk :/ but i'll take a look if there is working something wrong
Tested it with 2 accounts and gmail email address also. No email.
-
tested with:
- gmx - mail comes immediatelly
- gmail - mail comes after 5 minutes
- own mailserver - mail comes immediatelly
-
Just checking 1.6 and i see no problems, apart from the No Email to users and several minor notices about undefined indexes.
Seems to work fine.
-
Also 1.6 takes a place in the vertical left column of dashboard and now the last/bottom options can't be easily be accessed (they are out of the page/screen).
-
you mean the icon in the left sidebar?
-
you mean the icon in the left sidebar?
I mean that you added a new Icon/Option for your plugin in the left vertical sidebar, yes. And now everything is moved one down and the last option (compact view on / off for example) is not fully shown and can't be selected (doesn't scroll or anything). Maybe this is a problem of the dashboard/theme of Osclass, i can't tell. Not a big issue.
I think that Osclass backsite for admin uses the die-hard Modern theme and isn't responsive (at all).
See:
-
for my case i never could scroll the icons in the sidebar, if you resize the window, the toggle appears correct...
also you can define the appearance for the new icon via plugin settings
I think that Osclass backsite for admin uses the die-hard Modern theme and isn't responsive (at all).
;D
-
also you can define the appearance for the new icon via plugin settings
opps, i missed that option. Didn't even know it existed. Thanks, Solved !
-
your welcome :)
but don't search for option mailtemplates there... this will come with 1.6.1 also i have renamed the plugin, tried to use a name, so that shortname, language domain, etc. inside of this plugin fits to the new name
maybe i can fix this bug with the toggle... take a look over this
edit
just for me to remember:
ToDo
- finish mailtemplates
- send mail to admins after user/admin is banned
- fix "move to another category" bug for ads
anything that i've missed?
-
your welcome :)
but don't search for option mailtemplates there... this will come with 1.6.1 also i have renamed the plugin, tried to use a name, so that shortname, language domain, etc. inside of this plugin fits to the new name
maybe i can fix this bug with the toggle... take a look over this
Great. I hope you will consider some email to inform the admin for lockout of login (user or admin logins).
-
edited last post :D
-
anything that i've missed?
Yeap. I wish somebody else could test 1.6 and let me (us) know if the banned users get any related email with the options to unblock their account. Because email still doesn't work for me.
-
would be great to know if this is due to an error in this plugin or not
-
would be great to know if this is due to an error in this plugin or not
The thing is that i see no error about it, so i can't really tell. No debug.log error or elsewhere.
-
if no one get the same error, i'll prepare a special version for you where we can take look in the functions via debug
-
ToDo
finish mailtemplatessend mail to admins after user/admin is banned- fix "move to another category" bug for ads
anything that i've missed?
-
In the mail templates PLEASE add a Test email button (like the one in Osclass Mail Templates).
-
In the mail templates PLEASE add a Test email button (like the one in Osclass Mail Templates).
ok
maybe i can fix this bug with the toggle... take a look over this
done
-
In the mail templates PLEASE add a Test email button (like the one in Osclass Mail Templates).
done
Now is only the bug, when you move ads to another category, still left, can't find any error but i'm still searching...
but v1.6.1 is uploaded and ready for testing :)
-
Now is only the bug, when you move ads to another category, still left, can't find any error but i'm still searching...
If it helps, it happens when the duplicate is enabled for the WHOLE ads. Also if it is of any help, after the moved or edited ad is flagged as spam (for no reason), when you check the ad it points as duplicate ALWAYS at the same number ad (that is totally irrelevant ad).
-
but v1.6.1 is uploaded and ready for testing :)
The funny thing in 1.6.1 is that email (for me) is sending in your plugin's mail template tests. But mail to the banned user doesn't !!!
Funny !
-
this is really funny... but this problem will be solved also, like all other problems before :)
-
This also comes from your plugin probably, since i didn't had that before.
[13-May-2017 03:19:50 America/Los_Angeles] PHP Warning: Invalid argument supplied for foreach() in /home/public_html/oc-admin/themes/modern/main/index.php on line 290
-
hmm... i dont think that this will be caused through my plugin... its for the market, this function will list featured plugins
-
i have added some extra protection for registrations... now you can enable to check the used mail address or ip against http://stopforumspam.com (http://stopforumspam.com) using their API
If someone is listed as spammer, he is unable to register an account with this email address or ip and will informed about this with link to request the deleting of this listing
edit:
Finally i think, it should be enough protection in this plugin. Spammer get a hard life with this and i hope that always all works fine and don't abuse real user.
I'll fix some bugs and after this i will upload the last final version to the market
-
1.6.2 is uploaded for final tests, should work all fine
last bug to fix is, when moving ads to another category... hope i'll find this soon and can upload the final version to the market...
-
1.6.2 is uploaded for final tests, should work all fine
last bug to fix is, when moving ads to another category... hope i'll find this soon and can upload the final version to the market...
I still don't get any alert via email. And trust me, my email is working just fine. I think some else should also test this before officially update it to market.
-
I still don't get any alert via email. And trust me, my email is working just fine. I think some else should also test this before officially update it to market.
yes you're right, maybe someone helps out with this
yesterday i've sended maybe 20-30 mails to me and all worked fine... funny
-
I still don't get any alert via email. And trust me, my email is working just fine. I think some else should also test this before officially update it to market.
yes you're right, maybe someone helps out with this
yesterday i've sended maybe 20-30 mails to me and all worked fine... funny
Maybe they don't know the link to download ? Can we post it ?
-
Maybe they don't know the link to download ? Can we post it ?
i don't think that this is allowed...
@_CONEJO ^^ ??
@Aficionado
when you have some time, i will prepare a special debug version, to take a deeper look where it stucks... then you could test this
-
when you have some time, i will prepare a special debug version, to take a deeper look where it stucks... then you could test this
No, not yet. Just tested it in my other hosting plan (i have splited them to 2 diff servers, just in case) and email sending works great.
I will have to search this more, not sure what i can be.
-
did i understand right?
same hosting plan, splitted to two "servers"... one is working and one not?
-
did i understand right?
same hosting plan, splitted to two "servers"... one is working and one not?
No, 5 Osclass and 5 Wordpress sites, split to 2 different hosting plans and servers (same hosting company thought).
Two Osclass and 3 WP to one plan/server and 3 Osclass and 2 WP in the other plan.
Liath is the admin getting any notices via email ?
-
Liath is the admin getting any notices via email ?
yes
-
I have two questions about mail templates.
1. If left as they are (empty all boxes) what happens ?
2. What is the meaning of "Configure mail templates for false admin logins - Send to user" ? Why send to a user something about admin false logins ? And what user is that ?
-
Some more things i noticed:
1. The email's DATE should respect the format we have entered in Osclass dashboard.
2. Please include a Topic in the mail templates, so we can change it. Many people filter/forward emails according to topic.
3. The log of banned users is not cleaned ever ? When the ban is lifted after the timer ?
-
1. If left as they are (empty all boxes) what happens ?
the standard templates will be used
2. What is the meaning of "Configure mail templates for false admin logins - Send to user" ? Why send to a user something about admin false logins ? And what user is that ?
if you have defined more than one admin...
- Send to User - Goes to this user/admin who tried to login
- Send to Admin - Goes to this Admin you have defined in your settings as general admin e-mail
1. The email's DATE should respect the format we have entered in Osclass dashboard.
ok
done
2. Please include a Topic in the mail templates, so we can change it. Many people filter/forward emails according to topic.
is already in work
done
3. The log of banned users is not cleaned ever ? When the ban is lifted after the timer ?
i'll take a look there
done
-
Ok, i think i solved the no-mail to admin when a user IP is banned.
If the user writes a non-existent email or whatever random characters, the IP is banned, logged (see my capture) but no email is sent to the admin.
-
maybe we should first send to admin... can you try to change the order?
class.spamprotection.php
search:
$target_array = array('user', 'admin');
change to:
$target_array = array('admin', 'user');
edit:
i think you're right... at moment the function will be ended, if no mail was sended
if (!osc_sendMail($params)) {
return false;
}
change the order should solve the problem, but i'll remove the return false; anyway
-
For the ADMIN part, when edit/move an ad:
Liath what can i do to help you solve also the Admin edit/move ads (that marks them _sometime_ as duplicate with no reason) ?
Could that be solved simply by checking in the code if the user logged in is Admin ? Just a thought .... and not really a proper solution ... but ..... I mean skip all checks if admin is editing or moving ads, since no need for dups or stop-words is actually needed.
That doesn't mean that the duplicate check works right, it doesn't. What i want to say is to skip your plugin's checks when the user is admin or has admin rights.
-
For the USER post part:
User posting duplicate checks in 1.6.2 doesn't work well at all. Marks as duplicates totally irrelevant ads. Md5/relevant same results.
-
i have added some extra protection for registrations... now you can enable to check the used mail address or ip against http://stopforumspam.com (http://stopforumspam.com) using their API
This is great, as I already use their service in a different configuration, but much smarter idea is to use their local database, as requests will add another network roundtrip & slowdowns through api, plus they can ban you if you continuously check too much IPs like a firewall.
Notice
This API is NOT to be used as a general software firewall. Checking every incoming connection against the API will be treated as a denial of service attack against us and will result in the immediate blocking of any offending IP addresses.
https://www.stopforumspam.com/usage
If you want to go with api, it is better to use ip caching or auto-ban those IPs for a predefined period of time. Also, another tip, since you have a lastseen in response, you can add an option to limit it to 3 months or less only. Incidence over 3 months old can lead to many false positives.
Regards
-
maybe we should first send to admin... can you try to change the order?
class.spamprotection.php
search:
$target_array = array('user', 'admin');
change to:
$target_array = array('admin', 'user');
edit:
i think you're right... at moment the function will be ended, if no mail was sended
if (!osc_sendMail($params)) {
return false;
}
change the order should solve the problem, but i'll remove the return false; anyway
Changing the order didn't help.
-
Liath what can i do to help you solve also the Admin edit/move ads (that marks them _sometime_ as duplicate with no reason) ?
I'll take a deeper look inside of this function, maybe i can check if item has just changed the category id and prevent the duplicates check for this case
edit
Could that be solved simply by checking in the code if the user logged in is Admin
this should be the trick... if an admin modify/move the ad, it hasn't to be checked i think
index.php ~Line: 98
if (!osc_is_admin_user_logged_in() && spam_prot::newInstance()->_get('sp_activate') == '1') {
osc_add_hook('posted_item', 'sp_check_item');
osc_add_hook('edited_item', 'sp_check_item');
}will test it later
This is great, as I already use their service in a different configuration, but much smarter idea is to use their local database, as requests will add another network roundtrip & slowdowns through api, plus they can ban you if you continuously check too much IPs like a firewall
you're right, i think i should change it to use the local database
edit
hmm, i would like to check ip and email, but their files are separated and i dont want to download and search in both files...
Changing the order didn't help.
please try to...
change...
if (!osc_sendMail($params)) {
return false;
}
to...
osc_sendMail($params);
-
I've added the option to show an icon for this plugin in the topbar of your dashboard with same features like the sidebar icon, now you can choose to display it on sidebar and/or topbar
(screenshot)
Also i'm working on Bad/Trusted User Lists...
There you can set different options for user, their are always allowed/forbidden for this user (posting ads/comments or sending contact mails)
What do you think about this Feature? What do you want for this, or what should not be implemented there?
-
Also i'm working on Bad/Trusted User Lists...
There you can set different options for user, their are always allowed/forbidden for this user (posting ads/comments or sending contact mails)
What do you think about this Feature? What do you want for this, or what should not be implemented there?
2b honest that doesn't have any use for me. BUT maybe for others is usefull.
-
it's optionally like all features :)
-
Some ideas:
-
I used almost every version started from 1.0
With 1.6.2 i only get a white page
-
Some ideas:
yes... could be useful to add them automatically after some irregular actions
@tito
can you look into your debug.log for any error?
-
i tied at 4 sites.
At 1 site it shows the admin for a few minutes. After that only thing i see is a white page.
After uoloading to other sites i cannot see the admin and there is only a white page.
Also the link is a little strange:
https://.....nuncios.com/oc-admin/index.php?page=plugins&action=renderplugin&file=/home/.....7093/domains/......uncios.com/public_html/oc-content/plugins/spamprotection/admin/config.php&tab=settings
Normal should be something like:
https://....uncios.com/oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
After delete this part in the browser: /home/.....7093/domains/......uncios.com/public_html/oc-content/plugins/
The plugin shows good
-
i'll change this in next version... for now you can edit
functions/backend.php
replace all
SPP_PATH . '
with
'spamprotection/
this should work for you
-
I used almost every version started from 1.0
With 1.6.2 i only get a white page
White pages (screen of DEATH) is either a Fatal error or out of memory. Enable Debug.log and check. Also you may need to uninstall the plugin and install it again.
-
About 10 times i deleted and installedallready :)
I see this:
[Tue May 16 19:22:31.298223 2017] [lsapi:notice] [pid 332212:tid 139855168046848] [client 66.249.64.55:34478] [host ...nuncios.com] Backend log: PHP Warning: require(functions/index.php): failed to open stream: No such file or directory in /home/....7093/domains/.....nuncios.com/public_html/oc-content/plugins/spamprotection/index.php on line 73\n
-
i'll change this in next version... for now you can edit
functions/backend.php
replace all
SPP_PATH . '
with
'spamprotection/
this should work for you
As allways the right solution
Works perfect!
-
[Tue May 16 19:22:31.298223 2017] [lsapi:notice] [pid 332212:tid 139855168046848] [client 66.249.64.55:34478] [host ...nuncios.com] Backend log: PHP Warning: require(functions/index.php): failed to open stream: No such file or directory in /home/....7093/domains/.....nuncios.com/public_html/oc-content/plugins/spamprotection/index.php on line 73\n
this is ugly, if this error appears, you need to use a newer version... but there must be the file included... is it there?
../spamprotection/functions/index.php
-
it is, you already posted the solution:
i'll change this in next version... for now you can edit
functions/backend.php
replace all
SPP_PATH . '
with
'spamprotection/
this should work for you
-
but this hasn't anything to do with this i think[Tue May 16 19:22:31.298223 2017] [lsapi:notice] [pid 332212:tid 139855168046848] [client 66.249.64.55:34478] [host ...nuncios.com] Backend log: PHP Warning: require(functions/index.php): failed to open stream: No such file or directory in /home/....7093/domains/.....nuncios.com/public_html/oc-content/plugins/spamprotection/index.php on line 73\n
-
I think so, because the output url was not right.
For this the file could not be found
-
ok, this could be... if this error accours again, please report it here
-
dont worry. The error is gone
-
ok, perfect :)
-
This is great, as I already use their service in a different configuration, but much smarter idea is to use their local database, as requests will add another network roundtrip & slowdowns through api, plus they can ban you if you continuously check too much IPs like a firewall
you're right, i think i should change it to use the local database
edit
hmm, i would like to check ip and email, but their files are separated and i dont want to download and search in both files...
Then, simply auto-ban that ip/email/whatever for ~ 1/7/X days or so, and next time you will get result from database directly, without calling their api. Of course, there are pros and cons to every approach.
Regards
-
Then, simply auto-ban that ip/email/whatever for ~ 1/7/X days or so
would be the best way... thank you :)
-
I have a complete white admin now.
This is what the log say:
Backend fatal error: PHP Fatal error: Call to a member function numRows() on boolean in /home/......093/domains/.....ncios.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1238\n, referer: https://.....uncios.com/oc-admin/index.php?page=login
-
do you have tried false logins as admin?
can you please post the complete affected function here?
-
no i login allways automatic
also got complains of users who could not login
i diabled user and admin protection
after that me and the user have acces again
-
maybe there are some entrys in database from old versions? it could help to clear the tables from this plugin
-
ok, i will uninstall and delete database.
let you know what happens
-
let you know what happens
it's all working now?
Here are some impressions for the new Bad/Trusted user Feature
- Trusted user are welcome, because of this they don't need to be scanned by this plugin and all anti spam mechanism are turned off for them
- Bad user are worse, for them you can define actions they are always forbidden. That means that they cannot post new ads, comments or send contact mails...
-
let you know what happens
it's all working now?
everything works fine after delete the database tables
i noticed when i ban user true the plugin, it shows my ipadres instead of ip of the user
-
i noticed when i ban user true the plugin, it shows my ipadres instead of ip of the user
ups :o
where exactly? Do you mean through the check spam ad page?
-
If i check spam of an ad i can ban or block an user. If i ban the user i can check the banned users. There it shows my ipadres
-
thx, i've already found the error and will upload new version soon
edit:
if you want to fix this by yourself
search
function _addBanLog($type, $reason, $email = false, $ip = false, $mode = 'user') {
if (!$ip) { $ip = $this->_IpUserLogin(); }
add after
if (osc_is_admin_user_logged_in()) { $ip = ''; }
-
All the thanks are to you :)
-
you're welcome :)
i'm happy that you all report the errors to me
-
Ok, then i have another small fix for you.
The main settings are not visible in top menu. Only by clicking setting in the icon
-
it's already fixed in new version
-
When i ad this:
if (osc_is_admin_user_logged_in()) { $ip = ''; }
it shows no ip at all
-
hmm, ok, then i have to look again or did you tried through frontend and forgot to log out from admin?
-
i can only see admin when i am logged in not?
I try at another site and let you know
-
no, there is no ip:
-
ok, now i know what you mean ;D
i have to take the ip that is saved while posting this ad.... i'll fix this
-
ok, it is not so important but makes live more easy :)
If i see the same ip more times, i block the ipadres with ipblocker
Maybe good, to build a ip blocker also ;)
-
For this, the internal system should be enough or not? Maybe ... I'm thinking about it, but now I want to finish a few small things and load the plugin into the marketplace
there are alot of more features between v1.4.1 and 1.6.3 xD
-
I know you did.
I use other system to block ip adresses.
Many users make new accounts with different email, just to post ads for free. That kind of users i block. Offcourse after a while you see the system of the users and block the ip. But is a lot of work which i dont want to do actually.
Your plugin save me a lot of time really.
Every day i delete many, many ads. probally more then 1000 every day
It is only a suggestion to keep in mind, because with osclass you are not able to ban ipadresses anymore. It use to do but with newer version not anymore
-
i'll keep it in mind for newer versions :)
-
I am sure you find a way to add this :)
-
I remember about the missing ip in ban table... it was removed... i'll search for another way to block ip's
1.6.3 is uploaded now hope it will working well :) please deinstall first previous versions, you can use import/export for your settings
-
Uninstalling 1.6.2 to install 1.6.3, two db tables were left, the protection_ban_log and protection_login, not sure if this is normal or not.
-
Also after installing 1.6.3 i still see version 1.6.2.
-
Uninstalling 1.6.2 to install 1.6.3, two db tables were left, the protection_ban_log and protection_login, not sure if this is normal or not.
it's not normal, i just forgot to add them to deinstall process in 1.6.2... sorry
Also after installing 1.6.3 i still see version 1.6.2.
uploaded the right file to the wrong folder >.< now you can get the right version
-
Oh, in 1.6.3 the spam icon is gone from top dashboard bar. Now we have to work a bit to list spam flagged and the new hover-dropdown menu is not easy to use.
:'(
-
if you mean the buttons in topbar... they only disappear, when topbar icon is activated... if you choose sidebar icon, they are available again
i thought topbar icon and buttons on one place would be too much
-
if you mean the buttons in topbar... they only disappear, when topbar icon is activated... if you choose sidebar icon, they are available again
i thought topbar icon and buttons on one place would be too much
Then it doesn't work. I have Show icon in sidebar and it shows both in sidebar and topbar. Also my Spam icon is gone.
-
i've uploaded a modified version, there is all back and optional
-
i've uploaded a modified version, there is all back and optional
yeap, that's better for the admins.
-
yeap, that's better for the admins.
:)
i've also added the internal ban for email addresses and/or ip's if they are found on StopForumSpam...
Then, simply auto-ban that ip/email/whatever for ~ 1/7/X days or so, and next time you will get result from database directly, without calling their api. Of course, there are pros and cons to every approach.
but for now, there is no auto unban... admins have to take a look in ban rules by themself
now i only want to fix some bugs if found, complete the help and upload the final version to marketplace...
maybe... i'll add an option to ban IP's manually, but i think this plugin is finished
-
@Aficionado
Can you please try, whether sending mails is now working for you?
-
@Aficionado
Can you please try, whether sending mails is now working for you?
I will, don't you worry about a thing (as the song says) ...
https://www.youtube.com/watch?v=vJTxzsHsako
-
@Aficionado
Can you please try, whether sending mails is now working for you?
I'm afraid not IF the user DOESN'T EXIST. No email is sent to admin.
-
:(
i don't know why... the only way is see to solve this, when we try some debugging with a special version
-
:(
i don't know why... the only way is see to solve this, when we try some debugging with a special version
You mean if i try it to your test system, and write in the user login "ksksksksk" several times and be IP locked, you GET an email about it ?
Also i don't have any problem to have a version for debug or whatever. You have my email, feel free to email me if you need so.
-
Also about email:
When a existing user is locked out he gets an email. That email is ok.
The admin gets also an email BUT it is the same email as the user (with unlock link etc etc). Not ok. Some mix somewhere.
-
You mean if i try it to your test system, and write in the user login "ksksksksk" several times and be IP locked, you GET an email about it ?
i'll try it for my own... i'm sure i'll find this damn error ;D
The admin gets also an email BUT it is the same email as the user (with unlock link etc etc). Not ok. Some mix somewhere.
if you are using the standard mailtemplates, they are the same... yes
-
The admin gets also an email BUT it is the same email as the user (with unlock link etc etc). Not ok. Some mix somewhere.
if you are using the standard mailtemplates, they are the same... yes
Ok, i will customize it later and let you know.
-
i think i have the solution because the mails...
class.spamprotection.php ~1360
change
function _informUser($search, $target = 'user') {
if ($this->_checkAccount($search, $target)) {
$ip = $this->_IpUserLogin();
$time = osc_format_date(date('Y-m-d H:i:s', time()), osc_date_format().' '.osc_time_format());
if ($target == 'user') {
$user = User::newInstance()->findByEmail($search);
$email = $search;
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}', '{BAN_LIST}');
$content[] = array(osc_page_title(), $user['s_name'], $search, $time, $ip, '<a href="'.osc_base_url(true).'?page=sp_activate_account&email='.$search.'&token='.md5($user['s_secret']).'">Click here</a>', '<a href="'.osc_recover_user_password_url().'">Click here</a>', '<a href="'.osc_admin_render_plugin_url(osc_plugin_folder(dirname(__FILE__)).'admin/ban_log.php').'">Ban List</a>');
} elseif ($target == 'admin') {
$user = Admin::newInstance()->findByUsername($search);
$email = $user['s_email'];
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}', '{BAN_LIST}');
$content[] = array(osc_page_title(), $user['s_name'], $search, $time, $ip, '<a href="'.osc_base_url(true).'?page=sp_activate_account&name='.$search.'&token='.md5($user['s_secret']).'">Click here</a>', '<a href="'.osc_admin_base_url(true).'?page=login&action=recover">Click here</a>', '<a href="'.osc_admin_render_plugin_url(osc_plugin_folder(dirname(__FILE__)).'admin/ban_log.php').'">Ban List</a>');
}
$target_array = array('admin', 'user');
foreach($target_array as $target2) {
$body_extra = '';
if ($target2 == 'admin') {
$info = osc_plugin_get_info("spamprotection/index.php");
$body_extra = "\n\nThis Mail was sended from ".$info['plugin_name'];
}
$mail_title = nl2br(strip_tags($this->_titleTemplate($target, $target2)));
$mail_body_plain = nl2br(strip_tags($this->_mailTemplate('plain', $target, $target2).$body_extra));
$mail_body_html = nl2br(strip_tags($this->_mailTemplate('html', $target, $target2).$body_extra));
$title = osc_mailBeauty($mail_title, $content);
$body_plain = osc_mailBeauty($mail_body_plain, $content);
$body_html = osc_mailBeauty($mail_body_html, $content);
$params = array(
'from' => osc_contact_email(),
'from_name' => osc_page_title(),
'subject' => $title,
'to' => ($target2 == 'user' ? $email : osc_contact_email()),
'to_name' => $user['s_name'],
'body' => $body_html,
'alt_body' => $body_plain,
'reply_to' => osc_contact_email()
);
osc_sendMail($params);
}
return true;
}
}
to
function _informUser($search, $target = 'user') {
$ip = $this->_IpUserLogin();
$time = osc_format_date(date('Y-m-d H:i:s', time()), osc_date_format().' '.osc_time_format());
if ($target == 'user') {
$user = User::newInstance()->findByEmail($search);
$email = $search;
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}', '{BAN_LIST}');
$content[] = array(osc_page_title(), $user['s_name'], $search, $time, $ip, '<a href="'.osc_base_url(true).'?page=sp_activate_account&email='.$search.'&token='.md5($user['s_secret']).'">Click here</a>', '<a href="'.osc_recover_user_password_url().'">Click here</a>', '<a href="'.osc_admin_render_plugin_url(osc_plugin_folder(dirname(__FILE__)).'admin/ban_log.php').'">Ban List</a>');
} elseif ($target == 'admin') {
$user = Admin::newInstance()->findByUsername($search);
$email = $user['s_email'];
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}', '{BAN_LIST}');
$content[] = array(osc_page_title(), $user['s_name'], $search, $time, $ip, '<a href="'.osc_base_url(true).'?page=sp_activate_account&name='.$search.'&token='.md5($user['s_secret']).'">Click here</a>', '<a href="'.osc_admin_base_url(true).'?page=login&action=recover">Click here</a>', '<a href="'.osc_admin_render_plugin_url(osc_plugin_folder(dirname(__FILE__)).'admin/ban_log.php').'">Ban List</a>');
}
$target_array = array('admin', 'user');
foreach($target_array as $target2) {
$body_extra = '';
if ($target2 == 'admin') {
$info = osc_plugin_get_info("spamprotection/index.php");
$body_extra = "\n\nThis Mail was sended from ".$info['plugin_name'];
}
$mail_title = nl2br(strip_tags($this->_titleTemplate($target, $target2)));
$mail_body_plain = nl2br(strip_tags($this->_mailTemplate('plain', $target, $target2).$body_extra));
$mail_body_html = nl2br(strip_tags($this->_mailTemplate('html', $target, $target2).$body_extra));
$title = osc_mailBeauty($mail_title, $content);
$body_plain = osc_mailBeauty($mail_body_plain, $content);
$body_html = osc_mailBeauty($mail_body_html, $content);
$params = array(
'from' => osc_contact_email(),
'from_name' => osc_page_title(),
'subject' => $title,
'to' => ($target2 == 'user' ? $email : osc_contact_email()),
'to_name' => $user['s_name'],
'body' => $body_html,
'alt_body' => $body_plain,
'reply_to' => osc_contact_email()
);
osc_sendMail($params);
}
return true;
}
-
i've saved following mailtemplates for me
Hello {MAIL_USER}
We have detected some false logins for your account {MAIL_USED} on {PAGE_NAME}. Last false login was on {MAIL_DATE} from IP {MAIL_IP}
In order to our security policy, we have temporarily disabled your account and banned the used IP in our System. You can use following link to unban and reactivate your Account. If this was not you, please contact the support and change your password. You can use the password recovery function, if you don't remember your password.
Unban your account: {UNBAN_LINK}
Password recovery: {PASSWORD_LINK}
Best regards
{PAGE_NAME}
Hello Admin
The System detected too many false logins for following account:
Account: {MAIL_USED}
Last Login: {MAIL_DATE}
IP: {MAIL_IP}
Please go to your {BAN_LIST} and check the ban.
-
...and the new hover-dropdown menu is not easy to use.
what did you mean there exactly?
-
...and the new hover-dropdown menu is not easy to use.
what did you mean there exactly?
See:
-
this looks ugly... i'll fix this
-
Then, simply auto-ban that ip/email/whatever for ~ 1/7/X days or so, and next time you will get result from database directly, without calling their api. Of course, there are pros and cons to every approach.
but for now, there is no auto unban... admins have to take a look in ban rules by themself
Well, that feature is essential for this kind of plugin, think about it, keeping records of banned IPs is useless for prolonged period of time, with or without admin action, because of the nature of IPs.
Sorry I cannot contribute more actively right now, beside suggestions.
-
of course, i'll build in an auto-unban later :)
-
i've uploaded a new file with some changes, but without version changing. The Topbar Menu should now looks ok... Idk, in my case it does.
P.S. Just for demo i have activated all possible spam links
-
i think i have the solution because the mails...
to
function _informUser($search, $target = 'user') {
$ip = $this->_IpUserLogin();
$time = osc_format_date(date('Y-m-d H:i:s', time()), osc_date_format().' '.osc_time_format());
if ($target == 'user') {
$user = User::newInstance()->findByEmail($search);
$email = $search;
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}', '{BAN_LIST}');
$content[] = array(osc_page_title(), $user['s_name'], $search, $time, $ip, '<a href="'.osc_base_url(true).'?page=sp_activate_account&email='.$search.'&token='.md5($user['s_secret']).'">Click here</a>', '<a href="'.osc_recover_user_password_url().'">Click here</a>', '<a href="'.osc_admin_render_plugin_url(osc_plugin_folder(dirname(__FILE__)).'admin/ban_log.php').'">Ban List</a>');
} elseif ($target == 'admin') {
$user = Admin::newInstance()->findByUsername($search);
$email = $user['s_email'];
$content = array();
$content[] = array('{PAGE_NAME}', '{MAIL_USER}', '{MAIL_USED}', '{MAIL_DATE}', '{MAIL_IP}', '{UNBAN_LINK}', '{PASSWORD_LINK}', '{BAN_LIST}');
$content[] = array(osc_page_title(), $user['s_name'], $search, $time, $ip, '<a href="'.osc_base_url(true).'?page=sp_activate_account&name='.$search.'&token='.md5($user['s_secret']).'">Click here</a>', '<a href="'.osc_admin_base_url(true).'?page=login&action=recover">Click here</a>', '<a href="'.osc_admin_render_plugin_url(osc_plugin_folder(dirname(__FILE__)).'admin/ban_log.php').'">Ban List</a>');
}
$target_array = array('admin', 'user');
foreach($target_array as $target2) {
$body_extra = '';
if ($target2 == 'admin') {
$info = osc_plugin_get_info("spamprotection/index.php");
$body_extra = "\n\nThis Mail was sended from ".$info['plugin_name'];
}
$mail_title = nl2br(strip_tags($this->_titleTemplate($target, $target2)));
$mail_body_plain = nl2br(strip_tags($this->_mailTemplate('plain', $target, $target2).$body_extra));
$mail_body_html = nl2br(strip_tags($this->_mailTemplate('html', $target, $target2).$body_extra));
$title = osc_mailBeauty($mail_title, $content);
$body_plain = osc_mailBeauty($mail_body_plain, $content);
$body_html = osc_mailBeauty($mail_body_html, $content);
$params = array(
'from' => osc_contact_email(),
'from_name' => osc_page_title(),
'subject' => $title,
'to' => ($target2 == 'user' ? $email : osc_contact_email()),
'to_name' => $user['s_name'],
'body' => $body_html,
'alt_body' => $body_plain,
'reply_to' => osc_contact_email()
);
osc_sendMail($params);
}
return true;
}
Liath, that change seems to solve the email notification problem.
-
The problem of duplicate checks still exist. Marks as duplicates totally irrelevent ads. And when you check in your plugin, it ALWAYS point as duplicate ONE specific old ad.
-
Liath, that change seems to solve the email notification problem.
sounds good :)
The problem of duplicate checks still exist. Marks as duplicates totally irrelevent ads. And when you check in your plugin, it ALWAYS point as duplicate ONE specific old ad.
doesn't sounds good :(
do this happens with user ads or can you exactly reproduce this issue? in my configuration i've never get false marked spam.
edit: and... is there found a duplicate title or description?
-
The problem of duplicate checks still exist. Marks as duplicates totally irrelevent ads. And when you check in your plugin, it ALWAYS point as duplicate ONE specific old ad.
doesn't sounds good :(
do this happens with user ads or can you exactly reproduce this issue? in my configuration i've never get false marked spam.
[/quote]
i also have no false spams. And i have a lot of spam every day
@Aficionado Maybe you delete that old ad and see what happens
-
Well, that feature is essential for this kind of plugin, think about it, keeping records of banned IPs is useless for prolonged period of time, with or without admin action, because of the nature of IPs.
is added now
Oh, in 1.6.3 the spam icon is gone from top dashboard bar. Now we have to work a bit to list spam flagged and the new hover-dropdown menu is not easy to use.
:'(
Also i've added the option to show buttons as text (normal version) or as icon (screenshot), because with alot of spam, the topbar is sometimes overloaded ::)
Hi, I tried installing the plugin on osclass 3.0.1 and after hitting isntall, this error came up:
Fatal error: Can't use method return value in write context in /home/sportexd/public_html/osclass/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 249
For this case, i've added a PHP Version check, that triggered an error before the installation, if PHP < 5.5
-
I use other system to block ip adresses.
Many users make new accounts with different email, just to post ads for free. That kind of users i block. Offcourse after a while you see the system of the users and block the ip. But is a lot of work which i dont want to do actually.
what kind of ip ban do you mean exactly?
just a list/overview where you can add ip's to ban table or through user list? please explain more.
edit: is it enough to add a link in user menu to add last ip to ban table? (like Screenshot)
-
I use ipblocker to ban ipadresses or ban complete countries.
So i dont have annoying ads from africa, china russia and so on.
I only have people who wants to copy their ads many times for free and spammers from allowed countries
-
is this a paid plugin?
-
i dont know if i may post links here. So i send you email on your site
-
ok, also my email address is shown on different screenshots here
-
got it... this should be really hard to implement into this plugin.... i have to find another solution if i should implement ip-ban
-
I know it is :)
I dont need it in the plugin also, but maybe a simple ip block as in the old osclass will be good enough
Other question which i have. If user blocked by stopforumspam, do we get notice of that?
-
in the new version, if you are using autoban... yes
but the newest version isn't uploaded for now
-
Sehr gut :)
-
I dont need it in the plugin also, but maybe a simple ip block as in the old osclass will be good enough
i can build some extra feature to add IP to ban list through the user page
Sehr gut :)
;D Du sprichst ja Deutsch
-
Sprechen ja, aber schreiben ist swierig fur mich :)
ip ban makes live easy if user use more then 1 account for posting ads
At this moment i have to login at the other site to ban them, if i really dont like them :)
-
At this moment i have to login at the other site to ban them, if i really dont like them :)
then it should be the best solution, if you have the option to ban them through the regular user list
-
Yes, that is true.
Will simplify to block those users
-
do this happens with user ads or can you exactly reproduce this issue? in my configuration i've never get false marked spam.
edit: and... is there found a duplicate title or description?
Duplicate set for the ALL ads, Title, 90 days.
Yes i can reproduce it anytime. md5/similarity doesn't make a difference.
-
i also have no false spams. And i have a lot of spam every day
@Aficionado Maybe you delete that old ad and see what happens
I'm not talking about false SPAM flags. I'm talking about duplicate problems. And i there is no reason to delete that old ad, because some other will take its place. And i don't delete ads, users do or after they expire they are automatically purged.
Since this is very easy to reproduce and i BET everybody has it (or will have it, they just don't know it yet), i can help to find the problem.
I just happen to find the problems fist of all. Story of my life ...
-
Si what you wrote is true :): Good things come to those who wait
I will have a better look at the duplicated ads. Maybe i missed this part. But i have as setting only user and not all items, because i have a lot of ads.
But i have some sites which have not many ads. I make the setting to all ads there
-
Some minor warnings/notices:
[19-May-2017 22:07:19 America/Los_Angeles] PHP Notice: Undefined index: s_secret in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1371
[19-May-2017 22:07:19 America/Los_Angeles] PHP Notice: Undefined index: s_name in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1403
[19-May-2017 22:09:08 America/Los_Angeles] PHP Notice: Undefined index: sp_check_stopforumspam_mail in /home/public_html/oc-content/plugins/spamprotection/admin/security.php on line 310
[19-May-2017 22:10:42 America/Los_Angeles] PHP Notice: Undefined index: s_name in /home/public_html/oc-content/plugins/spamprotection/admin/ban_log.php on line 37
[20-May-2017 06:11:31 America/Los_Angeles] PHP Notice: Undefined index: token in /home/public_html/oc-content/plugins/spamprotection/functions/backend.php on line 179
-
No variable assigned
Add @ and the warning disappears, or disable the output of php errors
PHP Notice: Undefined index: s_secret in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1371
$s_secret
@$s_secret
-
No variable assigned
Add @ and the warning disappears, or disable the output of php errors
PHP Notice: Undefined index: s_secret in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1371
$s_secret
@$s_secret
Once again, you have no clue what you are talking about.
1. Notices are in general harmless, yet they may indicate a poor application design.
2. Cleaning up some notices can potentially thwart a bug. Undefined variables, for example, can result in errors if you try to read the variable that wasn't initialized.
3. I'm currently testing the plugin, so debug is always on. Hiding the notices is a bad approach.
-
Duplicate set for the ALL ads, Title, 90 days.
Yes i can reproduce it anytime. md5/similarity doesn't make a difference.
thanks Aficionado
i can reproduce this now and search for a fix...
it's because of the "new" feature to set a time range where to search in all ads, it doesn't work at all correct
Si what you wrote is true :) : Good things come to those who wait
Add @ and the warning disappears, or disable the output of php errors
thanks buninsan, but this plugin is at moment in development and there we need this error messages to clean the code ;)
-
found it, this should fix it finally, tested multiple times and all works fine now
class.spamprotection.php ~928
replace function _getItemsByAll() {
$this->dao->select('*');
$this->dao->from($this->_table_item);
$result = $this->dao->get();
if (!$result) { return false; }
return $result->result();
}
function _getItemData($item, $locale) {
$time = $this->_get('sp_duplicates_time');
$this->dao->select('d.*');
$this->dao->from($this->_table_desc.' as d');
if ($time >= '0') {
$this->dao->join($this->_table_item.' as i','d.fk_i_item_id = i.pk_i_id','LEFT');
$this->dao->where("i.dt_pub_date >= '".date("Y-m-d H:i:s", (time()-($time*24*60*60)))."'");
$this->dao->orWhere("i.dt_mod_date >= '".date("Y-m-d H:i:s", (time()-($time*24*60*60)))."'");
}
$this->dao->where("d.fk_i_item_id", $item);
$this->dao->where("d.fk_c_locale_code", $locale);
$result = $this->dao->get();
if (!$result) { return false; }
return $result->row();
}
with
function _getItemsByAll() {;
$search = $this->_get('sp_duplicates_as');
$time = $this->_get('sp_duplicates_time');
$this->dao->select('*');
$this->dao->from($this->_table_item);
if ($search == '2' && $time >= '0') {
$this->dao->where("dt_pub_date >= '".date("Y-m-d H:i:s", (time()-($time*24*60*60)))."'");
$this->dao->orWhere("dt_mod_date >= '".date("Y-m-d H:i:s", (time()-($time*24*60*60)))."'");
}
$result = $this->dao->get();
if (!$result) { return false; }
return $result->result();
}
function _getItemData($item, $locale) {
$this->dao->select('*');
$this->dao->from($this->_table_desc);
$this->dao->where("fk_i_item_id", $item);
$this->dao->where("fk_c_locale_code", $locale);
$result = $this->dao->get();
if (!$result) { return false; }
return $result->row();
}
-
@Liath
Tried also to disable the Search last x days using zero (as you say). But after saving, the default comes to 30 days. Apparently zero is not accepted. So i can't disable and check if really the days is the fault.
I will try the code change and update here with my findings ...
-
Tried also to disable the Search last x days using zero (as you say). But after saving, the default comes to 30 days. Apparently zero is not accepted. So i can't disable and check if really the days is the fault.
there are two issues with them...
first:
i've saved this option as BOOLEAN, correct would be STRING
class.spamprotection.php ~76
function _opt($key = false) {
...
'sp_duplicates_time' => array('30', 'STRING'),
if you want to fix it by yourself, you have also to change it in your database
UPDATE `PREFIX_t_preference` SET `e_type` = 'STRING' WHERE `PREFIX_t_preference`.`s_section` = 'plugin_spamprotection' AND `PREFIX_t_preference`.`s_name` = 'sp_duplicates_time';
second:
../admin/settings.php ~64
i'm checking if this option !empty() if not it shows default value of 30... if you set this to 0, !empty() would give back false, so correct is to ask if it is isset()
change
<input type="text" name="sp_duplicates_time" class="form-control" value="<?php echo (!empty($data['sp_duplicates_time']) ? $data['sp_duplicates_time'] : '30'); ?>" />
to
<input type="text" name="sp_duplicates_time" class="form-control" value="<?php echo (isset($data['sp_duplicates_time']) ? $data['sp_duplicates_time'] : '30'); ?>" />
after this changes, you should be able to set this value to 0 and disable time range search
-
Liath if the above will be fixed in next versions, i prefer to wait. it is easy to unistall fully and reinstall.
-
yes, i've fixed all issues wrote here and some other smaller...
upload new version later
-
when it is all working now (i think it will do) all issues should be solved or not?
1.6.4 is uploaded now
-
when it is all working now (i think it will do) all issues should be solved or not?
1.6.4 is uploaded now
I haven't checked 1.6.4 but the duplicates problem seems fixed with the change of code you posted above. Now the reported duplicated are really dups and point to the correct old ad.
haven't much time today to work more on this, i will continue tommorow.
-
thank you :)
-
I installed 1.6.4 on 1 site and the duplicate problem is gone as far as i can see.
Only thing is that the icon in topbar do not let you go to "settings" because the menu that opens is not right below the icon
-
I installed 1.6.4 on 1 site and the duplicate problem is gone as far as i can see.
Only thing is that the icon in topbar do not let you go to "settings" because the menu that opens is not right below the icon
can you make a screenshot please?
-
offcourse.
By the way.... you never sleep? :)
-
By the way.... you never sleep? :)
sometimes xD
please try to attach icon to right side or clearing your browser cache could help
-
For me is no problem because i use the icon in the sidebar.
Some other users can probally miss the settings feature
-
1.6.4 doesn't install for me no matter what.
"Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/public_html/oc-content/plugins/spamprotection/assets/create_table.sql"
I have cleared tabled etc etc, no luck.
It crashed here:
ALTER TABLE `/*TABLE_PREFIX*/t_user` ADD `i_reputation` INT(1) NULL DEFAULT NULL AFTER `i_comments`, ADD `s_reputation` INT(1) NULL DEFAULT NULL AFTER `i_reputation`;
with #1060 - Duplicate column name 'i_reputation'
-
i'll upload fixed version later
-
@Tito
coming with next version
i'll make the url selectable, where banned user are redirected
-
1.6.5 is uploaded
- Added IP Ban Function
- Corrected some SQL Statements
-
Hmmm, the upload is in the right public_html. But this message appears about private_html:
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/433/domains/erewios.com/private_html/oc-content/plugins/spamprotection/assets/create_table.sql
-
i've checked it all... damn
should be fixed
-
Sorry, it is not
I cannot install on other site also
-
1.6.5:
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/public_html/oc-content/plugins/spamprotection/assets/create_table.sql
-
ADDING fields to core tables (like the "ALTER t_user ..." on the previous page) is a really really bad idea, please don't do it that way, create a different table if needed
-
ADDING fields to core tables (like the "ALTER t_user ..." on the previous page) is a really really bad idea, please don't do it that way, create a different table if needed
This is really sad to read since we already have added (as i see) i_reputation and s_reputation in t_user table .....
-
ADDING fields to core tables (like the "ALTER t_user ..." on the previous page) is a really really bad idea, please don't do it that way, create a different table if needed
This is really sad because we already have i_reputation and s_reputation in t_user table .....
The issue is that if during install or uninstall something fails, you end up with some extra columns on your table, that you need to manually delete to (retry) install again.
People might get confused and delete some other columns instead because you need to access your database, find the table "t_user" (or whatever table has the extra field) and delete a column "i_reputation" (or whatever) that looks exactly like any other column on the table. It's "easy" to make a mistake and delete something else or even the whole table.
On the other hand, if you has create a table t_spam_protection (with a clear distinct name), it's "safer" and easier to delete just the whole table and less probably to mess up or make a mistake.
If you know your way around tables and databases you shouldn't have any problem, but in our experience, it presents a challenge for most users. Just to be clear, there's nothing wrong per se with this, but I would avoid it if possible.
-
Just to be clear, there's nothing wrong per se with this, but I would avoid it if possible.
Not sure i follow. You posted a few lines above :
is a really really bad idea, please don't do it that way,
And now you post that there is nothing wrong. What of the two is correct ?
Are there any guidelines for people who make plugins ? Are our websites at risk ?
Should i delete i_reputation and s_reputation from the t_user tables ? Please advise. Thanks.
-
Just to be clear, there's nothing wrong per se with this, but I would avoid it if possible.
Not sure i follow. You posted a few lines above :
is a really really bad idea, please don't do it that way,
And now you post that there is nothing wrong. What of the two is correct ?
Are there any guidelines for people who make plugins ? Are our websites at risk ?
No, sites are not at risk for this.
The solution will work, and it's not wrong in the sense that adding new columns to a table is ok and normal (if needed). It's a bad idea in the sense that you are modifying the core of Osclass, your table t_user will not be the same as the original one. A plugin is adding a new column (i_reputation) to a table (t_user), what happens if another plugin add another column with the same name? You get an error, two different plugins could not add the same column to the same table. If something is wrong during install or uninstall, you will need to modify a core table (instead of an easier procedure to just delete it and try again), there's a risk (small, but higher) that you make a mistake and end up "corrupting" the table if you have to. That's why it's a bad idea to do it that way. It will work, but it *may* cause some problems.
Plugins should use their own tables and add/modify columns (if needed) to their own tables without modify core's tables.
And yes, we do tell developers about this (and other things too).
-
No, sites are not at risk for this.
The solution will work, and it's not wrong in the sense that adding new columns to a table is ok and normal (if needed). It's a bad idea in the sense that you are modifying the core of Osclass, your table t_user will not be the same as the original one. A plugin is adding a new column (i_reputation) to a table (t_user), what happens if another plugin add another column with the same name? You get an error, two different plugins could not add the same column to the same table. If something is wrong during install or uninstall, you will need to modify a core table (instead of an easier procedure to just delete it and try again), there's a risk (small, but higher) that you make a mistake and end up "corrupting" the table if you have to. That's why it's a bad idea to do it that way. It will work, but it *may* cause some problems.
Plugins should use their own tables and add/modify columns (if needed) to their own tables without modify core's tables.
And yes, we do tell developers about this (and other things too).
So to completly clear this, if the plugin in its current version (adding to core tables) was submitted to Osclass market, it would be accepted or not ?
-
It will not be accepted and we will tell the developer why and what to do to. As far as I know, the current version of this plugin in the market does not modify core tables.
-
It will not be accepted and we will tell the developer why and what to do to. As far as I know, the current version of this plugin in the market does not modify core tables.
Thanks, that clears all.
-
As far as I know, the current version of this plugin in the market does not modify core tables.
No... Version 1.4.1 doesn't modify core tables
ADDING fields to core tables (like the "ALTER t_user ..." on the previous page) is a really really bad idea, please don't do it that way, create a different table if needed
It's ok, shouldn't be a problem to change this easily...
@All with modified core tables, i'll add a fix in next version to do all modifications automatically
-
Hello Liath,
Just found that the plugin is not catching some blocked keywords. I've put in my keywords and sentences in the "substring" section.
Is it just me?
Thanks
-
I'll keep an eye on it. Until now I had no errors there.
Are these always the same keywords, or are they more random?
-
1.6.6 is uploaded
- moved rows from table t_user to own table
- added function to copy data from old rows to new table and delete not needed rows
- modified some stylesheets
In this Version i have integrated a function that will copy data from old rows in t_user to own table and delete old rows automatically. This function will be removed next version.
tested all dozen times... automatically copying of your old data to new table works without issues. Also i have changed the stylesheet for admin icons because of the wrong appearance
-
Are these always the same keywords, or are they more random?
It seems to be random. I think i'm going to wait a bit more for the insights.
-
2 little things Liath,
the first. The 2 old rows doesnt deleted automatic. I had to do it manual.
the second: i ad several ip to block, but not shown in the database
-
2 little things Liath,
the first. The 2 old rows doesnt deleted automatic. I had to do it manual.
Deleted in one (test) site but didn't to an other.
-
i'll look for the automatic deleting...
the banned ip's not saved in ban_log... they are saved in plugin settings (t_preference) as serialized array
-
the banned ip's not saved in ban_log... they are saved in plugin settings (t_preference) as serialized array
Yes it is. I didnt look there
-
i'll look for the automatic deleting...
does anyone has saved bad/trusted users before update? If yes, did they saved automatically to new table? I can't see any issue in this function.
-
does anyone has saved bad/trusted users before update? If yes, did they saved automatically to new table? I can't see any issue in this function.
no, i did not saved them
also before update the plugin first delete al the spam, like comments and ads. Because if not, they are saved in database
-
Because if not, they are saved in database
That's right, then the plugin can't check it anymore for spam.
-
Just a reminder :)
I forgot it the first time
-
1.6.6
PHP Warning: array_diff_key(): Argument #1 is not an array in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1723
PHP Warning: ksort() expects parameter 1 to be array, null given in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1724
-
thx... fixed
@all
if you find any kind of PHP Warnings or Notices in your debug log, please report it here, so that i can eliminate them...
-
i have added a small option, where you can delete automatically not needed ads, comments and user...
-
i have added a small option, where you can delete automatically not needed ads, comments and user...
I haven't tried 1.6.7 yet, but i have a suggestion for your new features. All those cleanup functions are great and probably will replace Butler plugin.
If so, Inactivated users are deleted ? Not clear from your post.
Also please consider this: Cleanup users that haven't logged for some years (or months) and with zero ads active of cource. For example i have around 20.000 users from 5 years back and probably most of them are old and not used any more.
Finally it is a good idea i think to have a global Audit Trail log and register all plugin's info (blocks, deletions etc). And auto-purge that log every week or so.
-
I haven't tried 1.6.7 yet, but i have a suggestion for your new features.
You couldn't... it is not uploaded yet ;D
I'll add the suggestions and upload it after this
If so, Inactivated users are deleted ? Not clear from your post.
Yes, at moment only not activated user accounts are deleted
Also please consider this: Cleanup users that haven't logged for some years (or months) and with zero ads active of cource. For example i have around 20.000 users from 5 years back and probably most of them are old and not used any more.
I can add this, but all should be use this safely
Finally it is a good idea i think to have a global Audit Trail log and register all plugin's info (blocks, deletions etc). And auto-purge that log every week or so.
Of course, it is a good idea and i will add this global log
-
Also please consider this: Cleanup users that haven't logged for some years (or months) and with zero ads active of cource. For example i have around 20.000 users from 5 years back and probably most of them are old and not used any more.
I can add this, but all should be use this safely
Yes, i understand that it can be risky for some admins, they could delete their whole user base by mistake. Any ideas how it can be safely implemented ?
* An idea is to cleanup old account ONLY MANUALLY via a plugin option and not in automated cron. And that way maybe display a second verification popup with a warning of what is gonna happen.
-
i'll add a minimum time range of a half year for inactive user accounts and make it fix that the account have to be 0 ads
i think that should be enough, that the admin cannot delete wrong users
-
i'll add a minimum time range of a half year for inactive user accounts and make it fix that the account have to be 0 ads
i think that should be enough, that the admin cannot delete wrong users
Sure. Also the user should not be an admin by any means. And make the 6 months, better a whole year to be safe.
-
* An idea is to cleanup old account ONLY MANUALLY via a plugin option and not in automated cron. And that way maybe display a second verification popup with a warning of what is gonna happen.
also a good idea to make a sortable and searchable table with useless accounts and give the option to delete them manually
Sure. Also the user should not be an admin by any means. And make the 6 months, better a whole year to be safe.
i'll look on this
-
Well ... manually ... searching and deleting inactive old account is of cource an option, still for large user bases is not very practical.
We are searching for automated ways to run Osclass, we already spend a lot of time moving and editing ads from crazy users posting whatever they want allover the categories......
-
of course, but there are alot of admins, they sometimes not know what they are doing ;D but i can add the option to delete them manually or all in once after filtering
-
first idea of filterable list of unwanted user accounts
red = has admin account (cannot be deleted)
green = has never logged in
black = nothing special
-
i'll add a minimum time range of a half year for inactive user accounts and make it fix that the account have to be 0 ads
i think that should be enough, that the admin cannot delete wrong users
Why do you automatically assume that users who are registered have to be posters/sellers??
My point is, they can be registered for other benefits that step provides.
-
Why do you automatically assume that users who are registered have to be posters/sellers??
My point is, they can be registered for other benefits that step provides.
Sure, but if they haven't logged in for two years for example, they are dead and burried. I think.
-
I "hate" websites that pronounce me "dead" after x years, out of principle never return.
-
first idea of filterable list of unwanted user accounts
red = has admin account (cannot be deleted)
green = has never logged in
black = nothing special
Nice, but the admin excution should be hardcoded and not selectable. Deleting an admin account for whatever reason is not acceptable and dangerous also.
-
I "hate" websites that pronounce me "dead" after x years, out of principle never return.
We are not talking about sites in general. Or forums. Classified sites are different, you should have known that by now.
And in any case, it is up to the admin to cleanup or not. Not forced to do so. Personnally i would love to get rid of several thousand of users that posted one ad 5 years ago from India and never came back.
-
user they have an admin account are not selectable...
i don't speak about admin accounts, i mean user they have an admin account with same email address... admin accounts are never shown in this table
-
1.6.7 is uploaded now
-
1.6.7 is uploaded now
[26-May-2017 16:10:08 America/Los_Angeles] PHP Warning: Invalid argument supplied for foreach() in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2089
[26-May-2017 16:10:08 America/Los_Angeles] PHP Fatal error: Uncaught Error: Call to a member function numRows() on boolean in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php:2139
Stack trace:
#0 /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php(2086): spam_prot->_cleanDatabaseSearch('unactivateduser', '7', '10', 'ads')
#1 /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php(2081): spam_prot->_cleanDatabaseDo('unactivateduser', '7', '10')
#2 /home/public_html/oc-includes/osclass/classes/Plugins.php(34): spam_prot->_cleanDatabase()
#3 /home/public_html/oc-includes/osclass/helpers/hPlugins.php(34): Plugins::runHook('cron_hourly')
#4 /home/public_html/oc-includes/osclass/cron.php(70): osc_run_hook('cron_hourly')
#5 /home/public_html/index.php(78): require_once('/home/...')
#6 {main}
thrown in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2139
-
everytime the same **** with function numRows() >:(
-
have fixed the error above ^^
first screen of global log... i'm still adding messages for some actions
new version is not uploaded for now
-
@Aficionado
can you send me the complete error report from your mod_security via email? I want to look deeper in the code because of this error.
-
@Aficionado
can you send me the complete error report from your mod_security via email? I want to look deeper in the code because of this error.
What complete error report ? That's it. From mod_security ? I don't follow .....
Oh, you mean that old error when saving ? I don't have that anymore, since the hosting company disabled the offending rules from my plan.
-
Something is missing
// result should be object
if($result === false) {
return false;//or 0 or array()
}
if( $result->numRows() == 0 ) {
return array(); // false ,0
}
-
About Users cleanup. I think Non Activated users can be automatically deleted after XX days. No need for the admin to do or select anything.
Keep the search etc part for Activated users only.
-
edit: misunderstood
i think actually it is a good combination between automatically delete not activated user accounts and this search table, where you can define your search and see quickly which kind of useraccount it is
-
edit: misunderstood
i think actually it is a good combination between automatically delete not activated user accounts and this search table, where you can define your search and see quickly which kind of useraccount it is
you are forgiven.
Yeap. just great. Now it only remains to turn this plugin into a Osclass firewall, and you are done.
Just kidding of cource ...
-
Yeap. just great. Now it only remains to turn this plugin into a Osclass firewall, and you are done.
actually it is a firewall i think ;D
Under normal circumstances, no one should be able to cause any inconvenience on our pages.
-
1.6.8 uploaded
- All activities are written to the new global log
- Log is searchable, date can be selected
-
@Liath we have now two log tables in the database ? Am i right ? Global log and Ban log ?
-
yes
Ban Log has just temporary data. There are saved, if someone logged in false. After logging in correct, all entrys are deleted.
-
I think those two logs (about the same ad) could be one log entry.
-
Merged
-
I see in my global log an "unban" of richard.janzen@intomail.bid but i have no such user. Also i don't ban user accounts but IPs.
So the question is, could that extra work be not needed ? I mean unban who ? He doesn't exist.
-
you have the check against stopforumspam active?
-
you have the check against stopforumspam active?
Oh! yeah! That escaped me. Enabled, i will disable that.
-
1.6.8:
PHP Notice: Undefined index: token in /home/public_html/oc-content/plugins/spamprotection/functions/backend.php on line 180
PHP Notice: Undefined index: sp_check_stopforumspam_mail in /home/public_html/oc-content/plugins/spamprotection/admin/security.php on line 343
PHP Notice: Undefined index: sp_check_stopforumspam_ip in /home/public_html/oc-content/plugins/spamprotection/admin/security.php on line 343
-
thx... eliminated
-
Hello,
I'm still using the osclass market version of the plugin - 1.4.1 ... could this be the reason some of the keywords are not getting caught?
The hit/miss seems to be quite random, sometimes it gets caught and sometimes not. I earlier thought this was due to the spanish accents, but that was not the reason. I'm getting a lot of drug/loan spams :(
Why such a difference in versions between the market and Liath's blog?
-
Hello,
I'm still using the osclass market version of the plugin - 1.4.1 ... could this be the reason some of the keywords are not getting caught?
i didnt changed anything for the anti spam modules since 1.4.1
Why such a difference in versions between the market and Liath's blog?
because i want to finish this plugin with all features and eliminate all errors before i want to upload the newest version...
the osclass developers has different to do, than to review all versions i have published xD
-
Hello,
I'm still using the osclass market version of the plugin - 1.4.1 ... could this be the reason some of the keywords are not getting caught?
The hit/miss seems to be quite random, sometimes it gets caught and sometimes not. I earlier thought this was due to the spanish accents, but that was not the reason. I'm getting a lot of drug/loan spams :(
After adding the word "loan", ALL spams or fraud ads are flagged. Also the same with meds etc. From day 1.
The problem i have is the opposite. Legit ads are flagged if they include some stop words like "med" for example. But that is not a fault of the plugin.
Next time it happens try to replicate it yourself. Write an ad with the stop words and see what happens.
-
i never seen any issues with the stopwords... in all tests they triggered to 100% correct, but i'm testing only on a demo page, without real ads
-
you have the check against stopforumspam active?
Even after disabling stopforumspam check, i still get unban logs for non existing users.
-
Yeap. just great. Now it only remains to turn this plugin into a Osclass firewall, and you are done.
actually it is a firewall i think ;D
Under normal circumstances, no one should be able to cause any inconvenience on our pages.
One suggestion. Feel free to ignore, if you think it is not required or not for your plugin to have.
In oc-load.php you see:
function osc_meta_generator() {
echo '<meta name="generator" content="Osclass ' . OSCLASS_VERSION . '" />';
}
Could you remove or change that function within your plugin ? No reason for anyone to advertize what we run and what version.
Personally i comment that out (the "echo ..." part).
-
Guys, i think it has something to do with the capital letters & spanish accents.
For example , if i add the word "loan".... then "LOAN", "loan" and "Loan" are getting caught just fine.
But, if i add "Préstamos" * (which is loan in spanish), then "préstamos" and "Préstamos" are caught... BUT "PRÉSTAMOS" is not getting caught.
*Note the initial capital letter
Also, if i add "préstamos" , then "PRÉSTAMOS" still doesn't get caught.
The word PRÉSTAMOS gets caught only if i type the exact capitalized word "PRÉSTAMOS" .
This is not so bad, i'm adding the related capitalized keywords now, but i think there is a bit of room for improvement here.
Thanks!
-
Guys, i think it has something to do with the capital letters & spanish accents.
This is not so bad, i'm adding the related capitalized keywords now, but i think there is a bit of room for improvement here.
Thanks!
Actually that is a problem not with Spanish but with all non-english character set. Not sure there is a solution for this, other that include as stopwords all variations. I mean all variations you FIND in spam ads. Whatever spammers use.
@Liath if you capitalize with code the "préstamos" what it returns ?
Also @SteveJohnson you can fix that using subword as stopword, for example "réstamos" will cover "préstamos" and "Préstamos". Got it ?
-
@SteveJohnson,
spamads with prestamos are for over 90% send from Benin country.
Block Benin country for visiting your site and you are more happy.
I used to have more then 1000 of those spammers every day from Benin. At the moment: a few per week which have an ip what is not recognized as Benin
I know they also send from other countries but save you a lot of traffic. Also you have to block prestamos without é because most of those people cannot write and understand Spanish.
-
Actually that is a problem not with Spanish but with all non-english character set. Not sure there is a solution for this, other that include as stopwords all variations. I mean all variations you FIND in spam ads. Whatever spammers use.
Yes, i think that's a more precise explanation. I am adding the possible variations, which is kinda tedious keeping all those keywords & sentences. But well, it has to be done.
Also @SteveJohnson you can fix that using subword as stopword, for example "réstamos" will cover "préstamos" and "Préstamos". Got it ?
"réstamos" still won't cover "PRÉSTAMOS" so words with accents have to added separately with capitalization.
-
Also @SteveJohnson you can fix that using subword as stopword, for example "réstamos" will cover "préstamos" and "Préstamos". Got it ?
"réstamos" still won't cover "PRÉSTAMOS" so words with accents have to added separately with capitalization.
Sure, but this will cut in half the needed variations :)
-
@SteveJohnson,
spamads with prestamos are for over 90% send from Benin country.
Block Benin country for visiting your site and you are more happy.
I used to have more then 1000 of those spammers every day from Benin. At the moment: a few per week which have an ip what is not recognized as Benin
I know they also send from other countries but save you a lot of traffic. Also you have to block prestamos without é because most of those people cannot write and understand Spanish.
Thank you for the input. By referring blocking a country, do you mean blocking a country based on the IP using Osclass's Ban Rules?
-
you can add it in your .htaccess
i pay $24,00 for 1 year at a service provider to block all the countries and ipadresses i want.
What is not blocked by ipadress the perfect plugin of Liath do that for me. :)
The other thing with préstamos is that also a lot of users use this word for a good reason, like garajes etc.. You also block those people without good razon. So all the blocked ads with préstamos you have to check carefully.
Also the spammers use other words if they are blocked, like financiamiento, financiación. empréstito and crédito.
So with blocking Africa continent you have more peace :)
-
Blocking whole countries is not a good idea for anything. And can't be done always accurately. Being there, Done that.
The secret of not having spammers attack you is simple. Have a clean site. Clean sites are not in their list, only a few.
Clean site means not having such ads posted. Clean sites do not attract spammers.
-
Everybody may make his own choices in life.
Spending whole day to check or having more time to do other things.
By checking 1 ad, i use to have 5 or more new ads at the same moment. No way. For me is better this way
And for me it is not important if a user from Europe or whatever cannot visit my sites in South America
Also when i missed 1 user is no problem also
Still have a lot of visitors every day
I have clean sites, no spam, no unreal looking ads, no nada. Only normal ads because i have very strict policy for ads. And still the spammers come.
-
Everybody may make his own choices in life.
I have clean sites, no spam, no unreal looking ads, no nada. Only normal ads because i have very strict policy for ads. And still the spammers come.
Just posting my view of things. Maybe you attract spammers because your site is about South Africa. Who knows.
Personnally i run 5 sites for 5 years and i get only 1%-2% of spam and that is cut by spam filter. A very few pass through, usualy scam/fraud ads highly hidden and well/clever presented.
I used to block by country, Ukraine, but didn;t help much. Because i needed also to block Russia, Esthonia, Africa, and more ....
-
I only need users from south america. Others are not impartant for me.
With ip blocking and Liath's plugin saves me much time.
We are with 3 people in the office 6 days a week for answering questions and so on.
Six months ago, 1 of them was only busy with deleting spam and control the ads
And i no with many websites comes also a lot of spam. But it is reduced at this moment
-
Even after disabling stopforumspam check, i still get unban logs for non existing users.
The Cronjob is running independently of the StopForumSpam Check... maybe there was some leftovers they had to be unbanned?
One suggestion. Feel free to ignore, if you think it is not required or not for your plugin to have.
In oc-load.php you see:
function osc_meta_generator() {
echo '<meta name="generator" content="Osclass ' . OSCLASS_VERSION . '" />';
}
Could you remove or change that function within your plugin ? No reason for anyone to advertize what we run and what version.
I'll take a look there, to increase the security, it could be helpful to deactivate this
Guys, i think it has something to do with the capital letters & spanish accents.
This is not so bad, i'm adding the related capitalized keywords now, but i think there is a bit of room for improvement here.
Thanks!
Before anything is compared, all strings are converted to lowercase. So it doesnt make sense to save upper- and lowercase versions of your stopwords
Also @SteveJohnson you can fix that using subword as stopword, for example "réstamos" will cover "préstamos" and "Préstamos". Got it ?
I think this would be the best solution, to save just a part from the word and using method Substring
The other thing with préstamos is that also a lot of users use this word for a good reason, like garajes etc.. You also block those people without good razon. So all the blocked ads with préstamos you have to check carefully.
I'll search for a better solution, to compare non-english charsets.
What is not blocked by ipadress the perfect plugin of Liath do that for me.
With ip blocking and Liath's plugin saves me much time.
I'm glad, that this plugin does his job and can save you your time :)
-
Even after disabling stopforumspam check, i still get unban logs for non existing users.
The Cronjob is running independently of the StopForumSpam Check... maybe there was some leftovers they had to be unbanned?
Leftovers for almost 3 days now ? I don't think so. Today i still see 2-3 unbanned. I will keep monitoring this ....
-
ok thank you
-
This messages occure, after your cron job has deleted old data (false login trys, bans or something else) from this table...
maybe the text isn't correct, i've changed it to: "Removing old data from Login Limit"
but why you are getting log entrys for non-existing accounts, idk... maybe they try to hack them and get banned for this try
-
1.6.8 i think those haven't been posted, not 100% sure:
[31-May-2017 05:23:03 America/Los_Angeles] PHP Notice: Undefined index: fk_i_item_id in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 12
[31-May-2017 05:23:03 America/Los_Angeles] PHP Notice: Undefined index: fk_i_user_id in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 13
[31-May-2017 05:23:03 America/Los_Angeles] PHP Notice: Undefined index: s_user_mail in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 14
[31-May-2017 05:23:03 America/Los_Angeles] PHP Notice: Undefined index: s_user_mail in /home/public_html/oc-content/plugins/spamprotection/admin/check.php on line 98
-
thx
-
Did i miss some issues or bugs? Or some unwanted debug.log entrys?
If not, i should upload newest version to the market
-
well, i have many times a blocked because the user is not registred.
Strange, because the user exist and only registered users can post listings
i shall upload to 1.6.8 and let you know
-
well, i have many times a blocked because the user is not registred.
Strange, because the user exist and only registered users can post listings
i shall upload to 1.6.8 and let you know
Those are MANUALLY blocked spam and not by the plugin, i think.
-
No, they are in the spam list
If i check spam, normal is the issue stopword or duplicate.
With a few ads the message is user is not registered.
I check the user and the user is registered.
Also it is not possible for not registered users to post ads
As i said i use 1.6.6 on this site and have upgrade to 1.6.8 at this moment i see what happens
-
No, they are in the spam list
If i check spam, normal is the issue stopword or duplicate.
Never said they are NOT in the spam list. But they are probably manually flagged ?
-
not possible, the plugin did
look at the attachment
-
not possible, the plugin did
look at the attachment
Is that what you mean ?
Those are MANUALLY FLAGGED SPAM.
-
Then i dont understand completly what you mean.
What is manually flagged?
Only the plugin mark ads as spam.
It is also about new ads. If i check them i see nothing strange and the user is registered.
If users of the site mark ads as spam, they are in another list
-
Also @SteveJohnson you can fix that using subword as stopword, for example "réstamos" will cover "préstamos" and "Préstamos". Got it ?
I think this would be the best solution, to save just a part from the word and using method Substring
[/quote]
Hi Liath, no this is not the solution. This is a clever hack - IN GENERAL. There still is a need to add the capitalized version EVERY words/strings with spanish accents.
Not such a big deal, after adding those possibilities, it all works nice.
It's just that when i was using the SpamKiller plugin, it took care of all that. Plus my theme has inbuild spam protection (to an extent), which was creating a bit of confusion.
-
Then i dont understand completly what you mean.
What is manually flagged?
Only the plugin mark ads as spam.
It is also about new ads. If i check them i see nothing strange and the user is registered.
If users of the site mark ads as spam, they are in another list
Manually flag is when the admin flags as spam manually an ad, from admin listings. Not the users, the ADMIN.
Apparently this is what you see. Not a problem of the plugin.
-
I am the admin and i never mark ads as spam. Only delete the ads.
Or i am stupid or i dont understand. 1 of the 2.
I delete tables from database also and update the new 1.6.8 from Liath.
It also only happened on 1 of my websites. I have about 20 who still use 1.6.6.
Also is not a problem but i want that Liath have a good working plugin. Because he spend a lot of his time in it and i aprricied this very much.
I will see what happens with the new update
-
I am the admin and i never mark ads as spam. Only delete the ads.
Or i am stupid or i dont understand. 1 of the 2.
Dude relax. I'm only trying to help here.
-
I am relaxed :)
It is to warm in this country to dont be relaxed
Enjoy the pool in the garden :)
But i just dont understand what you mean with manually flagged. I dont flag ads, just delete them
-
Liath it seems there is a problem, i still get unbanned users that do not exist in my site. And stopspamforum is not enable for many days now.
How are they unbanned ? And why they are banned ?
-
Liath, please note that the plugin icon needs some adjustments (see screenshots).
Also, at first sight some quick English corrections:
Don't overreact if you get a lot of spam. You just need to fine tune some options here.
Comment settings - Cleaner: Delete comments marked as spam
Ad settings - Cleaner: Delete listings marked as spam
Settings - Mailtemplates: If you don't want to generate your own templates, the standard mail templates will be used. The mails for admins will always be sent to:
Thanks!
-
well, i have many times a blocked because the user is not registred.
Strange, because the user exist and only registered users can post listings
I'll keep watching them. Thank you for your hint.
Liath it seems there is a problem, i still get unbanned users that do not exist in my site. And stopspamforum is not enable for many days now.
How are they unbanned ? And why they are banned ?
Maybe there is someone who try to log into not existing accounts, this try would be saved in the database, after your defined time to unban accounts, this entry will be deleted and protocolled... i think this is the case why you get this logs
Liath, please note that the plugin icon needs some adjustments (see screenshots).
Also, at first sight some quick English corrections:
Don't overreact if you get a lot of spam. You just need to fine tune some options here.
Comment settings - Cleaner: Delete comments marked as spam
Ad settings - Cleaner: Delete listings marked as spam
Settings - Mailtemplates: If you don't want to generate your own templates, the standard mail templates will be used. The mails for admins will always be sent to:
Thanks!
The icon should be placed correct in 1.6.8, if not, please try to clear your cache... Thanks for the translations
-
The icon should be placed correct in 1.6.8, if not, please try to clear your cache... Thanks for the translations
Cleared the cache on both my browsers (Mozilla 53.0.3 & Chrome 58) and the issue persists...
Osclass 3.7.3 & Anti Spam & Protection System v1.6.8
-
I can not reproduce this. I've tried this with Version 1.6.8 and following combinations. It's always looking fine. Are you good in CSS? Can you try to correct this and show me the changes?
- Chrome 58.0.3029.110- 1. Screenshot
- Firefox 53.0.3- 2. Screenshot
- Internet Explorer 11- 3. Screenshot
edit
i have reuploaded the plugin, if this still happen, please try to reinstall. This should not happen in the newest version.
-
Maybe there is someone who try to log into not existing accounts, this try would be saved in the database, after your defined time to unban accounts, this entry will be deleted and protocolled... i think this is the case why you get this logs
Sure, but for each ban i shall get an email and also see the Banned users in admin, right ? So for each unban i should see/get also a banned first ?
Or i'm missing something ?
-
For each ban you would get an email... of course, but for example...
your settings are:
- 3 trys in 60min
- unban after 60min, run hourly cron
A user try one time to log in false, this false try will be saved in ban_log (for counting false trys) but not protocolled in global log, after 60min this entry will be deleted and the log is written as unban user... (wrong log text)
So you didn't receive an email and see the (wrong) log entrys... because of this i'll change the text, what i've mentioned earlier, to delete from ban_log... or something else
you could confirm my thought by adding one line in
../functions/frontend.php ~134
change
if (spam_prot::newInstance()->_get('sp_security_login_inform') == '1') {
ob_get_clean();
osc_add_flash_error_message(sprintf(__('<strong>Warning!</strong> Only %d login attempts remaining', 'spamprotection'), ($max_logins-$logins)));
}
to
if (spam_prot::newInstance()->_get('sp_security_login_inform') == '1') {
ob_get_clean();
osc_add_flash_error_message(sprintf(__('<strong>Warning!</strong> Only %d login attempts remaining', 'spamprotection'), ($max_logins-$logins)));
spam_prot::newInstance()->_addGlobalLog('False login try: '.$logins, $email, 'StopForumSpam');
}
with this change you can see the false login trys and compare them with the "false" unban logs
-
@Liath i will try the above this WE and let you know.
I would like to ask the Global log entries duration ? It seems i always get one page and nothing else.
-
for now, they don't have a duration... you didn't have a pagination there?
-
After now update i do not have ads marked as spam from "not existing users"
I dont have pagination but i have 7 pages with 100 enrties.
Can i delete those files?
-
what would be the best way to keep the log clean?
- Create an option to select a lifetime for log entries
- Delete log entries older than a fixed lifetime
- Create a button to clear the log
-
Maybe a combination of those 3 options.
I only will use the last option. Clear all :).
I have 700 in 1 day on 1 site what i made the i image from and just noticed 5400 on another site in about 1 week.
I use 1.6.8 at 15 sites, but no one have pagination
-
the pagination (the buttons to scroll through pages) are exist, but you don't have the information about the pages... (i.e. 1/7)
a combination between all three options isn't possible... option 1 and 2 would have a conflict ;D
edit:
But you're right, with this huge amount of logs, it would explode your database after some time.
-
It is up to you Liath
Whatever you fix i be able to delete those logs
-
for now, they don't have a duration... you didn't have a pagination there?
Sure. How stupid of me. Yeap. Pagination exists.
-
what would be the best way to keep the log clean?
- Create an option to select a lifetime for log entries
- Delete log entries older than a fixed lifetime
- Create a button to clear the log
Make the Global Log an option. And clean up the log automatically every week. My opinion.
-
That would be my suggestion
-
1.6.9 uploaded
- Global log settings added
- Some issues fixed
-
1.6.9 PHP Notice: Undefined index: token in /public_html/oc-content/plugins/spamprotection/functions/backend.php on line 180
-
thx
-
also 1.6.9
PHP Notice: Undefined index: s_title in //plugins/spamprotection/classes/class.spamprotection.php on line 977
PHP Notice: Undefined index: s_description in //plugins/spamprotection/classes/class.spamprotection.php on line 1000
-
I didn't know, that it is possible to post ads with empty title or description :o
But... if i add a check, if this var is set... it can make false results, so i should leave it and we have to live with this notices
thx anyway for reporting :)
-
Also strange that i didnt noticed those warnings before.
Or did not pay attention to it.
I also have notice in another plugin which gave errors. I use those in a handmade theme that is not update anymore. Maybe you will have a look if you have time? I can send you an email
-
you can send it and i'll check it the next days for you
-
Thank you, i send it alittle later
-
1.6.9 Clear manually the log doesn't clear it all.
See:
*** Second time it cleared all. Is the cleanup working with items per clean limit maybe ?
-
Also in 1.6.9 after i cleared manually the global log (or is it after installing 1.6.9 i dunno), all flagged spam notice on the admin topbar disappeared but show in Osclass admin listing as spam flagged.
Also Check Spam works and finds them in YOUR plugin db.
-
*** Second time it cleared all. Is the cleanup working with items per clean limit maybe ?
No, there is no limit for the deleting... i'll watch there
Also in 1.6.9 after i cleared manually the global log (or is it after installing 1.6.9 i dunno), all flagged spam notice on the admin topbar disappeared but show in Osclass admin listing as spam flagged.
i have changed a little the logic to show the buttons, now the button dont appear, if you mark ads manually as spam, because of this, you could have some display issues for the first found spam ads
-
i have changed a little the logic to show the buttons, now the button dont appear, if you mark ads manually as spam, because of this, you could have some display issues for the first found spam ads
No, no marked spam manually. And as i posted above Check Spam leads to your plugin with full details, meaning the information is there. With manual marked spam, the plugin's page is empty and also shows user not registered etc etc.
-
Ok, just to clear the above. Maybe with the 100+ flagged spam by your plugin, i flagged one also by hand. What happens ?
-
Sorry, i think i didnt understand it all.
But i've seen, the icons still highlights for manually marked ads.
-
Sorry, i think i didnt understand it all.
But i've seen, the icons still highlights for manually marked ads.
ok. Before installing the latest version i had some 100+ flagged spam by your plugin with an icon telling me so in the top bar. MAYBE 1-2 were flagged manually.
Now there is no icon. What is the reason for that ?
-
Some versions before, i have removed, that found spam ads are deactivated also. But to be able to distinguish whether it is manually or automatically marked as spam, i've changed it back and deactivate all found spam ads again.
The Toolbar/Sidebar icons and buttons now check, if an ad is marked as spam and it is deactivated, only then the buttons/icons appear. Your 100+ previous marked ads are not deactivated, so for this the buttons/icons dont appear
if you need the check spam page for them, you could deactivate them quickly with this statement
UPDATE `/*prefix*/t_item` SET `b_active` = "0" WHERE `b_spam` = "1"
-
Just saw this:
04 June 2017 - 13:43:43 Global log was cleared cron
But the auto-cleanup is set to one week with no size set. And 1.6.9 was installed 2 days ago i think.
-
Is the complete log cleared or is there just this message?
The cron will be called every day, but he should only delete entries older than your duration you have set.
-
Is the complete log cleared or is there just this message?
The cron will be called every day, but he should only delete entries older than your duration you have set.
Everything was cleared and i see just this one log.
-
Today i saw two IDENTINTICAL ads flagged as spam. One (false) stopword in both was the reason. BUT the ads were duplicate also.
What happens in that case ? I mean if a new ad is also duplicate with an old one but also has a stopword ?
Also are the admin manual activation with your plugin checked ? I guess not ? Because i activated both ads are they were duplicates, still nothing happened.
-
An other problem i found today. Some new ads with stopwords inside were posted and not filtered.
So what happened: the ads were posted without stopwords and apparently after posted they were EDITED. When an ad is edited i see no filtering at all.
-
Everything was cleared and i see just this one log.
I'll take a look there
Today i saw two IDENTINTICAL ads flagged as spam. One (false) stopword in both was the reason. BUT the ads were duplicate also.
What happens in that case ? I mean if a new ad is also duplicate with an old one but also has a stopword ?
Also are the admin manual activation with your plugin checked ? I guess not ? Because i activated both ads are they were duplicates, still nothing happened.
The check for duplicates is the last in the "list", because this means most of work for the server, if another reason is found for spam, the plugin flag the item as spam and don't do another check
Idk, i have to check, if the used hooks are running at admin edit form also :o
An other problem i found today. Some new ads with stopwords inside were posted and not filtered.
So what happened: the ads were posted without stopwords and apparently after posted they were EDITED. When an ad is edited i see no filtering at all.
from the first release on, i'm using both hooks for post and edit items to check for spam. for testing purposes i'm using most time the same ad and edit it... and the spam filter is working... idk what happened there.
-
An other problem i found today. Some new ads with stopwords inside were posted and not filtered.
So what happened: the ads were posted without stopwords and apparently after posted they were EDITED. When an ad is edited i see no filtering at all.
from the first release on, i'm using both hooks for post and edit items to check for spam. for testing purposes i'm using most time the same ad and edit it... and the spam filter is working... idk what happened there.
Just created a user myself and posted a normal ad. Then i edited the ad with some stopwords. The ad is NOT flagged.
Just to be 100% sure.
::)
-
Just to rule out this
- you are not logged in as admin?
- which theme you are using?
-
Just to rule out this
- you are not logged in as admin?
- which theme you are using?
Logged as admin for what ? Editing the ad of the pseudo-user ? No. As the user.
I'm using OsclassWizards theme.
-
Logged as admin for what ? Editing the ad of the pseudo-user ? No. As the user.
I'm using OsclassWizards theme.
I'm asking this, because the spam protection does not work, if you are logged in as admin also.
I'm using OsclassWizards theme.
Ok, there i know, that the needed hook for editing the ads exists.
-
Liath it is pretty easy to replicate this. Create a user, post a regular ad. Then edit the ad as a user and add some stop word.
-
I did already and it was correct marked as spam because of found stopword.
edit:
with two new accounts... it works all correct for me
My steps:
- create user account
- activate user account
- login to user account
- post an ad as user (without stopword)
- activate ad as admin
- logout from admin
- edit ad as user (with stopword)
- login as admin
- ad was marked correct as spam
-
I did already and it was correct marked as spam because of found stopword.
edit:
with two new accounts... it works all correct for me
My steps:
- create user account
- activate user account
- login to user account
- post an ad as user (without stopword)
- activate ad as admin
- logout from admin
- edit ad as user (with stopword)
- login as admin
- ad was marked correct as spam
What i have diffrently from the above: the ads are activated when posted, no need for the admin to activate it.
-
this shouldn't change anything... idk why this is not working for you, maybe someone else can test this in a different environment?
-
Ok, tested it again. After editing with stop words my ads becomes invalidated and tells me to validate it. Apparently i can't, this is a wrong message.
So you are right.
I will test more of this, since i dunno why it didn't work in the first place.
-
Yes, this is the standard message of your theme, and this message appears, because the ad is deactivated if spam was found. Maybe i can stop this message and change it to something what concrete the meaning.
edit
like this maybe
Your listing needs to be moderated, please have patience until it is released.
-
in file ../functions/frontend.php ~15
change
function sp_check_item($item) {
$user = osc_logged_user_id();
$check = spam_prot::newInstance()->_checkForSpam($item);
if (is_array($check)) {
spam_prot::newInstance()->_markAsSpam($check['params'], $check['reason']);
}
}
to
function sp_check_item($item) {
$user = osc_logged_user_id();
$check = spam_prot::newInstance()->_checkForSpam($item);
if (is_array($check)) {
spam_prot::newInstance()->_markAsSpam($check['params'], $check['reason']);
ob_clean();
osc_add_flash_error_message(__("Your listing needs to be moderated, please have patience until it is released.", "spamprotection"));
header('Location: '.osc_base_url());
exit;
}
}
edit
later i'll make this optional, so you can choose to inform the user or not. But it should always block all other messages i think
-
@Liath i will try to do the above, but it will take a while ....
-
1.7.0 uploaded
- Option added to block all messages after an ad is posted
- Option added to inform the user, that the ad has to moderated, if spam was found
-
1.7.0 uploaded
- Option added to block all messages after an ad is posted
- Option added to inform the user, that the ad has to moderated, if spam was found
With all 3 options related to that ENABLED (or the two of them excluding the 2nd like the capture above), it seems to work fine. When all 3 enabled, only one message is displayed (that the ad needs to be moderated) and nothing else.
Great news.
-
With all 3 options related to that ENABLED (or the two of them excluding the 2nd like the capture above), it seems to work fine. When all 3 enabled, only one message is displayed (that the ad needs to be moderated) and nothing else.
Great news.
Exactly what it should do... :)
-
With all 3 options related to that ENABLED (or the two of them excluding the 2nd like the capture above), it seems to work fine. When all 3 enabled, only one message is displayed (that the ad needs to be moderated) and nothing else.
Great news.
Exactly what it should do... :)
This is what i said, maybe i didn't wrote it well ....
-
This is what i said, maybe i didn't wrote it well ....
no :) it was more meant as "good, it does the job well"
-
This is what i said, maybe i didn't wrote it well ....
no :) it was more meant as "good, it does the job well"
So go ahead and upload it to Market, so others may benefit also ....
8)
-
no more errors or unwanted notices in debug.log?
-
no more errors or unwanted notices in debug.log?
There are some but ... you know ... they never stop. So ...
But since you asked, here they are:
[08-Jun-2017 03:29:58 America/Los_Angeles] PHP Warning: strpos(): Empty needle in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 908
[08-Jun-2017 03:29:58 America/Los_Angeles] PHP Warning: strpos(): Empty needle in /home/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 910
-
do you have a comma at last sign in your stopwords list?
-
do you have a comma at last sign in your stopwords list?
No. Just checked.
-
hmm, there is nothing in your list what could cause this... this error should not occur anymore, when you
change ~907, ~932, ~954
} else {
to
} else if (!empty($search)) {
-
Liath i haven't done those changes and i haven't seen those errors again. Not sure what happened, but happened once.
Also i don't see any other errors or problems in 1.7.0.
This doesn't mean there are not any, it means i did not find any myself. Others may step in ....
-
Well... i think it's time to upload it to the market :)
Then i have more time for my next big project ::)
-
I hope we have eliminated all issues, so it will be published soon
-
Good job Liath!
Thank you for your work!
-
Thank you all for your support :)
-
I hope we have eliminated all issues
Does such a script exist in the universe (bug-free) ?
;D
-
Does such a script exist in the universe (bug-free) ?
;D
not in this universe ;D
-
Does such a script exist in the universe (bug-free) ?
;D
not in this universe ;D
We all live in a yellow subroutine (submarine).
-
Liath, out of curiocity, the top information about banned users and the log of banned users: is ever cleared or we have deleted one by one the logs in there ?
-
this "logs" you have to delete manually or activate the user, then this log entry is deleted also
-
Liath i have a problem with 1.7. It doesn't seem to auto-delete INACTIVATED accounts.
Any ideas ?
Thanks !
-
maybe because of the wrong date?
-
maybe because of the wrong date?
What do you mean ? And i'm talking about NON ACTIVATED accounts (Inactive) or accounts i MANUALLY set to Inactive.
-
i've looked on the date from your first screenshot... so idk what happened, have to search for any issues there
thx for reporting :)
-
i've looked on the date from your first screenshot... so idk what happened, have to search for any issues there
thx for reporting :)
When i find a spammer i don't block him, i deactivate his account. That should also count as Inactive by your plugin. No ?
-
Normally it should. All inactive useraccounts older then your specified delay, should be deleted automatically.
-
Normally it should. All inactive useraccounts older then your specified delay, should be deleted automatically.
Just checked with Butler plugin that does the very same job (one of them) and it does clean them. So apparently some bug or something.
-
An other problem with 1.7.
I have set the auto-clean of global.log to one month. Still, i see it was completetly wipped yesterday (13 June 2017 - 12:10:06 Global log was cleared - Cron).
Thanks
-
Also in 1.7 the "Automatically delete logs after " can't be set to Disable. Doesn't save. Reverts to 1 day.
-
Liath a serious problem. I BLOCK a user manually. When the user logs in he becomes UNBLOCKED.
I disable your plugin and the user remains blocked (suspended). No logs no nothing recorded on why.
Found that during some tests for an other problem with banned users.
oops !
-
oh ok, i'll take a look there, thx for this info
-
When a user post an ad twice, the plugins says duplicate found for the newer ad.
Check 3016 and says duplicate for 3017?
-
hmm strange... maybe the user edited the first ad and run into duplicate mechanism for last ad?
-
i dont think so. I noticed a few times before and on different sites. There is only 1 or 2 minutes difference between the first and second ad.
I let you know if ot happens again
-
ok thx
-
other site, same issue
not a big problem, but a little strange
2720 is not allowed because of 2721
-
I think we can ignore it first and see why this happens ... I've seen many times that first dummy posts are created and then edited and filled with spam.
For this I have included from the beginning the edit form with in the spam check
-
As i said is not a problem.
But it are real ads and not spam ads
Only thing i have to do is check the spam more often :)
-
Look at the time of the ads.
9072 is published at 01.12
9073 is published at 00.42
seems like impossible to me
Maybe thats why the ad is marked as duplicated.
-
@Tito Just did some tests and i don't see anything wrong ? But maybe i miss your point.
Does the following capture seems ok to you or not ?
-
In your case the ad 28376 is not blocked.
In my case the original first ad of a new user, 9072, is blocked also.
And in the time you see that the ad with id is post at 01.12, and the ad with id 9073 at 00.42.
That is not possible right?
-
Actually not, unless the publisher can travel to the past :o
-
@Liath Did some random tests today (unrelated to this plugin) using Osclass 3.7.3 and SpamProtection v1.7.0 + a bunch of other plugins and got one of these:
PHP Notice: Undefined offset: 2 in C:\Bitnami\wampstack-5.6.30-2\apache2\htdocs\oc-content\plugins\spamprotection\functions\backend.php on line 57
Thanks
-
Liath, my theme uses custom forms for Contact and Comments, so what are the functions that need to be hooked to these forms for the Comment Protection and Contact Protection to work?
Should be something like: <?php if (function_exists('sp_comment_stopwords')) { sp_comment_stopwords(); } ?> Right?
-
You don't need to change anything there, your custom forms should not affect the plugin, the used hooks are integrated to the core of Osclass, not in your theme
-
You don't need to change anything there, your custom forms should not affect the plugin, the used hooks are integrated to the core of Osclass, not in your theme
Then it doesn't work for me. ;D
Tested with Stopwords and Links and the comments/messages are still getting posted. Nothing gets marked as spam.
I'm using Madhouse Messenger (https://market.osclass.org/plugins/messaging/madhouse-messenger_175) on Mcfly (https://market.osclass.org/themes/general/mcfly-theme-with-live-search_634) and I have custom functions in the theme for comment.php and contact.php.
-
McFly theme uses a lot of custom code (many, many classes are duplicated from the core, for customization, and core files are practically not used at all).
Your best chance is to contact the author and ask to make their theme compatible with this plugin, as you are not allowed to share it's source code without permission.
Although, it should work with any theme, the reason why it does not is probably because of some details, and the theme author should know quickly why, so it is the fastest way to solution.
-
I want to protect my page from spam comments :D http://capitulonovela.com (http://capitulonovela.com)
-
I want to protect my page from spam comments
Your site is Wordpress and not Osclass, so either you have no idea about all that, or you are just a spammer.
-
McFly theme uses a lot of custom code (many, many classes are duplicated from the core, for customization, and core files are practically not used at all).
When core functions are overwritten, it's normal that plugins can't work properly... I would never use a theme like this...
Without this Hooks it isn't easy to use this functionality, because you need some informations after submitting, that are sended through this hooks
-
I want to protect my page from spam comments :D Ca***ulo N***la
I have reported your post as spam, i can't see any reason how this plugin could help you with your wordpress page
-
Without this Hooks it isn't easy to use this functionality, because you need some informations after submitting, that are sended through this hooks
Unfortunately developer support is practically dead for the Madhouse themes/plugins I'm using, as they answer to tickets in 2-3 weeks (if you're lucky) - I don't even dare to hope at updates from them. :D
And having spent quite a bit of money on their suff, I'm stuck with it and I need to hack into the code myself and fix/adapt what I can...
So that's why I was asking about the hooks that need to be added to my Contact/Comment forms.
The weird thing is that the Spam Solution Plugin (https://market.osclass.org/plugins/security/spam-solution-plugin_318) Banwords functionality, works out of the box with the comments section, no hook needed.
However, I like your plugin better and I really want to make it work. :'(
Thanks!
-
You could take a look in index.php, there are all hooks that i've used... the needed functions are splitted in functions/backend.php and functions/frontend.php
In your case, you need the Comment id to deliver it to the function.... when you find a way to send it after a comment is submitted, try...
<?php if (function_exists("sp_check_comment")) { sp_check_comment(COMMENT ID); ?>
-
I've just seen that 1.7.0 is published on Osclass Market
-
I've just seen that 1.7.0 is published on Osclass Market
Any ideas when an update will be available for 1.7 ? It has many and serious problems.
-
I think i can start next week... at moment i have to finish other things... sorry
-
It seems that with 1.7 i can't add more stopwords. I add a few, save, but they are not there.
I can delete all of them and the add a few, it works.
Put back my full words, i can't add anything. No errors anywhere.
-
It seems that with 1.7 i can't add more stopwords. I add a few, save, but they are not there.
:o I didn't changed anything there and the database field can save 4GiB on data
edit:
i'll check his later with a large amount of stopwords and look what happens
-
It seems that with 1.7 i can't add more stopwords. I add a few, save, but they are not there.
:o I didn't changed anything there and the database field can save 4GiB on data
edit:
i'll check his later with a large amoount of stopwords and look what happens
Actually do not spend time on this, could be my pc and my browser. I had today a disk crash and i had to restore everything, so could be a problem with me. Some block or whatever.
-
ok, then i'll wait
-
I've just seen that 1.7.0 is published on Osclass Market
Any ideas when an update will be available for 1.7 ? It has many and serious problems.
@Aficionado Could you please compile a list of all the issues you found, so it would be easier for Liath to check and fix?
Thanks!
-
@Aficionado Could you please compile a list of all the issues you found, so it would be easier for Liath to check and fix?
Thanks!
Found and verified.
1. The global log is cleared totally different from the selected options.
2. Some of the global log duration settings don't save.
3. If you have a manually blocked user, when the user logs in ...he becomes unblocked !!! Disabling the protection user form, solves this.
-
I have only 3 issues:
1: still get ads marked as spam as the user post 2 or more ads in a short time. All the ads are marked as spam of this user. Is not a bad thing in my opinion :D Maybe the plugin thinks for me and help me a little.
2: On every site where i use the plugin i cannot click on configure in plugin page. Allways gaves me a white page with this link in the browser: oc-admin/index.php?page=plugins&action=renderplugin&file=/home/.../domains/.....com/public_html/oc-content/plugins/spamprotection/admin/config.php&tab=settings.
3. Setting the cron in registrations and protection forms change many times automatic back to run cron every hour instead of my settings
-
2: On every site where i use the plugin i cannot click on configure in plugin page. Allways gaves me a white page with this link in the browser: oc-admin/index.php?page=plugins&action=renderplugin&file=/home/.../domains/.....com/public_html/oc-content/plugins/spamprotection/admin/config.php&tab=settings.
You mean from the Plugins admin page you click on the plugin Configure ?
For me it works and goes to:
https://www. website .com/oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
White page (White Screen of Death) with php means usually a fatal error (like out of memory for example). And the url you post seems strange, why the full path of your site is used ? Doesn't seem right.
-
this is really strange... i think this can only happens, when you have a wrong path in config.php or something else
-
It only happens wit the spam plugin. Every other plugin go the setting page
And not on 1 site but at many sites.
Is not a white page of death
This is what happens: see the image
-
It only happens wit the spam plugin. Every other plugin go the setting page
And not on 1 site but at many sites.
Is not a white page of death
This is what happens: see the image
Well i remember this is an old problem for you, you did post that a while back. Seems not resolved for you. The URL is not what you should have, it is wrong the the "file=/......". That suggest some path problem.
Now, you say you only see this with Liath's plugin and this is kinda strange. And you say "many sites", on the same server/setup i guess ?
-
It only happens wit the spam plugin. Every other plugin go the setting page
And not on 1 site but at many sites.
Is not a white page of death
This is what happens: see the image
Do you use anything like caching or CDN ?
-
go to... functions/backend.php ~132
change
function sprot_configuration() {
osc_admin_render_plugin(SPP_PATH . '/admin/config.php&tab=settings');
}
to
function sprot_configuration() {
osc_admin_render_plugin_url('spamprotection/admin/config.php&tab=settings');
}
sorry... it's a leftover
-
I never said this before because it could be my mistake somewhere.
I used more then 1 server and more different themes
Only once i had an issue with server settings and Liath helped me out ;D
Hereby the php settings, can you see something wrong here?
-
I never said this before because it could be my mistake somewhere.
Well Liath posted a fix, does it work for you ?
The strange is that why (unfixed) doesn't work for you and works for others ?
Oh... well .... nevermind .... if this is solved now ....
-
go to... functions/backend.php ~132
change
function sprot_configuration() {
osc_admin_render_plugin(SPP_PATH . '/admin/config.php&tab=settings');
}
to
function sprot_configuration() {
osc_admin_render_plugin_url('spamprotection/admin/config.php&tab=settings');
}
sorry... it's a leftover
gives me this:
oc-admin/index.php?page=plugins&action=admin&plugin=spamprotection/index.php&CSRFName=CSRF220801469_301817847&CSRFToken=d48932b32331c9b850cdfc207e1e58b915ffd3276aded35b8ef78af9b86a559bf04f14fb926f541f7c0e1f075ceb081f12e51500dafb2a8859bda6070d70e329
-
I never said this before because it could be my mistake somewhere.
Well Liath posted a fix, does it work for you ?
The strange is that why (unfixed) doesn't work for you and works for others ?
Oh... well .... nevermind .... if this is solved now ....
Now what?
You feel bad that you cannot say it is a hosting issue?
Only thing i want to do is help Liath with some issues. For me its no problem at all.
I am very satisfied whit his plugin and saves me really lot of time and his support is much better then other paid plugins
-
Now what?
You feel bad that you cannot say it is a hosting issue?
hey dude, i spend my time trying to help you but it seems you are crazy. What hosting crap you say ? Cut the crap and go on with your life.
Enough shit i'm getting.
-
go to... functions/backend.php ~132
change
function sprot_configuration() {
osc_admin_render_plugin(SPP_PATH . '/admin/config.php&tab=settings');
}
to
function sprot_configuration() {
osc_admin_render_plugin_url('spamprotection/admin/config.php&tab=settings');
}
sorry... it's a leftover
Liath why it works for me (and others from what i see) without the fix ?
-
hey dude, i spend my time trying to help you but it seems you are crazy. What hosting crap you say ? Cut the crap and go on with your life.
Enough shit i'm getting.
Never asked you for help and i never would.
I try to give my issues at Liath and you dont have to respond for him
Your are not the developer so better stay out with your crap crazy dude
-
Never asked you for help and i never would.
I try to give my issues at Liath and you dont have to respond for him
Your are not the developer so better stay out with your crap crazy dude
Then make a private forum in your server and continue the chat with whoever you want. These are public forums, community forums, that people try to help each other the best the can, for free.
I will post and participate in whatever i want, if i'm within the rules. We are all guests here, Liath included.
-
You feel bad that you cannot say it is a hosting issue?
Now i get what you say. Yes, actually it could be a hosting problem, as the other problem you filled this thread with. Session problems, who knows. And who cares. You don't, why should we all ?
Sorry to tell you but 99% of the problems i read here, are hosting related. You like it or not.
bye
-
It seems that with 1.7 i can't add more stopwords. I add a few, save, but they are not there.
:o I didn't changed anything there and the database field can save 4GiB on data
edit:
i'll check his later with a large amount of stopwords and look what happens
Liath, don't laugh please:
I tried to add some stop words with Capital the first letter. For some reason after you save those are moved at the START of the list, but i wansn't looking there.
I was looking at the end or/and in their corespondant letter (for Adoption for example i was looking at "a" keywords to see if saved.
All is saving right.
Apologies.
-
One question for Liath: The IP ban works separately from the Osclass ban system. Wouldn't be better for your plugin to add the IPs to Osclass IP ban system ?
Are there any limitations or other matters that do not allow that ?
Thanks !
-
An other problem with 1.7.
In Admin form protection, while i have set IP ban (and not account ban), the Account is banned and NOT the IP.
After 5 failed attempts to the Admin Login page, my account is banned (a random account) but i'm able to login via my normal admin account. And no IP is shown in the Ban list of IPs but the banned user has an entry.
Thanks !
-
Liath, don't laugh please:
::) :-X
;D ;D
One question for Liath: The IP ban works separately from the Osclass ban system. Wouldn't be better for your plugin to add the IPs to Osclass IP ban system ?
I'll work on this, it's just a preparation for a more efficient IP Ban System with IP-Ranges and more
In Admin form protection, while i have set IP ban (and not account ban), the Account is banned and NOT the IP.
Strange... i'll check this...
@Tito and Aficionado
I'm really appreciated for your help and your support, but please... we are all here to help each other.... please do not argue
-
@Tito and Aficionado
I'm really appreciated for your help and your support, but please... we are all here to help each other.... please do not argue
I'm sorry but i only accept the blaim when i'm guilty. Sometimes maybe i'm. Not this time. Not in here. Tito is upset because i always say that 99% of the problems i read here are due to poor hosting plans. Maybe he should talk to the other guy yesterday that lost all his site at Arvixe hosting.
And please, if anybody has any problem with me, take it to the admins here. I'm really really sick and tired of all this.
-
gives me this:
oc-admin/index.php?page=plugins&action=admin&plugin=spamprotection/index.php&CSRFName=CSRF220801469_301817847&CSRFToken=d48932b32331c9b850cdfc207e1e58b915ffd3276aded35b8ef78af9b86a559bf04f14fb926f541f7c0e1f075ceb081f12e51500dafb2a8859bda6070d70e329
:o this should not happen.... it's the same like all other plugins, except the parameter for the tab.... i'm diving deeper into core to check this and find a solution that will work on all systems
I'm sorry but i only accept the blaim when i'm guilty. Sometimes maybe i'm. Not this time. Not in here. Tito is upset because i always say that 99% of the problems i read here are due to poor hosting plans. Maybe he should talk to the other guy yesterday that lost all his site at Arvixe hosting.
I know... most problems are 20cm in front of the monitor or some hundrets miles away in poor datacenters... but we shouldn't talk here about this :)
-
I know... most problems are 20cm in front of the monitor or some hundrets miles away in poor datacenters... but we shouldn't talk here about this :)
Do not talk about this, Do not talk about that. No problem. I'm also good in read-only mode on these Forums. There is plently of educated people to help others, no need for me.
Liath let's close this. thanks.
-
Alright, so until now we have the following issues:
@Aficionado Could you please compile a list of all the issues you found, so it would be easier for Liath to check and fix?
Thanks!
Found and verified.
1. The global log is cleared totally different from the selected options.
2. Some of the global log duration settings don't save.
3. If you have a manually blocked user, when the user logs in ...he becomes unblocked !!! Disabling the protection user form, solves this.
I have only 3 issues:
1: still get ads marked as spam as the user post 2 or more ads in a short time. All the ads are marked as spam of this user. Is not a bad thing in my opinion :D Maybe the plugin thinks for me and help me a little.
2: On every site where i use the plugin i cannot click on configure in plugin page. Allways gaves me a white page with this link in the browser: oc-admin/index.php?page=plugins&action=renderplugin&file=/home/.../domains/.....com/public_html/oc-content/plugins/spamprotection/admin/config.php&tab=settings.
3. Setting the cron in registrations and protection forms change many times automatic back to run cron every hour instead of my settings
go to... functions/backend.php ~132
change
function sprot_configuration() {
osc_admin_render_plugin(SPP_PATH . '/admin/config.php&tab=settings');
}
to
function sprot_configuration() {
osc_admin_render_plugin_url('spamprotection/admin/config.php&tab=settings');
}
sorry... it's a leftover
gives me this:
oc-admin/index.php?page=plugins&action=admin&plugin=spamprotection/index.php&CSRFName=CSRF220801469_301817847&CSRFToken=d48932b32331c9b850cdfc207e1e58b915ffd3276aded35b8ef78af9b86a559bf04f14fb926f541f7c0e1f075ceb081f12e51500dafb2a8859bda6070d70e329
One question for Liath: The IP ban works separately from the Osclass ban system. Wouldn't be better for your plugin to add the IPs to Osclass IP ban system ?
Are there any limitations or other matters that do not allow that ?
Thanks !
An other problem with 1.7.
In Admin form protection, while i have set IP ban (and not account ban), the Account is banned and NOT the IP.
After 5 failed attempts to the Admin Login page, my account is banned (a random account) but i'm able to login via my normal admin account. And no IP is shown in the Ban list of IPs but the banned user has an entry.
Thanks !
Hope this will make it easier for Liath to keep track of everything.
Cheers!
-
Thank you TangoX
This error is also unsolvedLiath i have a problem with 1.7. It doesn't seem to auto-delete INACTIVATED accounts.
Any ideas ?
Thanks !
-
There's this issue also:
PHP Notice: Undefined offset: 2 in C:\Bitnami\wampstack-7.0.18-0\apache2\htdocs\oc-content\plugins\spamprotection\functions\backend.php on line 57
My debug log is getting spammed with this notice.
-
funny, this shouldn't happen :o
this is to load needed files only on plugin configuration page, not for the whole admin area, there it looks for the loaded file... and this should be the same for all... but i'll look there to prevent this
-
Liath, as a suggestion for when you start working on the plugin again, is it possible to add a User Whitelist for the Stopwords checking?
For example if an admin decides to block all messages containing links, but has some verified users that are allowed to use links in ads.
He should be able to bypass the Stopwords checking by whitelisting those users.
The attached image shows what i mean.
Thanks!
EDIT: My bad, the Bad/Trusted User feature does exactly the above.
This plugin never ceases to amaze me.
Amazing work Liath!
-
This plugin never ceases to amaze me.
Amazing work Liath!
Thank you :)
I'm glad, that it is helpful for you and all others
-
Liath, i just realized the plugin puts a couple of css/js resources to the head.
It this necessary for the front-end too, or can you make it available just for the admin dashboard?
-
can you explain which resources you mean? Normally the plugin loads needed files only there where they are needed.
-
can you explain which resources you mean? Normally the plugin loads needed files only there where they are needed.
<link href="http://website.com/oc-content/plugins/spamprotection/assets/css/style.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="http://website.com/oc-content/plugins/spamprotection/assets/js/script.js"></script>
<script type="text/javascript" src="http://website.com/oc-content/plugins/spamprotection/assets/js/jquery.hideMyEmail.min.js"></script>
There three resources are loaded in every page, the index page, search pages, item page - everywhere.
I'm not sure if it is required in each page?
-
I can confirm this.
Are those resources really necessary, as it might affect the performance of the page?
-
I'll check and optimize this :)
-
A problem: An ad is flagged as spam due to a (wrong) stopword. But actually it is also a duplicate.
So i activate it and it is posted without check for duplicate.
I know this is a rare situation and i'm only posting this as a small observation.
-
A problem: An ad is flagged as spam due to a (wrong) stopword. But actually it is also a duplicate.
So i activate it and it is posted without check for duplicate.
I know this is a rare situation and i'm only posting this as a small observation.
Nice observation.
Liath, could first checking the duplicacy, and only then checking the stopword be a possible solution?
-
The checks are sorted by server load. The ones with the least effort come first. The duplicate check is the most elaborate, therefore it comes at last, but the order could be changed in
../classes/class.spamprotection.php ~624
function _checkForSpam(...) {
...
}
-
The checks are sorted by server load. The ones with the least effort come first. The duplicate check is the most elaborate, therefore it comes at last, but the order could be changed in
../classes/class.spamprotection.php ~624
function _checkForSpam(...) {
...
}
Then could we do the following: Check for Dups when Admin Activates an ad via your plugin ?
-
Maybe we can add a new button to check ad page, where we can activate a complete scan for this ad
-
Maybe we can add a new button to check ad page, where we can activate a complete scan for this ad
Nope. That adds extra work for the admin and complicates things. Why not check for dupe when activate from your options ?
-
Because it loads the server each time, which is may be undesirable. So i think it would be the best to make this optional via plugin settings.
-
Because it loads the server each time, which is may be undesirable. So i think it would be the best to make this optional via plugin settings.
What load you mean ? How often someone activates an ad from your plugin ? Rarely.
-
I think i can start next week... at moment i have to finish other things... sorry
@Liath any news on the next update? :D
-
Hi,
Am looking forward to using this plugin! I did install it, but when I go to configure the plugin
it makes this call: http://mysite.com/oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
But instead of configure screen, it takes me to the home page of my site. I am running latest version
of OsClass with PHP v.5.6.3. Any help on this would be appreciated. btw.. I did check error log and was nothing
in the errorlog in the ~/public_html directory.
thanks!!
Sudo
-
You can try this as a quick fix:
oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=sp_config
-
Hi Tito,
Tried: oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=sp_config
same result. went to the home page.
-
Which osclass version you are using?
-
He already posted that
;)
Which osclass version you are using?
But instead of configure screen, it takes me to the home page of my site. I am running latest version
of OsClass with PHP v.5.6.3.
-
oh damn :o
but i can't find any error or something else with this link... do you have modified something from this plugin or from osclass core?
edit:
please open your developer tools from your browser and take a look at "console" for possible errors
-
An other check that (maybe) can be done with the plugin: Sometimes scam and spam ads are posted from a different IP address than the User had when he was registered.
Of cource this could be normal, and from the same pool of IPs. BUT usually an adsl connection is not reset for a long time.
Not sure if this could be checked but it would be nice as a spam/fraud factor.
Just an idea.
Thanks !
-
this depends on your internet provider and the type of connection, how often your ip is changed... some provider renew them daily, another weekly, monthly, etc...
from my provider i get sometimes ip's like 200.xxx.xxx.xx sometimes like 80.xxx.xxx.xx totally different pools... so i think it isn't possible
-
this depends on your internet provider and the type of connection, how often your ip is changed... some provider renew them daily, another weekly, monthly, etc...
from my provider i get sometimes ip's like 200.xxx.xxx.xx sometimes like 80.xxx.xxx.xx totally different pools... so i think it isn't possible
Sure but that doesn't happen in a few hours time. Usually the registration and the post of an ad is a few hours of difference.
Anyway, i had to suggest that.
-
If users are behind NAT (common in IPv4 setups with limited pools), their IP can change in like 5 minutes, but they will usually be on the same network (e.g. A.B.C.*). However, are you really willing to block other 253 potential users (in case of IPv4)? Not including mobile networks with dynamic IPs, and open WiFis.
That kind of bans should be only temporary in nature, due to very high false positive risks. Identifying modern user by IP only is a thing of the past.
-
Hi,
Checked developer console, didn't find anything remarkable. Uninstalled and re-installed. reset permissions on everything to 755, Re-check error logs, nothing. Also have not made any changes to the core os-class. Very strange..... I dunno know what else to try to get it to configure. Any ideas?
Thanks in advance,
Sudo
-
If users are behind NAT (common in IPv4 setups with limited pools), their IP can change in like 5 minutes, but they will usually be on the same network (e.g. A.B.C.*). However, are you really willing to block other 253 potential users (in case of IPv4)? Not including mobile networks with dynamic IPs, and open WiFis.
That kind of bans should be only temporary in nature, due to very high false positive risks. Identifying modern user by IP only is a thing of the past.
Who is talking about users ban ?
I was talking about an extra factor to mark an ad as a spam/scam. Nothing else.
Also the above scenarios, are just scenarios. Not what i'm seen in real onine site.
-
Hi,
Checked developer console, didn't find anything remarkable. Uninstalled and re-installed. reset permissions on everything to 755, Re-check error logs, nothing. Also have not made any changes to the core os-class. Very strange..... I dunno know what else to try to get it to configure. Any ideas?
Thanks in advance,
Sudo
is that an nginx server ?
-
If users are behind NAT (common in IPv4 setups with limited pools), their IP can change in like 5 minutes, but they will usually be on the same network (e.g. A.B.C.*). However, are you really willing to block other 253 potential users (in case of IPv4)? Not including mobile networks with dynamic IPs, and open WiFis.
That kind of bans should be only temporary in nature, due to very high false positive risks. Identifying modern user by IP only is a thing of the past.
Who is talking about users ban ?
I was talking about an extra factor to mark an ad as a spam/scam. Nothing else.
Also the above scenarios, are just scenarios. Not what i'm seen in real onine site.
Whatever ban it is (user, ip, post), the information you are hoping to take into account is not a reliable factor. Let's stop there.
-
Hi,
Checked developer console, didn't find anything remarkable. Uninstalled and re-installed. reset permissions on everything to 755, Re-check error logs, nothing. Also have not made any changes to the core os-class. Very strange..... I dunno know what else to try to get it to configure. Any ideas?
Thanks in advance,
Sudo
is that an nginx server ?
Nope.
-
A problem with 1.7 (and previous versions). Location is always empty (with a comma).
Thanks !
-
Hi,
Checked developer console, didn't find anything remarkable. Uninstalled and re-installed. reset permissions on everything to 755, Re-check error logs, nothing. Also have not made any changes to the core os-class. Very strange..... I dunno know what else to try to get it to configure. Any ideas?
Thanks in advance,
Sudo
Please activate osclass debug mode, maybe there are some messages from interest to solve this problem: https://doc.osclass.org/Debug_PHP_errors
A problem with 1.7 (and previous versions). Location is always empty (with a comma).
Thanks !
i'll take a look there
-
An other also problem with 1.7.
Manually deleting banned users, needs some update in the counter on the top of the dashboard. Seems to be one user off.
I mean, i had two banned, deleted one by one, but at the end shows ONE. I need to refresh the page to get all cleared.
Thanks
-
thx
-
Liath
Those are in my error.log (not debug.log). They could be because of your plugin ?
PHP Warning: Cannot assign an empty string to a string offset in /home/oc-includes/osclass/ItemActions.php on line 358
PHP Warning: Cannot assign an empty string to a string offset in /home/oc-includes/osclass/ItemActions.php on line 152
PHP Warning: A non-numeric value encountered in /home/oc-includes/osclass/ItemActions.php on line 1285
-
I don't have this messages, but i'll watch this... thank you
-
I don't have this messages, but i'll watch this... thank you
I didn't had this also. It seems to happens in July. Not sure from where it comes, i haven't touched anything for ages in Osclass, apart from your plugin. And PHP 7.1 from 7.0.x. Maybe that could also be the cause.
-
PHP Warning: Cannot assign an empty string to a string offset in /home/oc-includes/osclass/ItemActions.php on line 358
PHP Warning: Cannot assign an empty string to a string offset in /home/oc-includes/osclass/ItemActions.php on line 152
Don't think it is related to this plugin, this part of code is related to custom fields you have, and most probably the update to PHP 7.1 you did. Can you test posting some ads and make notes of the cf values you have entered? This will give us a clue.
PHP Warning: A non-numeric value encountered in /home/oc-includes/osclass/ItemActions.php on line 1285
[correction] Not sure about this one, could be also related to PHP 7.1, it is related to item price (sorry, misread the line number).
-
Don't think it is related to this plugin, this part of code is related to custom fields you have, and most probably the update to PHP 7.1 you did. Can you test posting some ads and make notes of the cf values you have entered? This will give us a clue.
PHP Warning: A non-numeric value encountered in /home/oc-includes/osclass/ItemActions.php on line 1285
[correction] Not sure about this one, could be also related to PHP 7.1, it is related to item price (sorry, misread the line number).
I don't have custom fields.
I will watch this closely and i just enabled also debug.
Can you explain to me when Osclass writes to error.log ? since no debug was enabled ?
-
It's the same thing, your hosting has enabled it for you at all times.
-
It's the same thing, your hosting has enabled it for you at all times.
It is not the same thing. debug.log is much more "sensitive" to errors. Usually the error.log had some fatal errors. Anyway, i will keep an eye on this, since it happened to only ONE site from the 5 i run. And that is rather strange.
-
PHP Warning:
PHP Warning:
PHP Warning:
Those are not errors, but warnings.
Osclass does change* error reporting level, which may be different to what your hosting decided to be critical, so there is why you can see some difference. But anything beyond notice should usually be reported in either files.
Also, if your error.log has fatal errors, debug.log would have them too if they are Osclass related (note they are mutually exclusive).
As explained many times before, Osclass doesn't do anything smart with logging, just redirects PHP's output to a local file. The only difference is the error reporting level*, that can be changed through directive (if supported* by hosting).
-
I think i can start next week... at moment i have to finish other things... sorry
@Liath any news on the next update? :D
Liath?
-
sorry for the delay, i'll post here, when the new version is ready to download
-
With the recent problems (....) i tried to login to admin doing tests and i see myself as IP banned user.
BUT then i can login in admin with my correct userid/password. Why, since the IP is banned. Is that normal ?
Thanks
-
You mean banned by the SPam plugin?
Because i see many banned ipadresses same ip adresses.
Also must not be possible, because the ip is banned right?
Also noticed many from attempts from the other german and african hoster you mentioned yesterday: hetzner or so: 5.9.156.74
-
You mean banned by the SPam plugin?
Because i see many banned ipadresses same ip adresses.
Also must not be possible, because the ip is banned right?
I'm talking about Admin IP ban. While i see my IP/user was banned (because of my tests), i can still login if the admin username and password is correct. That should not happen i think.
-
With the recent problems (....) i tried to login to admin doing tests and i see myself as IP banned user.
BUT then i can login in admin with my correct userid/password. Why, since the IP is banned. Is that normal ?
Thanks
i'll take a look
-
Just tested but no way i can get acces.
But it most be impossible to acces because my ip is banned also.
Strange indeed
-
With the recent problems (....) i tried to login to admin doing tests and i see myself as IP banned user.
BUT then i can login in admin with my correct userid/password. Why, since the IP is banned. Is that normal ?
Thanks
i'll take a look
Admin IP ban doesn't work BUT Users login IP ban works:
Information! Your account is disabled due to too much of false login attempts. Please contact support.
-
Just tested but no way i can get acces.
But it most be impossible to acces because my ip is banned also.
Strange indeed
Strange. Do you have enabled the " Inform admin how many tries are remaining " ? If yes, can you disable it and try again ?
-
Just tested but no way i can get acces.
But it most be impossible to acces because my ip is banned also.
Strange indeed
Ok, i also get that
"Information! Your account is disabled due to too much of false login attempts. Please contact the webmaster."
BUT only when using a wrong id/password. Is that normal ?
I mean a banned IP is a banned IP, no matter what.
-
No...
normally it should be there anytime, after a ban/block
@Tito
do you have enabled ban or block for admins?
-
Everywhere i use the same settings:
Login limit reached
Action done after false logins
BOTH
-
thanks, i'll look there
-
Just tested at another site.
NO ip ban at all
In database is my ip
I could login with other admin and also make more try with the blocked admin
-
File: ../classes/class.spamprotection.php
Line: ~1239
Change:
function _checkAdminBan($ip) {
$this->dao->select('*');
$this->dao->from($this->_table_bans);
$this->dao->where("s_ip", $ip);
$this->dao->like("s_name", "Admin/Mod");
$result = $this->dao->get();
if ($result && $result->numRows() > 0) {
return true;
}
return false;
}
To:
function _checkAdminBan($ip) {
$table = unserialize($this->_get('sp_ipban_table'));
if (in_array($ip, $table)) {
return true;
}
$this->dao->select('*');
$this->dao->from($this->_table_bans);
$this->dao->where("s_ip", $ip);
$this->dao->like("s_name", "Admin/Mod");
$result = $this->dao->get();
if ($result && $result->numRows() > 0) {
return true;
}
return false;
}
File: ../classes/class.spamprotection.php
Line: ~1287
in:
} elseif ($action == '2') {
//$this->_addGlobalLog('Admin account banned', $name, 'Login Limit');
$this->dao->delete($this->_table_sp_logins, '`s_name` = "'.$name.'"');
$this->_doIpBan('add', $ip);
$this->_addBanLog('ban', 'falselogin', $name, $ip, 'admin');
}
comment this out:
$this->dao->delete($this->_table_sp_logins, '`s_name` = "'.$name.'"');
it should looks like this:
} elseif ($action == '2') {
//$this->_addGlobalLog('Admin account banned', $name, 'Login Limit');
//$this->dao->delete($this->_table_sp_logins, '`s_name` = "'.$name.'"');
$this->_doIpBan('add', $ip);
$this->_addBanLog('ban', 'falselogin', $name, $ip, 'admin');
}
-
Just replied to Smartey in the other topic that a fix will come soon :)
At the moment i am busy with coping the fix from conejo to many sites
When i finished i try this fix and let you know
Thanks a lot!
-
I've tried it on two pages, for me it's working fine
-
Thanks Liath. After tomorrow's Osclass updates (?), i will try all that and let you know.
-
In next version i will remove the htaccess editor... for all who want to remove them now:
File: ../admin/settings.php
Line: 22
remove:
<li class="subtab-link" data-tab="sp_htaccess"><a><?php _e('.htaccess Editor', 'spamprotection'); ?></a></li>
File: ../admin/settings.php
Line: 194-219
remove:
<div id="sp_htaccess" class="subtab-content">
<fieldset>
<legend><?php _e(".htaccess Editor", "spamprotection"); ?></legend>
<div class="row form-group">
<div id="attention">
<div id="attention_content">
<h2><?php _e('ATTENTION!!!', 'spamprotection'); ?></h2>
<p><?php _e('Do not edit this file, unless you know what you do! Corrupt .htaccess files can cause errors for your whole webpage!', 'spamprotection'); ?></p>
<p>
<button id="attention_ok" class="btn btn-green"><?php _e('Ok', 'spamprotection'); ?></button>
<button id="attention_save" class="btn btn-green" data-file="<?php echo '../oc-content/plugins/'.osc_plugin_folder(__FILE__).'config.php'; ?>"><?php _e('Don\'t remember', 'spamprotection'); ?></button>
</p>
</div>
</div>
<?php
if (!$htaccess_writable) {
echo '<h3>'.__('(File is not writable)', 'spamprotection').'</h3>';
} else {
?>
<small><?php _e('Beware of editing this file, unless you know what you\'re doing!!!', 'spamprotection'); ?></small>
<textarea class="form-control" name="sp_htaccess" style="height: 200px;"<?php //if (!$htaccess_writable) { echo ' disabled="disabled"'; } ?>><?php if (!empty($htaccess_content)) { echo $htaccess_content; } ?></textarea>
<?php if (osc_get_preference('htaccess_warning', 'plugin_spamprotection') == '1') { echo '<input type="hidden" name="attention_htaccess" value="1" />'; } ?>
<?php } ?>
</div>
</fieldset>
</div>
File: ../classes/class.spamprotection.php
Line: 513-521
change:
} if (!empty($params['sp_htaccess']) && isset($params['attention_htaccess'])) {
$htaccess_file = ABS_PATH.'/.htaccess';
$htaccess_writable = is_writable($htaccess_file);
if ($htaccess_writable) {
if (!file_put_contents($htaccess_file, $params['sp_htaccess'])) {
return false;
}
}
}
to:
}
-
In next version i will remove the htaccess editor... for all who want to remove them now:
Well it is about time, we told you so a long time ago, both me and dev101.
No reason to make things easier for ....
-
Liath pls do not fix all problems at once.
;D
-
Just FYI, this is not a bug.
when
oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
is executed i get:
Sorry MYIP, your request cannot be processed.
For security reasons, it was blocked and logged.
If you believe this was an error please contact the
webmaster and enclose the following incident ID:
That was from Ninja Firewall. Going to see the real why, it shows that i was trying to access a configuration file.
Now the problem is not the spam plugin.
I tried to Configure ALL my plugins, half of them were blocked.
(edit: as long as you find the offending rule, you can disable it)
-
Liath pls do not fix all problems at once. ;D
I'm working on an update now ;D
That was from Ninja Firewall. Going to see the real why, it shows that i was trying to access a configuration file.
Maybe it is helpful if i rename config.php
-
Due to latest "activities" i'm thinking about a file system integrity check... but i don't have any knowledge about :D
anyone has a good idea or can give me the right direction to this?
-
1. The global log is cleared totally different from the selected options.
2. Some of the global log duration settings don't save.
3. If you have a manually blocked user, when the user logs in ...he becomes unblocked !!! Disabling the protection user form, solves this.
1. solved
2. solved
3. solved but not 100% tested
1: still get ads marked as spam as the user post 2 or more ads in a short time. All the ads are marked as spam of this user. Is not a bad thing in my opinion :D Maybe the plugin thinks for me and help me a little.
2: On every site where i use the plugin i cannot click on configure in plugin page. Allways gaves me a white page with this link in the browser: oc-admin/index.php?page=plugins&action=renderplugin&file=/home/.../domains/.....com/public_html/oc-content/plugins/spamprotection/admin/config.php&tab=settings.
3. Setting the cron in registrations and protection forms change many times automatic back to run cron every hour instead of my settings
1. don't know how to solve this (need more informations)
2. this i have to solve later (need more information also) - (should be solved through renaming of config.php)
3. solved
Liath i have a problem with 1.7. It doesn't seem to auto-delete INACTIVATED accounts.Any ideas ?Thanks !
solved
Maybe it is helpful if i rename config.php
It could help, since this is the second time i encounter this problem. Mod_security with Comodo WAF and now with the Ninja wrapper.
done
can you explain which resources you mean? Normally the plugin loads needed files only there where they are needed.
<link href="http://website.com/oc-content/plugins/spamprotection/assets/css/style.css (http://website.com/oc-content/plugins/spamprotection/assets/css/style.css)" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="http://website.com/oc-content/plugins/spamprotection/assets/js/script.js (http://website.com/oc-content/plugins/spamprotection/assets/js/script.js)"></script>
<script type="text/javascript" src="http://website.com/oc-content/plugins/spamprotection/assets/js/jquery.hideMyEmail.min.js (http://website.com/oc-content/plugins/spamprotection/assets/js/jquery.hideMyEmail.min.js)"></script>
There three resources are loaded in every page, the index page, search pages, item page - everywhere.
I'm not sure if it is required in each page?
done
-
Due to latest "activities" i'm thinking about a file system integrity check... but i don't have any knowledge about :D
anyone has a good idea or can give me the right direction to this?
I will release this plugin soon (it will be free), it is based on old member work here (Trains), but I have done some considerable changes. Also, it is not perfect, I have many ideas... but damn not the time. I had to do some things the ugly way, because I had some strange compatibility issues between servers (shared vs vps), so had to do it to be functional.
dev101
-
I will release this plugin soon (it will be free)
How did you do it? You are checking the files or filesize?
I've tested both ways now and think to check the size of all files would be the best. Only thing i have to find out is to exclude /downloads and /uploads
-
Everything, actually, using SHA1 hash (but can be easily replaced with SHA256 or SHA512).
File can be changed even if you just change permissions, for example.
I had issues with exclusions on some servers, so had to construct a really ugly code with regex and ... you'll see. But, it works fine.
-
at moment i'm testing two versions...
1. check existing files with php extension only, serialize this array and return md5 hash (it's working perfect, but it doesn't check for modified files)
2. check filesize of all files (for this i need to exclude permanently changed directories like /downloads and /uploads)
removed
do you have any idea, how i can exclude this directories here?
-
Let's not hijack this topic :)
It works using SPL Iterator class, and it will also report empty directories, not just files. I will post it to github, just making final checks...
-
thx :)
-
Liath i have a problem with 1.7. It doesn't seem to auto-delete INACTIVATED accounts.
Any ideas ?
Thanks !
solved
-
Maybe it is helpful if i rename config.php
It could help, since this is the second time i encounter this problem. Mod_security with Comodo WAF and now with the Ninja wrapper.
-
An other security block from the firewall when trying to save stopwords:
POST /oc-admin/index.php - DOCUMENT_ROOT variable in HTTP request
Also it seems that the rule 510 that blocks the above is very important to Ninja firewall and it is greyed-out and can't be disabled.
-
1: still get ads marked as spam as the user post 2 or more ads in a short time. All the ads are marked as spam of this user. Is not a bad thing in my opinion :D Maybe the plugin thinks for me and help me a little.
2: On every site where i use the plugin i cannot click on configure in plugin page. Allways gaves me a white page with this link in the browser: oc-admin/index.php?page=plugins&action=renderplugin&file=/home/.../domains/.....com/public_html/oc-content/plugins/spamprotection/admin/config.php&tab=settings.
3. Setting the cron in registrations and protection forms change many times automatic back to run cron every hour instead of my settings
1. don't know how to solve this (need more informations)
2. this i have to solve later (need more information also)
3. solved
Number 1 and 2 still happens. How can i help you with information?
See the example.
1.11 the first ad is placed. Is active.
Then 1.18 the second ad and blocked both.
The 3th try at 1.43 is normal. Because the user doesnt see his first ad anymore :)
-
Hi Liath, any news about an update ?
-
it will come soon, i'm testing some changes and upload it to the market after this
edit:
at moment i don't have enough time to bring my blog back... but i could send you a download link if you want to test it before i upload it to the market
-
it will come soon, i'm testing some changes and upload it to the market after this
edit:
at moment i don't have enough time to bring my blog back... but i could send you a download link if you want to test it before i upload it to the market
I don't want to push or anything. Just to know. Take your time, no rush.
Thanks
-
it will come soon, i'm testing some changes and upload it to the market after this
@Liath if you're fixing and republishing the plugin, maybe you could rebrand it also, as it became more than just a Spam Protection plugin.
For example, you could call it Osclass Security Suite.
Also, with dev-101 permission, maybe you could integrate the Advanced File Monitor (https://github.com/dev-101/advanced-file-monitor/releases), in your plugin.
This would make it the most complete security solution for Osclass.
PS: after you're done, don't forget to also upload to Github (https://github.com/AmFearLiath/osclass-spam-protection).
Thanks!
-
@Liath if you're fixing and republishing the plugin, maybe you could rebrand it also, as it became more than just a Spam Protection plugin.
For example, you could call it Osclass Security Suite.
i've renamed it already ;D
Also, with dev-101 permission, maybe you could integrate the Advanced File Monitor (https://github.com/dev-101/advanced-file-monitor/releases), in your plugin.
This would make it the most complete security solution for Osclass.
I've thought about this already... at first i wanted to build this kind of monitor by my own for this plugin, but dev101 was faster...
to integrate it... i dont know...
PS: after you're done, don't forget to also upload to Github (https://github.com/AmFearLiath/osclass-spam-protection).
1.7.1 development is uploaded on github
-
Hello developers,
i have a query,
few module of your plugin gets conflict with minifyer plugin and my website html+js, gets overhide with each other, :(
assets/js/jquery.hideMyEmail.min.js
minifyer couldn't minify this js , it shows outside in frontend, :-\
so, i have deleted below chunk of code-- from folder function/frontend.php
osc_register_script('spam_protection-hideMail', osc_plugin_url('smpt/assets/js/jquery.hideMyEmail.min.js') . 'jquery.hideMyEmail.min.js', array('jquery'));
osc_enqueue_script('spam_protection-hideMail');
& my website get start working, :)
but ??? let me know !! after removing above chunk of code from frontend.php ! will it create any trouble in future.
thanks,
-
no, you can safely remove this... it will be also removed in next version
-
I wish there was something to Block TORs because nothing good ever comes from that (for ads).
-
that should be feasible
-
Hello, great plugin/
There are a couple of questions.
1. I moderate the ads and clear the code, leaving only <p>
In the database gets to the example
<p>Произвожу ремонт любых аквариумных светильников с любыми лампами Т8 и Т5.<br />
Также ремонт аквариумного светильника Aquatlantis.<br />Замена неисправных комплектующих.<br />
Установка дополнительных ламп.<br />Модернизация и переоборудование светильников и крышек.<br />
Частный профессиональный мастер.<br />Привозить метро Октябрьское поле без выходных с 9.00-23.00.<br />
Подробнее на сайте remontsvetaumi<br />Или Ремонт аквариумных светильников на метро Октябрьское поле</p>
The next day, the user places an ad again
<p><span style="font-family: Tahoma;">Произвожу ремонт любых аквариумных светильников с любыми лампами Т8 и Т5.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Также ремонт аквариумного светильника Aquatlantis.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Замена неисправных комплектующих.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Установка дополнительных ламп.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Модернизация и переоборудование светильников и крышек.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Частный профессиональный мастер.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Привозить метро Октябрьское поле без выходных с 9.00-23.00.</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Подробнее на сайте remontsvetaumi</span><br style="margin: 0px; padding: 0px; outline: 0px; font-family: Tahoma;" />
<span style="font-family: Tahoma;">Или Ремонт аквариумных светильников на метро Октябрьское поле</span></p>
The plugin passes it as a different code
2. Display title and description
http://prntscr.com/g3qqqx
It is more convenient to compare.
-
try to use method similar text and adjust the value for similarity...
duplicates can only be found, if they are the same, if you edit them, they cannot be found as duplicate
-
Thanks for the answer.
This is understandable, I have configured.
I can not not edit ads, then the dirty code on the site.
The editor does not clean the code (rich edit)
It does not remove <span>
Then there would be no problem.
Not planned to make the duplicate side by side to compare visual
-
Hello.
Who removes ads?
http://prntscr.com/g49kdw
Disable checkboxes to remove
http://prntscr.com/g49kq2
-
The cleaner function always check which option is activated, so normally it isn't possible that items/user or something else is cleaned without activated option...
please watch this and report if it happens again...
-
1.7.1 is uploaded to the market.... it should be available soon
all changes can be seen here: https://forums.osclass.org/plugins/(plugin)-spam-protection/msg153469/#msg153469 (https://forums.osclass.org/plugins/(plugin)-spam-protection/msg153469/#msg153469) (this post is updated with all fixes i have done)
all other suggestions/issues will be added/solved later
-
Most of the problems are fixed in 1.7.1, some other problems .... we need some cleanups cron to be done .... to know.
all in all a big thanks !!!
-
we need some cleanups cron to be done
can you explain what exactly you mean?
all in all a big thanks !!!
i have to thank you all also... for your continous support and testing... and to the osclass team for the very very fast review of this version
-
can you explain what exactly you mean?
I mean that in order to see for example IF non-activated accounts are now deleted, we need some CRON cleanup so we can tell.
-
The global clearing doesn't work right. I have set it to a week but see:
-
i thought i've fixed that :( in my tests all was ok
i'll check this and test it in a longer timerange...
-
i thought i've fixed that :( in my tests all was ok
i'll check this and test it in a longer timerange...
Also Clear Now doesn't seem to do any clearing at all but adds a line in the log "Global log was cleared"
-
yes i see
-
The global clearing doesn't work right. I have set it to a week but see:
go to ../classes/class.spamprotection.php ~2330
change
$this->dao->delete($this->_table_sp_globallog, 'dt_date >= "'.$time.'"');
to
$this->dao->delete($this->_table_sp_globallog, 'dt_date <= "'.$time.'"');
this should solve this issue completely, normally i had fixed this but i think i have overwritten it with another file without this changes ::)
but...
i'll check this and test it in a longer timerange...
-
Liath after the above little change, the Manual Cleanup seems work fine. I guess the auto cleanup also will work, still i will have to observe it for a while. Not a major problem, since everything else seem to work fine.
8)
-
thank you :)
-
I wish there was something to Block TORs because nothing good ever comes from that (for ads).
what do you think about this script? https://github.com/zayedaljaberi/block-tor-users
-
Hi.
Removed right before my eyes
http://prntscr.com/g6ne3j
Ads Normal
-
for the moment, please set the delay after which ads are cleaned as high as possible, to prevent further cleaning... i will check and try to fix this in the next update
i don't know why this is happened to you...
-
Sorry for my french))
I removed the checkbox a long time
I saw ads marked with spam and at 8.00 am cron deleted them
I did not even have time to check them
Ads only an hour and have already retired themselves ((
-
I wish there was something to Block TORs because nothing good ever comes from that (for ads).
what do you think about this script? https://github.com/zayedaljaberi/block-tor-users
I have no idea. Is it any good ?
-
it is working with htaccess, but i think we shouldn't make use of them in this case, because we want to block new ads only
so... no, it isn't good for us... i'm working on an own solution where i receive the tor nodes list to a file and compare the user ip with them before edit/post ad page is loaded
-
it is working with htaccess, but i think we shouldn't make use of them in this case, because we want to block new ads only
so... no, it isn't good for us... i'm working on an own solution where i receive the tor nodes list to a file and compare the user ip with them before edit/post ad page is loaded
yes that makes more sense. You mean you will block only ads posted via a tor ip ? Did i got that right ?
or also logins and registrations ?
-
here is what happened:
Selected to view the Global log. Several information in the 1st page, i selected the second page. The second page was ... empty .... or appeared to be empty.
After that the whole global log is empty with "10 August 2017 - 11:44:35 Global log was cleared".
But i didn't do anything to clear it and the time to clear is one week.
Funny all that. Not sure what happened. OR the log was already empty and i just saw some cached version or some other mess happened.
;D ;D
-
1.7.1 from my debug log:
PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 334
The above was present in 1.7 also and i'm not sure it is due to your plugin. I will have to disable it for a few days to find out. What do you think ?
___
PHP Notice: Undefined index: s_email in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2210
PHP Notice: Undefined index: pk_i_id in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2211
-
yes that makes more sense. You mean you will block only ads posted via a tor ip ? Did i got that right ?
or also logins and registrations ?
it's easy to implement it all... i can make it optional and everyone can set it by themself
Funny all that. Not sure what happened. OR the log was already empty and i just saw some cached version or some other mess happened.
this is really funny... later, if i have more time, i'll check the whole global log system...
The above was present in 1.7 also and i'm not sure it is due to your plugin. I will have to disable it for a few days to find out. What do you think ?
it's worth a try
PHP Notice: Undefined index: s_email in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2210
PHP Notice: Undefined index: pk_i_id in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2211
thanks.... i'll check this
-
Liath checking the whole debug log i think the DB notice comes from your plugin, since all the notices are from the same timeframe exactly:
[09-Aug-2017 16:42:01 Europe/London] PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 334
[09-Aug-2017 16:42:01 Europe/London] PHP Notice: Undefined index: s_email in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2210
[09-Aug-2017 16:42:01 Europe/London] PHP Notice: Undefined index: pk_i_id in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2211
[09-Aug-2017 16:42:01 Europe/London] PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 334
[09-Aug-2017 16:42:01 Europe/London] PHP Notice: Undefined index: s_email in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2210
[09-Aug-2017 16:42:01 Europe/London] PHP Notice: Undefined index: pk_i_id in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2211
-
fixed this issues
-
Hi
Global log сleans every day.
In the settings is once a week.
Perhaps because of the database?
Plugin:
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_global_log` (
`pk_i_id` INT NOT NULL AUTO_INCREMENT,
`s_reason` TEXT NULL DEFAULT NULL,
`s_account` VARCHAR(255) NULL DEFAULT NULL,
`s_done` VARCHAR(255) NULL DEFAULT NULL,
`dt_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Mysql:
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_global_log` (
`pk_i_id` INT NOT NULL AUTO_INCREMENT,
`s_reason` TEXT NULL DEFAULT NULL,
`s_account` VARCHAR(255) NULL DEFAULT NULL,
`s_done` VARCHAR(255) NULL DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
1.7.1 Cleanups have deleted more than 200 users in 4 days. Not sure why, i'm disabling the Inactivated users cleanup ....
Impossible to have so many inactivated users.
-
Ok, an update to the above. My users count is not modified, so the logs of the plugin must be wrong.
No users are deleted actually. I don't know if the correct users are actually deleted (the non-activated) but definitely the log entry is wrong.
-
Hi.
I catch an error:
PHP Warning: in_array() expects parameter 2 to be array, boolean given in /oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1231
-
Hi.
I catch an error:
PHP Warning: in_array() expects parameter 2 to be array, boolean given in /oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1231
Version of the plugin ?
-
Anti Spam & Protection System v1.7.1
-
Ok, an update to the above. My users count is not modified, so the logs of the plugin must be wrong.
No users are deleted actually. I don't know if the correct users are actually deleted (the non-activated) but definitely the log entry is wrong.
ugly... please deactivate the cleaner for now... i'll check this
Hi.
I catch an error:
PHP Warning: in_array() expects parameter 2 to be array, boolean given in /oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1231
i'll fix this... for now you can ignore this
-
I think the false log entrys happens, because the system cannot delete this user... i don't know why for now but i will have an eye on this...
i've fixed this with moving the log entry after the function for deleting ads/user/comments returns true... so no more false log entrys should appear
The new function for blocking TOR Network user is going well, i've added functions for checking login, registration, post ads, post comments and send contact mails.... have to check all functions, but my cron makes me angry... seems it doesnt work properly and i cannot check the auto refresh of network nodes
-
I think the false log entrys happens, because the system cannot delete this user... i don't know why for now but i will have an eye on this...
I don;t think so. Because in my case there are NO users to delete. So those logs are just wrong for some reason. I have around 5 unverified per week and your plugins shows 10-20 deteted per run. Can't be happening ....
-
I need to test the functionality for the new Anti TOR System, after this i'll upload newest Version to my Blog... the address changed temporarily from .tk to .ml
I think with the changes i've mentioned above, this would not happen again
-
For TOR Network Protection...
New ads, login and contact mails work fine, I can not check the functionality of the comments because I have my own system....
only registrations do not work... still, I've uploaded 1.7.2 now, maybe it's just a bug on my system
in this version i've fixed some issues mentioned here also
my blog is temporarily available under new name.... instead of .tk use .ml
-
Your download link goes to .tk and kabooom.
:'(
-
sorry... works now
-
sorry... works now
You are forgiven !!!!
:P
-
1.7.2
Until now no debug errors, no global log problems, and TOR list is refreshed all-right (i hope it works also).
Thanks again !
8)
-
can you try the comments and registrations via TOR? i cannot test this on my system
-
can you try the comments and registrations via TOR? i cannot test this on my system
I could if i knew how.
-
just download the tor browser ;D
it is based on mozilla firefox. you dont need to configure it.
-
just download the tor browser ;D
it is based on mozilla firefox. you dont need to configure it.
Ok, registration IS allowed (wrong because it is selected not to) but login not allowed.
-
ok... thank you
-
ok... thank you
I will do more tests tomorrow and post any info here.
-
With 1.7.2 Non-activated users are not deleted.
-
Just FYI, this is not a bug.
when
oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=settings
is executed i get:
Sorry MYIP, your request cannot be processed.
For security reasons, it was blocked and logged.
is this problem solved now?
With 1.7.2 Non-activated users are not deleted.
found the error...
../classes/class.spamprotection.php ~2271
change
elseif ($type == 'user') {
foreach ($clean as $id) {
$user = User::newInstance()->findByPrimaryKey($id);
if (isset($user['pk_i_id'])) {
if (User::newInstance()->deleteUser($user['pk_i_id'])) {
$this->_addGlobalLog('User account deleted by Cleaner (Account ID: '.$user['pk_i_id'].')', (isset($user['s_email']) ? $user['s_email'] : 'No Email address'), 'Cron');
}
}
}
}
to
elseif ($type == 'user') {
foreach ($clean as $id) {
$user = User::newInstance()->findByPrimaryKey($id['pk_i_id']);
if (isset($user['pk_i_id'])) {
if (User::newInstance()->deleteUser($user['pk_i_id'])) {
$this->_addGlobalLog('User account deleted by Cleaner (Account ID: '.$user['pk_i_id'].')', (isset($user['s_email']) ? $user['s_email'] : 'No Email address'), 'Cron');
}
}
}
}
this change should eliminate also messages like: .../httpdocs/oc-includes/osclass/classes/database/DBCommandClass.php on line 334
edit:
i've uploaded changed files without changing version number
-
PHP Fatal error: Uncaught Error: Class 'Debugger' not found in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php:2251
Stack trace:
#0 /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php(2227): spam_prot->_cleanDatabaseDo('spam', '30', '10', 'ads')
#1 /home/oc-includes/osclass/classes/Plugins.php(34): spam_prot->_cleanDatabase()
#2 /home/oc-includes/osclass/helpers/hPlugins.php(34): Plugins::runHook('cron_hourly')
#3 /home/oc-includes/osclass/cron.php(70): osc_run_hook('cron_hourly')
#4 /home/index.php(78): require_once('/home/s...')
#5 {main}
thrown in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2251
__
Is it enough to comment out line 2251 and 2254 (those below) ?
$debug = new Debugger;
$debug->do_log('debug', $clean);
-
yes... i always forget this -.-
-
With the latest 1.7.2 the global log is cleared daily instead of my settings (a week).
-
>:( sorry, i cannot test it properly, my cron isn't working right... i think i have to fix this first
-
../classes/class.spamprotection.php ~ 2388
change
function _clearGlobalLog($by, $lifetime = false) {
if ($lifetime) {
$time = date('Y-m-d H:i:s', strtotime($lifetime));
} else {
$time = date('Y-m-d H:i:s', time());
}
$this->dao->delete($this->_table_sp_globallog, 'dt_date <= "'.$time.'"');
$this->_addGlobalLog('Global log was cleared', '', $by);
}
to
function _clearGlobalLog($by, $lifetime = false) {
if ($lifetime) {
$time = date('Y-m-d H:i:s', strtotime('-'.$lifetime));
} else {
$time = date('Y-m-d H:i:s', time());
}
$this->dao->delete($this->_table_sp_globallog, 'dt_date <= "'.$time.'"');
$this->_addGlobalLog('Global log was cleared', '', $by);
}
after this change, only log entrys older than your settings will be deleted
corrected version is uploaded... (without $debug ;D )
-
[16-Aug-2017 04:59:41 Europe/London] PHP Notice: Undefined variable: handle in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 959
[16-Aug-2017 04:59:41 Europe/London] PHP Warning: fclose() expects parameter 1 to be resource, null given in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 959
-
thank you... i've fixed this already in my version
$handle should be $file
-
../classes/class.spamprotection.php ~ 2388
change
function _clearGlobalLog($by, $lifetime = false) {
if ($lifetime) {
$time = date('Y-m-d H:i:s', strtotime($lifetime));
} else {
$time = date('Y-m-d H:i:s', time());
}
$this->dao->delete($this->_table_sp_globallog, 'dt_date <= "'.$time.'"');
$this->_addGlobalLog('Global log was cleared', '', $by);
}
to
function _clearGlobalLog($by, $lifetime = false) {
if ($lifetime) {
$time = date('Y-m-d H:i:s', strtotime('-'.$lifetime));
} else {
$time = date('Y-m-d H:i:s', time());
}
$this->dao->delete($this->_table_sp_globallog, 'dt_date <= "'.$time.'"');
$this->_addGlobalLog('Global log was cleared', '', $by);
}
after this change, only log entrys older than your settings will be deleted
corrected version is uploaded... (without $debug ;D )
Nope. I manually did the above and see:
-
that could be normal... after your changes the cleaner only deletes entrys older than "one day", "one week"... etc.
i have to move the message about the clearance, maybe to delete it
because... the plugin scans every hour for entrys they can be deleted, but delete only this they are older then your settings
edit:
bullshit :o
the plugin runs the cron once per day, so i dont know why you get this message after an hour again :o
-
that could be normal... after your changes the cleaner only deletes entrys older than "one day", "one week"... etc.
i have to move the message about the clearance, maybe to delete it
because... the plugin scans every hour for entrys they can be deleted, but delete only this they are older then your settings
edit:
bullshit :o
the plugin runs the cron once per day, so i dont know why you get this message after an hour again :o
Manually cleared everything, reinstalled the 1.7.2 (fixed) from your site and wait to see what happens. No worries ...
-
Very latest 1.7.2
PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 334
-
I can see some problems in the attached capture.
1. There is a Global Log is Cleared log but the log is not cleared (it shouldn't clear anyway and that is good)
2. I see some duplicate remove from ban_log
3. Never saw those bans to start ...
-
This is a very old bug still unfixed.
When using duplicate check for title/body with Similarity check, when a dup if found and flagged, the AD linked and found dup for is WRONG.
See my captures for more explanations:
-
Pls see the attached picture. Several logs (2 or 3 for the same thing, activating an ad within your plugin)
-
it appears that almost all loging is duplicating and sometimes more than 2 times for the same action.
-
ugly, i never saw this before
-
ugly, i never saw this before
Isn't anyone else having those ? Am i alone ?
:'(
-
Today i tried 3 times a fresh osclass installation.
I cannot see the settings page. If i enter /oc-admin/index.php?page=plugins&action=renderplugin&file=spamprotection/admin/config.php&tab=sp_config it give me just a white page
If i click on configure it dont bring me to the settings for update database and so.
Also tried on both 3 installations to make duplicated ads, so i can reach the settings page frome there. But no duplicated ads where found. Even i make exact copies with same title.
So for me.... 1.7.2 doesnt work at all
-
White (blank) page usually means a fatal error.
-
Not a fatal error, but a warning:
Backend log: PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /home/@@@/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 959\n, referer: https://www.###.com/user/dashboard
-
Not a fatal error, but a warning:
Backend log: PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /home/@@@/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 959\n, referer: https://www.###.com/user/dashboard
I had reported that in previous page. It is due to TOR list, fixed in 1.7.2 (REdownload it, no version change).
-
I downloaded yesterday
Right before i posted
So i dont think anything is changed
Also dont have access to the settings page have nothing to do with the TOR thing
Because i have this since about version 1.5
I fix this to copy the url from another installation, but with the new 1.7.2 this doesnt work anymore
-
I downloaded yesterday
Right before i posted
So i dont think anything is changed
Also dont have access to the settings page have nothing to do with the TOR thing
Because i have this since about version 1.5
I fix this to copy the url from another installation, but with the new 1.7.2 this doesnt work anymore
Isn't that exactly your error ?
-
line 959: fclose($file);
exactly as Liat said
-
line 959: fclose($file);
exactly as Liat said
Ok, then you have an other underline problem. Also the cfg url of the plugin has been changed, in order not to trigger any firewall rules in hosting environments.
For me 1.7.2 works great in all my sites.
-
@tito googling your problem, they say it could be (and i think it is) a Permissions problem.
You use Linux server, don't you ?
-
If i update the plugin there is no problem.
Only on new installations there is
For me it is not a problem, i have almost all previous versions.
I just use an old version and then do the the update.
But for other new users of the plugin there will be a problem.
And because Liath is one of the few people around here that is doing great things i think he deserves good things back also.
Thats why i tell what happend.
If it was someone else i just fix things and let it without telling.
Second thing is, i am more then happy with how this plugin makes live more easy with all the good things it do.
Thirth, plugins with the same or less posibillties are for sale also and Liath's plugin is for free and he gives more support and attention then paid ones
-
Well, delete all my previous posts...... :-[ :-[ :-[ :-[ :-[ :-[ :-[
Because i was working outside in the dark ( i have a lightened keyboard) i didnt notice the settings icon in the topbar. Because he is black, just as the topbar. And now in the light i see the icon.
Problem solved. Stupid me :)
But then, why no ads are marked as duplicated. I will look into this later today.
And i am almost sure, the php warning is because of i copied the url like i just to do a few versions earlier.
Lucky Liath didnt see mi posts yet ;)
-
@tito problem solved ? PHP error solved ? How that can be i wonder .....
-
I have no php error anymore.
The error was because i copied the url from another site to the new site. Thats made the error
-
I have no php error anymore.
The error was because i copied the url from another site to the new site. Thats made the error
Ok, great. Liath will be happy.
;D
-
Ok, great. Liath will be happy.
;D
Of course ;D
-
For me 1.7.2 works great in all my sites.
the problem with your firewall is solved also? Would be good to know for the future, if it was caused through the name of config.php
-
For me 1.7.2 works great in all my sites.
the problem with your firewall is solved also? Would be good to know for the future, if it was caused through the name of config.php
yeap. problem with the firealls is solved. Both my provider's and my software wrapper (Ninja fw, thanks dev101 !!!).
SOLVED. GONE !!!!
-
SOLVED. GONE !!!!
Perfect...
just to remember me.... never use files named config in plugins ;D
-
a preview for the next update
-
Today a week passed and a week was defined for global log auto-cleanup. And worked allright, cleaned all older entries.
-
yes, i've checked this also today and all entrys older then one week are cleared correct...
good to know, one problem more solved :)
-
a preview for the next update
Looks very good!
-
yes, i've checked this also today and all entrys older then one week are cleared correct...
All great minds are in sync i suppose ...
8)
-
Looks very good!
this was the last feature i absolutely wanted to have it included in this plugin. The performance is awesome, with my test it scans the whole osclass installation folder in less then one second... i wanted also more informations about the files they are affected, to have a good overview
All great minds are in sync i suppose ...
8)
always ;D
-
Liath could you check (and possibly solve) the Duplicates check/flag when Similarity is used ? In the flagged ad, the "duplicate" older ad is totally wrong.
It is easy to check and replicate it, happens all the time.
:'(
-
Liath an other thing, not new, posted before.
I use the IP Block for Accounts protection. So when multiple failed attempts happen, the message is that the account is disabled and contact support.
But that is 100% wrong. No account is disabled but the IP is blocked. And there is no need to contact anyone, since the ban is lifted automatically after the configured timer.
Also for some reason the banned user list contains the blocked account.
What do you think about it ? Am i missing something ?
Thanks !
-
Liath could you check (and possibly solve) the Duplicates check/flag when Similarity is used ? In the flagged ad, the "duplicate" older ad is totally wrong.
It is easy to check and replicate it, happens all the time.
:'(
I've thought this is solved some versions ago :o
Liath an other thing, not new, posted before.
I use the IP Block for Accounts protection. So when multiple failed attempts happen, the message is that the account is disabled and contact support.
But that is 100% wrong. No account is disabled but the IP is blocked. And there is no need to contact anyone, since the ban is lifted automatically after the configured timer.
Then i need to make this kind of messages configurable or you could use the translation file to modify this message for you
Also for some reason the banned user list contains the blocked account.
What do you think about it ? Am i missing something ?
sorry, i didn't fully understand
-
Liath could you check (and possibly solve) the Duplicates check/flag when Similarity is used ? In the flagged ad, the "duplicate" older ad is totally wrong.
It is easy to check and replicate it, happens all the time.
:'(
I've thought this is solved some versions ago :o
Nope, i re-posted a few days back.
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg154381/#msg154381
-
Liath an other thing, not new, posted before.
I use the IP Block for Accounts protection. So when multiple failed attempts happen, the message is that the account is disabled and contact support.
But that is 100% wrong. No account is disabled but the IP is blocked. And there is no need to contact anyone, since the ban is lifted automatically after the configured timer.
Then i need to make this kind of messages configurable or you could use the translation file to modify this message for you
Or change the message to
Your % is temporarily blocked due bla bla
and the variable should refect the selection, account or IP. Or something like that, you got the picture.
-
Or change the message to
Your % is temporarily blocked due bla bla
and the variable should refect the selection, account or IP. Or something like that, you got the picture.
good idea, i'll think about a workaround.... but for now this has a low priority for me ;D
-
Hi,
I'm having trouble installing the plugin, I'm getting the error below. Please help. Thanks
Plugin couldn't be installed because of: Error importSQL::spam_prot
/oc-content/plugins/spamprotection/assets/create_table.sql
-
Hi,
I'm having trouble installing the plugin, I'm getting the error below. Please help. Thanks
Plugin couldn't be installed because of: Error importSQL::spam_prot
/oc-content/plugins/spamprotection/assets/create_table.sql
Is it the 1st time you install this plugin ?
-
normally there is no error, please delete all tables regarding to this plugin in your database and try again
-
i think i'm ready now with the new feature: file monitor system
i've tested it about a long time, with absolutely null false positives. it's really fast (depends on your installation size: 1-3sec)
in my environment: +10k files with >350MB needs 0.6s for a complete scan
i will upload it first to my blog the next hour, when someone of you could try the new feature and write some respond, i can upload it to the market
-
i test for you :)
-
thx :)
but its not uploaded now
-
i wait for the next hour ;)
-
you dont need to wait... i've cleaned the code (i hope ;D ) and uploaded it a minute ago...
-
I have geklickt :)
-
you dont need to wait... i've cleaned the code (i hope ;D ) and uploaded it a minute ago...
31/Aug/17 18:42:46 #1461846 high Rule#510 MY IP HERE POST /oc-admin/index.php - DOCUMENT_ROOT variable in HTTP request - [POST:sp_files_directory = /home/somepath/website.com/]
-
i'm only using osclass core function osc_base_path(), but dont think that this is caused through this. where did this message appear?
-
i'm only using osclass core function osc_base_path(), but dont think that this is caused through this. where did this message appear?
I was blocked by the firewall (Ninja wrapper) when saving options. Wasn't like that in 1.7.2.
-
In 1.7.3 duplicate check doesn't work (in both options, similar and md5).
See:
-
My post about 1.7.2:
Also tried on both 3 installations to make duplicated ads, so i can reach the settings page frome there. But no duplicated ads where found. Even i make exact copies with same title.
I will install osclass new with only spam plugin and gonna test it
-
In 1.7.3 duplicate check doesn't work (in both options, similar and md5).
See:
Ok some more info on that. Dups do not work WHEN SET TO 0 (zero, all ads). With 360 for example or 180 works fine.
31 August 2017 - 12:08:15 Duplicate title for itemID 8218 detected: Similarity: 100% System
-
Liath could you check (and possibly solve) the Duplicates check/flag when Similarity is used ? In the flagged ad, the "duplicate" older ad is totally wrong.
It is easy to check and replicate it, happens all the time.
:'(
I've thought this is solved some versions ago :o
Fixed in 1.7.3
-
Deleting an ad within your plugin (check spam page), after the ad is gone, you are still in the same page WITH the deleted ad shown.
No proper refresh.
-
Also this
[31-Aug-2017 17:11:54 Europe/London] PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 709
DEFINITELY comes from your plugin. 10000% sure about it.
-
Hohoho. Several of this during my file monitor/intergity checks and tests.
PHP Notice: Undefined index: /home/foldername and filename here in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2597
one notice for each file difference.
The check seems to work FINE !!! Great.
-
thanks for your repoprts
-
I did all kind of tests with the new file integrity option. Works very fast, took 5 seconds tops. It found everything, changes, new files and send me an email with all that.
8)
-
My post about 1.7.2:
Also tried on both 3 installations to make duplicated ads, so i can reach the settings page frome there. But no duplicated ads where found. Even i make exact copies with same title.
I will install osclass new with only spam plugin and gonna test it
What is your settings for Search for last xxx days ? Is that zero ?
-
Which search settings do you mean?
-
Which search settings do you mean?
This in the picture with red arrow: if set to zero it doesn't do any dups check.
-
Some clear log via CRON is logged incorrectly, since the log is to be cleared every week and also it is not actually cleared as you see.
So it is just an entry (forgotten maybe in the code) ...
1.7.3
-
remember that this message will appear every hour, but only logs older than your settings are deleted
-
remember that this message will appear every hour, but only logs older than your settings are deleted
Well, as you can see it doesn't show every hour but once per day (i think). See for yourself the capture.
Anyway, it is not important, so ....
:o
-
sorry, your right... its daily not hourly
-
sorry, your right... its daily not hourly
Ok, then just rephrase the log entry to something like "Global Log Cleanup Started" or something.
;D
-
This in the picture with red arrow: if set to zero it doesn't do any dups check.
That is only if the search is for all items.
I have the search for "per user"
Then the setting for days isnt there
-
i'll check this
-
if i change the settings to all items the field for howmany days appears
I always had the settings per user so i never noticed this field
And i also dont know if this field must be there
-
yes, it disappear for per user setting, it is not needed there.
-
Thats why i never saw these field.
I set on 1 site the search for all items to see what happens
-
31/Aug/17 18:42:46 #1461846 high Rule#510 MY IP HERE POST /oc-admin/index.php - DOCUMENT_ROOT variable in HTTP request - [POST:sp_files_directory = /home/somepath/website.com/]
should be solved...
Hohoho. Several of this during my file monitor/intergity checks and tests.
PHP Notice: Undefined index: /home/foldername and filename here in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2597
one notice for each file difference.
should be solved...
It doesn't work if set to ZERO days (all ads). If you set a number of days, it works great. I set mine to 365 and works nice.
My post about 1.7.2:
Also tried on both 3 installations to make duplicated ads, so i can reach the settings page frome there. But no duplicated ads where found. Even i make exact copies with same title.
I will install osclass new with only spam plugin and gonna test it
Issues with duplicate search should be solved
Also this
[31-Aug-2017 17:11:54 Europe/London] PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 709
DEFINITELY comes from your plugin. 10000% sure about it.
on this we need to have an open eye, cannot find any problems
In 1.7.3 duplicate check doesn't work (in both options, similar and md5).
are you sure you are not logged in as admin?
-
In 1.7.3 duplicate check doesn't work (in both options, similar and md5).
are you sure you are not logged in as admin?
It doesn't work if set to ZERO days (all ads). If you set a number of days, it works great. I set mine to 365 and works nice.
-
It doesn't work if set to ZERO days (all ads). If you set a number of days, it works great. I set mine to 365 and works nice.
solved
-
Also this
[31-Aug-2017 17:11:54 Europe/London] PHP Notice: Array to string conversion in /home/oc-includes/osclass/classes/database/DBCommandClass.php on line 709
DEFINITELY comes from your plugin. 10000% sure about it.
on this we have an open eye, cannot find the issue for this
-
this problems should be solved now
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155084/#msg155084 (https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155084/#msg155084)
any more?
edit:
1.7.4 is uploaded
-
1.7.4
File Intergity check gives a fatal error:
[05-Sep-2017 01:35:45 Europe/London] PHP Fatal error: Uncaught UnexpectedValueException: RecursiveDirectoryIterator::__construct(/home/website.com//home/website.com/): failed to open dir: No such file or directory in /home/website.com/oc-content/plugins/spamprotection/classes/class.spamprotection.php:2506
-
31/Aug/17 18:42:46 #1461846 high Rule#510 MY IP HERE POST /oc-admin/index.php - DOCUMENT_ROOT variable in HTTP request - [POST:sp_files_directory = /home/somepath/website.com/]
should be solved...
Not fixed in 1.7.4. But i will disable a rule and fix it. Since it is an admin function, if someone reaches the admin, you are already hacked.
POST /oc-admin/index.php - DOCUMENT_ROOT variable in HTTP request - [POST:sp_files_directory = /home/website.com/
-
i forgot to say... please change your configuration for file system check to something like that
-
Ok, removed the excluded folders and worked ....
:-[
Did the above but:
[05-Sep-2017 07:01:56 Europe/London] PHP Fatal error: Uncaught TypeError: Argument 2 passed to spam_prot::_excludedPath() must be of the type array, boolean given, called in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 2510 and defined in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php:2781
Also not clear what you mean, maybe i did something wrong or missed something.
-
1.7.4
Still the same old problem. Dup link point to a totally wrong ad (second capture).
Was fixed (?) in 1.7.3 or maybe not ?
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg154381/#msg154381
upd: i did 10 dup tests, 8 worked right and 2 wrong.
-
1.7.4
When admin edits an ad, he gets:
Your listing needs to be moderated, please have patience until it is released.
logged OFF and gone to home page.
Not sure why you change the plugin behavior all the time. It has become very hard to follow.
-
1.7.4
When admin edits an ad, he gets:
Your listing needs to be moderated, please have patience until it is released.
logged OFF and gone to home page.
Not sure why you change the plugin behavior all the time. It has become very hard to follow.
i didn't changed anything there and normally this should not happen, maybe its because of more edit plugin?
-
1.7.4
When admin edits an ad, he gets:
Your listing needs to be moderated, please have patience until it is released.
logged OFF and gone to home page.
Not sure why you change the plugin behavior all the time. It has become very hard to follow.
i didn't changed anything there and normally this should not happen, maybe its because of more edit plugin?
I don't have any more edit plugin, actually i have 2-3 plugins only.
I have a ad, try to edit (correct it) and apparently i added some stop word. I get the "moderated" error, i'm logged off to the home page and the ad becomes flagged as spam.
Anyway, there is no meaning for me to try each and every version, when you come up with a final i will check it out.
-
If it is of any help, after 1.7.4 my debug.log is clean from any error related to the plugin (directly).
Let's see how it goes .....
8)
-
Liath hi.
I'm attaching my Banned users log. Can you check it pls ?
I see the same IP (4 times) and same EMAIL (2 times). How can that happen ? Am i missing something ? Are they un-banned and re-banned ? Or something is wrong ?
I have auto-unban to 180 minutes and CRON Once Per day, so how did they got un-banned ? Also the 3 hours timeframe doesn't show in the log. Also i use IP ban and not email account ban.
Thanks !
-
maybe they used the unblock link in their notification email?
-
maybe they used the unblock link in their notification email?
What notification email ? But those users do not exist, never did.
How can they unblock themselves?
Please see carefully my capture.
-
sorry misunderstood you first
seems the ip ban doesnt work properly, have to check this
-
something is going completely wrong with the login protection, have to check the whole feature again :(
-
something is going completely wrong with the login protection, have to check the whole feature again :(
maybe that is why also TOR login doesn't work (but posting ads block works).
:o :o :o :o :o
-
TOR is working very well on my side :o
-
TOR is working very well on my side :o
You are right. Works for me also now.
:-[
-
good, but the login protection do not work properly... need some time to correct this
-
1.7.4
I activate IP Block and redirect to google.com. I add MY IP. I can't browse the website BUT i can use /oc-admin/ to login. And when login, for some reason, MY IP is removed from the block list.
:'(
-
yes, admin area is not affected for this and your ip is removed from ban-table for security after succesfully login
-
yes, admin area is not affected for this and your ip is removed from ban-table for security after succesfully login
If admin area is not IP protected/banned, then what is the meaning of it in Admin Protection/False logins/IP Ban ?
I don't get it. Can you explain a bit more ?
???
-
Liath,
Just got this
13 September 2017 - 06:10:20 Duplicate description for itemID 26552 detected: Similarity: 88% System
The "26552" mentioned is what exactly ? Because i'm on 28620 now. Is that the duplicate OLD ad # ?
Found the answer, the number is the OLD ad and not the new/blocked.
I'm just had the wrong dup check and trying to debug why. Now that i have one sample, i will keep it to be able to find out why and maybe with your help to fix it.
-
thank you
because of the ip ban, i'll check this out later
-
thank you
because of the ip ban, i'll check this out later
No, nothing to do with IP ban. This is a normal registered user.
-
i know, i've just answered for your last two posts ;D
-
i know, i've just answered for your last two posts ;D
Oh, ok. Since i have the dup flagged, and i can replicate it anytime (just edit and resave), if there is anything you need to help debug this, let me know here or email me.
-
ok, thank you, i think i need to modify the code for some debugging on this
-
ok, thank you, i think i need to modify the code for some debugging on this
The strange is that the "old" ad linked in your check spam dashboard is ALWAYS the same. Different new ads flagged, the old one the same.
-
i've thought this was already solved... :(
-
i've thought this was already solved... :(
Well also it doesn't happen all the time. Not sure when it happens, but now i have one sample to test.
-
@Aficionado Could you please recompile a list with the remaining bugs you found, so it would be easier for Liath to keep track of them, and also for us to test.
Right now, it's kinda hard to follow-up on everything, as every day something new pops up.
Thanks!
-
ToDo
- login protection and ip ban (doesn't work 100% properly)
- duplicate check (compared item id is sometimes totally wrong)
should be all for the last findings
-
ToDo
- duplicate check (compared item id is sometimes totally wrong)
I have now 3 of them. Maybe this will help you: all 3 are flagged as dups with their DESCRIPTION (not title).
14 September 2017 - 09:37:20 Duplicate description for itemID 26552 detected: Similarity: 87%
14 September 2017 - 09:32:44 Duplicate description for itemID 26552 detected: Similarity: 87%
13 September 2017 - 06:10:20 Duplicate description for itemID 26552 detected: Similarity: 88%
-
can you send me the html content of ad 26552 and this ad where the duplicate was found via mail? so that i can try to reproduce this on my system
-
can you send me the html content of ad 26552 and this ad where the duplicate was found via mail? so that i can try to reproduce this on my system
I did. And now i see the html sources, maybe the dup is wrong because of the so much extra Word Document codes in both ?
-
ToDo
- duplicate check (compared item id is sometimes totally wrong)
I solved that problem by increasing the dup similarity from 85 to 90%. A workaround but seem to work fine.
I think the problem is due to Ritch text editor and pasted Word Documents that include code, styles and formating. The dup check compares that also (normal) and flag the ads against some older one that also has formating code.
The solution is to increase the similarity or check only for Title. Or remove Ritch text editor (not a bad idea after all for that legacy plugin).
-
Hello
I can't install Anti Spam & Protection System plugin
Error importSQL::spam_prot
/home/...../www/oc-content/plugins/spamprotection/assets/create_table.sql
Osclass 3.4.3 bender theme
-
Hello
I can't install Anti Spam & Protection System plugin
Error importSQL::spam_prot
/home/...../www/oc-content/plugins/spamprotection/assets/create_table.sql
Osclass 3.4.3 bender theme
Apparently this is not the first time you install this plugin ?
Manually drop the old tables of the plugin.
-
Hello,
this is the first time installation
manual import error :
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
`pk_i_id` INT(10) NOT NULL AUTO_INCREMENT,
`i_user_id` int(10) DEFAULT NULL,
`s_user_email` varchar(100) DEFAULT NULL,
`s_user_ip` varchar(50) DEFAULT NULL,
`s_reason` text DEFAULT NULL,
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
#1067 - Invalid default value for 'dt_date_banned'
only these table was created :
oc_t_spam_protection_comments
oc_t_spam_protection_contacts
oc_t_spam_protection_items
oc_t_spam_protection_logins
Regards
-
@beginner what version are you installing ?
-
1.7.1 Version from osclass market and developper website http://amfearliath.ml/osclass-spam-protection/
master archive from github can installed correcty but made admin panel blank page;
https://github.com/AmFearLiath/osclass-spam-protection/archive/master.zip
Regards
-
please always use the official version on osclass marketplace, all other versions are in development.
only if you want to test new features, you can use the versions on my blog, but without guarantee ;)
-
@ Liath, ok
-
is it working now for you?
-
not yet, tring to add manually oc_t_spam_protection_ban_log
-
not yet, tring to add manually oc_t_spam_protection_ban_log
Not normal, as you probably understand.
-
the sql statement is correct, i tried it again and it is working... maybe, try to change the content of create_table.sql with this and try again
or you are using an old version of mysql?
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_items` (
`pk_i_id` int(10) NOT NULL AUTO_INCREMENT,
`fk_i_item_id` int(10) DEFAULT NULL,
`fk_i_user_id` int(10) DEFAULT NULL,
`s_reason` text,
`s_user_mail` varchar(100) DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_comments` (
`pk_i_id` int(10) NOT NULL AUTO_INCREMENT,
`fk_i_comment_id` int(10) DEFAULT NULL,
`fk_i_item_id` int(10) DEFAULT NULL,
`fk_i_user_id` int(10) DEFAULT NULL,
`s_reason` text,
`s_user_mail` varchar(100) DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_contacts` (
`pk_i_id` int(10) NOT NULL AUTO_INCREMENT,
`fk_i_item_id` int(10) DEFAULT NULL,
`s_user` varchar(100) DEFAULT NULL,
`fk_i_user_id` INT(10) NULL DEFAULT NULL,
`s_user_mail` varchar(100) DEFAULT NULL,
`s_user_phone` varchar(100) DEFAULT NULL,
`s_user_message` text DEFAULT NULL,
`s_reason` text DEFAULT NULL,
`s_token` varchar(13) DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_logins` (
`pk_i_id` int(10) NOT NULL AUTO_INCREMENT,
`s_name` varchar(100) DEFAULT NULL,
`s_email` varchar(100) DEFAULT NULL,
`s_ip` varchar(30) DEFAULT NULL,
`s_type` varchar(5) NOT NULL DEFAULT 'user',
`dt_date_login` int(11) DEFAULT NULL,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
`pk_i_id` INT(10) NOT NULL AUTO_INCREMENT,
`i_user_id` int(10) DEFAULT NULL,
`s_user_email` varchar(100) DEFAULT NULL,
`s_user_ip` varchar(50) DEFAULT NULL,
`s_reason` text DEFAULT NULL,
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_users` (
`pk_i_id` int(10) NOT NULL,
`i_reputation` int(1) UNSIGNED NOT NULL DEFAULT '0',
`s_reputation` text,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_global_log` (
`pk_i_id` INT NOT NULL AUTO_INCREMENT,
`s_reason` TEXT NULL DEFAULT NULL,
`s_account` VARCHAR(255) NULL DEFAULT NULL,
`s_done` VARCHAR(255) NULL DEFAULT NULL,
`dt_date` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
MYSQL v.5.5
-
the sql statement is correct, i tried it again and it is working... maybe, try to change the content of create_table.sql with this and try again
or you are using an old version of mysql?
Liath, i remember that guy having problems related to his hosting, but apparently he doesn't want to deal with them.
I guess again it is a hosting problem.
-
installation is ok with :
CREATE TABLE IF NOT EXISTS `oc_t_spam_protection_ban_log` (
`pk_i_id` int(10) NOT NULL,
`i_user_id` int(10) DEFAULT NULL,
`s_user_email` varchar(100) DEFAULT NULL,
`s_user_ip` varchar(50) DEFAULT NULL,
`s_reason` text,
`dt_date_banned` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `oc_t_spam_protection_comments` (
`pk_i_id` int(10) NOT NULL,
`fk_i_comment_id` int(10) DEFAULT NULL,
`fk_i_item_id` int(10) DEFAULT NULL,
`fk_i_user_id` int(10) DEFAULT NULL,
`s_reason` text,
`s_user_mail` varchar(100) DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `oc_t_spam_protection_contacts` (
`pk_i_id` int(10) NOT NULL,
`fk_i_item_id` int(10) DEFAULT NULL,
`s_user` varchar(100) DEFAULT NULL,
`fk_i_user_id` int(10) DEFAULT NULL,
`s_user_mail` varchar(100) DEFAULT NULL,
`s_user_phone` varchar(100) DEFAULT NULL,
`s_user_message` text,
`s_reason` text,
`s_token` varchar(13) DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `oc_t_spam_protection_global_log` (
`pk_i_id` int(11) NOT NULL,
`s_reason` text,
`s_account` varchar(255) DEFAULT NULL,
`s_done` varchar(255) DEFAULT NULL,
`dt_date` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `oc_t_spam_protection_items` (
`pk_i_id` int(10) NOT NULL,
`fk_i_item_id` int(10) DEFAULT NULL,
`fk_i_user_id` int(10) DEFAULT NULL,
`s_reason` text,
`s_user_mail` varchar(100) DEFAULT NULL,
`dt_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `oc_t_spam_protection_logins` (
`pk_i_id` int(10) NOT NULL,
`s_name` varchar(100) DEFAULT NULL,
`s_email` varchar(100) DEFAULT NULL,
`s_ip` varchar(30) DEFAULT NULL,
`s_type` varchar(5) NOT NULL DEFAULT 'user',
`dt_date_login` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
rest to verify the functionnality
THX
-
you need to automatically add the current timestamp there, it isn't set through the code
-
@Aficionado
my last problem with database was :
https://forums.osclass.org/general-help/error-importsql-31484/msg133948/#msg133948
-
@Liath
not understand ! how to make ?
-
it's pretty easy :)
-
Thanks a lot
-
Hi @Liath,
First of all many thanks for the plugin and the effort.
I wanted to ask one thing. I can not find a functionality to see the results of detecting duplicate ads and spam. Something like search form and table with ids, titles and descriptions, similar percentage detected, spam reason, user data, ip, etc.
I have seen that there is some data stored in the _spam_protection_items table but I do not see any calls to retrieve the data from it.
Something similar to the Global Log table but with more information to check duplicate ads and spam ads.
Thanks
-
Hi @Liath,
First of all many thanks for the plugin and the effort.
I wanted to ask one thing. I can not find a functionality to see the results of detecting duplicate ads and spam. Something like search form and table with ids, titles and descriptions, similar percentage detected, spam reason, user data, ip, etc.
I have seen that there is some data stored in the _spam_protection_items table but I do not see any calls to retrieve the data from it.
Something similar to the Global Log table but with more information to check duplicate ads and spam ads.
Thanks
Everything is logged in Global log. Spam, Dups. Cleanup of ads and users. All.
-
Something similar to the Global Log table but with more information to check duplicate ads and spam ads.
this plugin marks duplicates as spam and uses the standard osclass table for listings to have an overview about all findings. there you can go to the check spam page.
-
Something similar to the Global Log table but with more information to check duplicate ads and spam ads.
this plugin marks duplicates as spam and uses the standard osclass table for listings to have an overview about all findings. there you can go to the check spam page.
Sorry for not seeing the link and this option to open!
I was referring to something similar, to have more information and summary to make the decision.
In this table (manage listing) I miss the spam reason column (for not opening the link). But maybe it's just my opinion
Thanks for your help!
-
this is the default table from osclass, i don't want to change it to much
-
this is the default table from osclass, i don't want to change it to much
There is a plugin called "publisher_ip" that adds extra column to this table. Maybe on the same way we can add extra column if it looks useful?
By the way where can I download the latest version of plugin?
Osclass has v1.7.1
https://market.osclass.org/plugins/security/anti-spam-protection-system_787
Plugin link of Github has v1.6.4
https://github.com/AmFearLiath/osclass-spam-protection
And here I found v1.7.4
http://amfearliath.ml/osclass-spam-protection/
I see that you have v1.7.5 ...
Thanks
-
By the way where can I download the latest version of plugin?
Osclass has v1.7.1
https://market.osclass.org/plugins/security/anti-spam-protection-system_787
Official version allways at Osclass Market. The rest are not for general use.
Osclass has v1.7.1
https://market.osclass.org/plugins/security/anti-spam-protection-system_787
-
1.7.4
Several of these:
PHP Notice: Undefined offset: 2 in /home/oc-content/plugins/spamprotection/functions/backend.php on line 57
-
There is a plugin called "publisher_ip" that adds extra column to this table. Maybe on the same way we can add extra column if it looks useful?
i know how to change this, but i do not want to change the normal behaviour and looking from this table
By the way where can I download the latest version of plugin?
please always use the official version on osclass marketplace, all other versions are in development.
only if you want to test new features, you can use the versions on my blog, but without guarantee ;)
Github - this isn't always updated
Market - there are always the latest official version
My Blog - there is always the development version, just for testing new features
Version 1.7.5 - this is the next version but not released for now
1.7.4
Several of these:
PHP Notice: Undefined offset: 2 in /home/oc-content/plugins/spamprotection/functions/backend.php on line 57
thank you
-
1.7.4
[21-Sep-2017 08:35:22 Europe/London] PHP Warning: strpos(): Empty needle in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 934
[21-Sep-2017 08:35:22 Europe/London] PHP Warning: strpos(): Empty needle in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 936
Those happened when i did a major stopwords editing. Just checked them again, and i don't find anything wrong.
-
Following error occurs while installing version 1.7.1 and 1.7.4
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/public_html/oc-content/plugins/spamprotection/assets/create_table.sql
It works fine on my local server
Server type: MySQL
Server version: 5.6.28 - MySQL Community Server (GPL)
Issue occurs on my production server
Server type: MariaDB
Server version: 5.5.56-MariaDB - MariaDB Server
Importing the create_table.sql on my production server using phpMyadmin, it says
#1067 - Invalid default value for 'dt_date_banned'
I think error is here
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
`pk_i_id` INT(10) NOT NULL AUTO_INCREMENT,
`i_user_id` int(10) DEFAULT NULL,
`s_user_email` varchar(100) DEFAULT NULL,
`s_user_ip` varchar(50) DEFAULT NULL,
`s_reason` text DEFAULT NULL,
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`pk_i_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
I think it will work fine if you change the type datetime to timestamp
Regards
-
Following error occurs while installing version 1.7.1 and 1.7.4
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/public_html/oc-content/plugins/spamprotection/assets/create_table.sql
Just installed 1.7.4 to a virgin Osclass, since this is the second time i read that problem here.
My test setup is an online Osclass 3.7.4, PHP 7.0.10, MariaDB Server - 10.0.31-MariaDB-cll-lve.
Not a single error during installation of the plugin.
You use MariaDB ? Are you sure about the version ? Because current stable i think it is 10.2 series. Not sure what Mariadb 5.5 actually is ....
-
good to know, that this happens only to MariaDB...
you could remove this table from create_table.sql and add this table manually, maybe take a look here
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155624/#msg155624
and don't forget
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155625/#msg155625
-
good to know, that this happens only to MariaDB...
Actually it doesn't happen with MariaDB.
-
good to know, that this happens only to MariaDB...
Actually it doesn't happen with MariaDB.
maybe because his old version? i dont use mariadb, idk
-
maybe because his old version? i dont use mariadb, idk
Probably he runs an old version or something. His problem is not related with the plugin or Osclass. I see an other topic from same user with several fatal errors. So .....
I have ZERO problems with MariaDB with Wordpress and Osclass.
-
you are right, but if i can find the concrete issue, maybe i can make it compatible to all versions of mysql and mariadb
-
you are right, but if i can find the concrete issue, maybe i can make it compatible to all versions of mysql and mariadb
https://community.centminmod.com/threads/mysql-5-5-vs-mysql-5-6-vs-mariadb-5-5-vs-mariadb-10-0-feature-compare.3456/
It seems that MariaDB 5.x is more towards Mysql 5.5 and MariaDB 10 more towards Mysql 5.6 ???
-
got it
https://mariadb.com/kb/en/library/datetime/ (https://mariadb.com/kb/en/library/datetime/)
I think it will work fine if you change the type datetime to timestamp
thx Syed
all they are using
- MySQL Version < 5.6.5
- MariaDB Version < 10.0.1
and facing this issue should change datetime to timestamp, i don't want to change it generally, to do not add other possible errors there (https://stackoverflow.com/questions/168736/how-do-you-set-a-default-value-for-a-mysql-datetime-column/1483959#1483959)
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
...
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
...
-
all they are using MariaDB Version < 10.0.1 and facing this issue should change datetime to timestamp, i don't want to change it generally, to do not add other possible errors there
CREATE TABLE IF NOT EXISTS `/*TABLE_PREFIX*/t_spam_protection_ban_log` (
...
`dt_date_banned` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
...
I have changed the type datetime to timestamp and installed the plugin without any error, I don't think its a big deal as the affected fields are logs.
I will let you know if any unusual happens.
Regards
-
Hi,
Just for your kind information some people use item-send-friend.php for spamming.
Add a feature in your plugin to check email addresses and website urls in subject and message on this form.
Regards
-
Add a feature in your plugin to check email addresses and website urls in subject and message on this form.
it is added now, but without own settings. It is activated via contact mail settings.
If you want to add it manually, open ../spamprotection/index.php
change
if (!osc_is_admin_user_logged_in() && !OC_ADMIN && spam_prot::newInstance()->_get('sp_contact_activate') == '1') {
$trusted = spam_prot::newInstance()->_isBadOrTrusted(osc_logged_user_id(), 'contacts', 'trusted');
$bad = spam_prot::newInstance()->_isBadOrTrusted(osc_logged_user_id(), 'contacts', 'bad');
if ($bad) {
osc_add_hook('item_contact_form', 'sp_block_baduser_contact');
} elseif (!$trusted) {
if (spam_prot::newInstance()->_get('sp_contact_honeypot') == '1') {
osc_add_hook('item_contact_form', 'sp_contact_form');
}
osc_add_hook('hook_email_item_inquiry', 'sp_check_contact_item', 1);
osc_add_hook('hook_email_contact_user', 'sp_check_contact_user', 1);
}
}
to
if (!osc_is_admin_user_logged_in() && !OC_ADMIN && spam_prot::newInstance()->_get('sp_contact_activate') == '1') {
$trusted = spam_prot::newInstance()->_isBadOrTrusted(osc_logged_user_id(), 'contacts', 'trusted');
$bad = spam_prot::newInstance()->_isBadOrTrusted(osc_logged_user_id(), 'contacts', 'bad');
if ($bad) {
osc_add_hook('contact_form', 'sp_block_baduser_contact');
osc_add_hook('item_contact_form', 'sp_block_baduser_contact');
} elseif (!$trusted) {
if (spam_prot::newInstance()->_get('sp_contact_honeypot') == '1') {
osc_add_hook('contact_form', 'sp_contact_form');
osc_add_hook('item_contact_form', 'sp_contact_form');
}
osc_add_hook('hook_email_item_inquiry', 'sp_check_contact_item', 1);
osc_add_hook('hook_email_contact_user', 'sp_check_contact_user', 1);
osc_add_hook('post_item_send_friend_post', 'sp_check_contact_item', 1);
}
}
-
@Liath Any news on v1.7.5 Stable?
Thanks!
-
i need to fix two problems first
-
it's pretty easy :)
http://i.shotnes.com/a/25/sgjgwww4.u02_59c8f4b5d5827.png
..........
sorry did not finish reading
already dismantled the problem, but what is fraught with TIMESTAMP instead
DATETIME?
-
sorry did not finish reading
already dismantled the problem, but what is fraught with TIMESTAMP instead
DATETIME?
it depends on your MariaDB Version:
got it
https://mariadb.com/kb/en/library/datetime/ (https://mariadb.com/kb/en/library/datetime/)
This is the complete solution
https://forums.osclass.org/plugins/(plugin)-spam-protection/msg155824/#msg155824
-
Liath hi,
You may look also at this please ? Not a major one, still it seems to trigger some firewall rules.
Thanks !!!
/oc-admin/index.php - DOCUMENT_ROOT variable in HTTP request - [POST:sp_files_directory = /home/website.com/]
-
thank you for this report, it is already fixed in my version
-
thank you for this report, it is already fixed in my version
What version is that ? 1.7.4 ?
-
1.7.5 not available now
want to fix all other issues first
-
The last times i see ads marked as Spam in the listing list.
But there is no check spam.
If i check the ad there are no stopwords.
But it is a true spamad with links to other websites.
Is this the plugin who does it or is some extra power help me :)
-
The last times i see ads marked as Spam in the listing list.
But there is no check spam.
If i check the ad there are no stopwords.
But it is a true spamad with links to other websites.
Is this the plugin who does it or is some extra power help me :)
If there is NO Check Spam optiion then the Ad is NOT flagged by Liath's plugin. Manually flagged or by something else.
-
This ad isn't blocked or disabled, so i think it is only reported as spam.
-
That is what i think also.
But mostly the marked ads are ads with links in it to affiliate websites.
And i dont have other spam plugins.
Maybe the plugin check something without knowing about. :)
Maybe from Stopforum spam or so.
I have no idea
@ Liath. The ad is marked as spam and is not visible at the website. So is good
-
This ad isn't blocked or disabled, so i think it is only reported as spam.
If there is no Check Spam option, doesn't that mean that it has nothing (at all) to do with your plugin ?
Am i right ?
-
I think so Aficionado. But who checks this? I only have a few plugins and only 1 spam plugin.
-
If there is no Check Spam option, doesn't that mean that it has nothing (at all) to do with your plugin ?
Am i right ?
yes you are right
I think so Aficionado. But who checks this? I only have a few plugins and only 1 spam plugin.
for the case spam is found in any ad, my plugin deactivate and disable it, but your ad isnt disabled or deactivated, so it cannot be handled through this plugin
and there is no check for links in ads only in comments or contact mails
idk why it is not visible
-
I think so Aficionado. But who checks this? I only have a few plugins and only 1 spam plugin.
Also for every flagged spam, the plugin makes a LOG entry with ad id number.
-
There is nothing in the logs also
It must be some ghost who helps me a little :)
-
Liath,
Please check my capture. What "remove from ban log" means actually ? And why there is (in most cases) no more info about it in that log entry ? In some cases i see an email also.
Thanks
-
In some cases i see an email also.
this is the normal behavior, idk why you dont have more information what is removed :o
have to watch this
-
1.7.4
1. Banned user due to failed attempts. Shows in Dashboard "1 Banned user".
2. The user clicks to the email to unban the account and he is unbanned.
3. There is a log in the global log that the user unbanned his account.
4. The Dashboard "1 Banned user" still shows.
8)
-
:o this plugin becomes more and more a magician
-
I have those in my logs:
Backend log: PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /home/amun/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 975\n, referer: https://m.facebook.com/v2.4/dialog/oauth/read
Backend log: PHP Warning: strpos(): Empty needle in /home/amun/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 934\n, referer: https://###.com/item/new
Backend log: PHP Warning: fgets() expects parameter 1 to be resource, boolean given in /home/amun/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 950\n, referer: https://###.com/account/items?itemType=active
-
@Tito VERSION ?
-
it is 1.7.4
Also today this one:
Backend log: PHP Warning: fopen(/home/amun/domains/###.com/private_html/oc-content/plugins/spamprotection/tor_nodes.txt): failed to open stream: No such file or directory in /home/amun/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 949\n, referer: https://###.com/
I dont know this happens suddenly.
Maybe i made a mistake somewhere the last days.
I will download a new copy at Liaths site
Also i see today errors like this:
[lsapi:error] [pid 56944:tid 139707010500352] [client 190.131.16.228:55945] [host ###.com] Client error on sending request(POST /index.php?page=ajax&action=ajax_upload HTTP/2.0); uri(/index.php?page=ajax&action=ajax_upload) content-length(1423304): user_get_body(tmpstackbuf, 16384): read from client failed, referer: https://###.com/item/new/522
[lsapi:error] [pid 56944:tid 139707010500352] [client 190.131.16.228:55945] [host ###.com] get_client_block(16384) failed, referer: https://###.com/item/new/522
It says item 522, but the last item is 12543?
-
it is 1.7.4
Also today this one:
Backend log: PHP Warning: fopen(/home/amun/domains/###.com/private_html/oc-content/plugins/spamprotection/tor_nodes.txt): failed to open stream: No such file or directory in /home/amun/domains/###.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 949\n, referer: https://ecuador.website.com/
I dont know this happens suddenly.
Maybe i made a mistake somewhere the last days.
I will download a new copy at Liaths site
Also i see today errors like this:
[lsapi:error] [pid 56944:tid 139707010500352] [client 190.131.16.228:55945] [host ###.com] Client error on sending request(POST /index.php?page=ajax&action=ajax_upload HTTP/2.0); uri(/index.php?page=ajax&action=ajax_upload) content-length(1423304): user_get_body(tmpstackbuf, 16384): read from client failed, referer: https://###.com/item/new/522
[lsapi:error] [pid 56944:tid 139707010500352] [client 190.131.16.228:55945] [host ###.com] get_client_block(16384) failed, referer: https://ecuador.website.com/item/new/522
It says item 522, but the last item is 12543?
I highly doubt ALL of them come from the plugin. Maybe because of your country/subdomain based Osclass ?
It is impossible that all those are not appearing to my logs also. 4 sites, one very high traffic.
-
I have no subdomains but all different domains.
Also strange it is only showing at 1 site.
As i said, the last week i made a lot of changes on this site.
Maybe i made an error somewhere. Most likely :)
I will put back backup and new download from Liath. Maybe i have an corrupt download. But the website is down. So will do this later
-
I have no subdomains but all different domains.
This "https://ecuador . website . com/" is definitely a subdomain. No doubt about it.
Real or emulated via dns doesn't matter.
-
I dont think so?
I have subdomains on different hostings.
They all have the own osclass and themes
Then it is not subdomain anymore. Or is it?
Btw... can you modify the link :)
-
I dont think so?
I have subdomains on different hostings.
They all have the own osclass and themes
Then it is not subdomain anymore. Or is it?
Btw... can you modify the link :)
I edited the domain. Is it ok ?
About subdomain, you have subdomains by any means. Physical or pseudo-dns.
-
i'll check this later but normally most of your posted issues should be fixed in 1.7.4
my page is back in few hours
-
Thank you. Because of editing 3 or 4 websites at the same time, i make mistakes. Must be my age :)
Offcourse i have subdomains. About 15 - 20 of every domain.
But not as subdomain by osclass. Because i could not fixed that in the beginning.
So i made different subdomains, but not on the same hosting.
BTW, I upload an download of 1.7.4 and still see the errors
But why checking just visit the website?:
[Thu Oct 05 16:33:32.057947 2017] [lsapi:notice] [pid 196968:tid 139707094419200] [client 190.154.131.215:60854] [host ##.com] Backend log: PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /home/amun/domains/##.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 964\n, referer: https://##.com/vehiculos/autos-y-repuestos/@-@-2011-activo-1-6_i6483
or this:
[Thu Oct 05 16:11:34.251563 2017] [lsapi:notice] [pid 147733:tid 139707062949632] [client 186.71.68.154:1250] [host ##.com] Backend log: PHP Warning: fopen(/home/amun/domains/##.com/private_html/oc-content/plugins/spamprotection/tor_nodes.txt): failed to open stream: No such file or directory in /home/amun/domains/##.com/public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 949\n, referer: https://##.com/account/items?itemType=active
-
i'll check this later but normally most of your posted issues should be fixed in 1.7.4
my page is back in few hours
maybe the download was corrupt.
If i download the new i will delete the pluging and database tables first
-
But why checking just visit the website?
this plugin checks for tor-user, because of this it needs the content of tor_nodes.txt, maybe your directory or this file has no write permission?
-
I have 755
I must change this?
-
this depends on your hosting, normally 755 is ok, but you could try to change it to 777, this file didn't contain dangerous content, so it is save to change this
-
I have 755
I must change this?
No, 644 for files and 755 for folders is ideal. And since this setup was WORKING (?) then your problem is not that.
-
Well, as nothing can happen i changed to 777
I logged in and out and in
And see no errors.... Till now
-
Well, as nothing can happen i changed to 777
I logged in and out and in
And see no errors.... Till now
If your problem was permissions, the whole Osclass would be down. Not only Liath's plugin. Uploads also. etc etc.
For me, hiding a problem with a workaround is out of a question if you mean seriously about your site. That is many times people (here) think i'm against them (new users usually). But i'm only pushing to save them time in the future.
:'(
-
Ok, set it back to 755 :)
-
Ok, set it back to 755 :)
If that is a shared or managed hosting, leave it like it was. Permissions also are related to the setup, how you run the user, etc etc. Complicated.
If YOU have installed and managed the server, then i dunno further.
-
I set it back and also no errors.
For the last hour no errors at all, since i copied a other download of the plugin.
Also checked other domains and see related errors at some.
I remember that a few versions ago i allways see something to update the database after a new version. The last couple of new versions i dont see this anymore.
I just wait to download again and then delete the pluging and the tables. There must be something wrong at my site anyway
-
I remember that a few versions ago i allways see something to update the database after a new version. The last couple of new versions i dont see this anymore.
this appear only if manually changes on database are needed, since 1.6.0 this didn't happen again
-
Thank you.
But to check better is good to delete everything and start with a new plugin right?
-
for the case you are facing any problems, it is the best to export your settings and deinstall/install the plugin from the scratch
-
for the case you are facing any problems, it is the best to export your settings and deinstall/install the plugin from the scratch
Keep in mind that 1.7.4 uninstall doesn't remove one table and you have to manually do it.
-
Thank you
I mostly check the datbase after deleting something
-
Not sure how that can happen, remove two very same bans_log entries during CRON cleanup.
-
Liath, did you upload the latest version of the plugin to the Osclass Market?
As it still shows v1.7.1
-
no, next version in osclass market will be 1.7.5. but at moment i don't have too much time to fix all issues. other projects are more important... i'm sorry
-
no, next version in osclass market will be 1.7.5. but at moment i don't have too much time to fix all issues. other projects are more important... i'm sorry
Liath, any news on this?
The plugin is so close to being perfect, so it would be a tragedy for it to get abandoned... :'(
I hope you can find some time to finish it.
Thanks!
-
it's not abandoned... but i have too much work at moment, need to create two other websites...
job first, then fun :)
you need to be patient, i can't work on it for now... sorry
-
The latest version that is downloaded at Liath's site (and not from Osclass Market, that is old) works pretty much ok.
Works right for duplicate check and spam filtering. Some bugs needs to be fixed, still they are not that important. I mean they don't put your site at risk.
Me, i am happy.
-
Good to know.
Thanks Liath and Aficionado!
-
Works right for duplicate check and spam filtering. Some bugs needs to be fixed, still they are not that important. I mean they don't put your site at risk.
Me, i am happy.
thanks Aficionado :) hope i can finish it soon and eliminate all bugs
-
thanks Aficionado :) hope i can finish it soon and eliminate all bugs
Imho we should be GREATFUL because you have filled a huge gap in Osclass protection. I wished that you r plugin had MORE publicity. Maybe i should blog about it in my site.
-
After all Bugs are eliminated, osclass team could make it as featured product in store ;D
-
After all Bugs are eliminated, osclass team could make it as featured product in store ;D
Maybe i am wrong but i haven't seen ANY FREE plugins as featured.
-
you are not wrong ???
-
Liath one request:
Sometimes duplicates ARE wanted IF in different Locations or Countries (you got the picture). Could we have an option to check for Dups and flag them IF they are NOT in the same Location ?
Thanks
-
code is designed to loop through all items, then through all languages... to make this optional i need to change alot of things... but i'll look for this later
-
code is designed to loop through all items, then through all languages... to make this optional i need to change alot of things... but i'll look for this later
No problem. Just forget it.
;)
-
Liath !!!
Request for you to consider:
A user is banned for xxxx configured time. And when he visits Osclass he is banned or redirected.
IF the user comes back (and gets blocked) the ban time should be re-started. How about that ? Seems logical ? I have seen that in a Wordpress security plugin and i find it very clever.
Using that algo, the ban time can be shorter and that makes the db calls less (less ips). If you agree, you could make the max time for ban (unban accounts after option) prefixed to: 1 hour, 1 day, 1 week. That way we gain speed, a lot.
Thanks !!!!
-
According to the documentation, some lines of code lines must be added as the file corresponds.
However, when you add these lines of code, in the form they appear a box of type input or similar and which does not correspond to the subject or the css.
View image.
This is normal ?, I do not want these recadros to appear, but I want to have the complement protection without damaging my subject.
In advance, I appreciate the help you can give me.
My theme: Rival, version: Rival 2.0.0 by OsclassDotMe
-
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/admin/web/domain.com/public_html/oc-content/plugins/spamprotection/assets/create_table.sql
i can see some saying to delete some table but clearly not able to understand which table i have to delete...
so please
help to reinstall the plugin and what table i have to manually remove to install
-
after update not working please tell me solution..........
-
Go to your cPanel > phpMyAdmin > select your database
From there see all the tables like:
(prefix) t_spam_protection_*
(e.g. oc_t_spam_protection_items, oc_t_spam_protection_comments ...), tick checkboxes for all of them (be careful, do not select some other tables!) and select from the dropdown 'With selected:' at the bottom "drop" command, confirm with Yes. Then try to reinstall it again.
Regards
-
after update not working please tell me solution..........
Why someone who is having HUGE problems, wan't to create even more ? Solve first your problems and then add more plugins.
-
;D ;D ;D ;D ;D ;D ;D ;D ;D ;D ;D
after update not working please tell me solution..........
Why someone who is having HUGE problems, wan't to create even more ? Solve first your problems and then add more plugins.
-
Hello,
Can this plugin be used simply to "detect when a user (not spammer but legit user) submits duplicate item with same title that they already have submitted which is either active or pending approval" - and if an item exists then simply inform the user that they have already submitted an item with similar title.
TIA!
-
Yes the plugin can simply detect duplicated. There is no "pending approval" feature in stock Osclass.
When a duplicate is found, the ad is flagged the user is notified by a text message and that's it. They just get a "the ad will be moderated" nothing else, but you can apparently change the text.
-
#8 {main}
thrown in public_html/oc-includes/xxxx/model/Admin.php on line 63
[31-Jan-2018 ] PHP Warning: in_array() expects parameter 2 to be array, boolean given in /public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1285 if (in_array($ip, $table)) {
[31-Jan-2018] PHP Warning: in_array() expects parameter 2 to be array, boolean given in public_html/oc-content/plugins/spamprotection/classes/class.spamprotection.php on line 1285 if (in_array($ip, $table)) {
thats the line- in_array responsible for error,
am using latest spamprotection , osclass- 3.7.4 php 7.0
------------------------------------------------------------------------------------------
due to spamprotection am also getting one or more error- illustrated below-
/tmp is working well.
PHP Fatal error: Uncaught Error: Call to a member function numRows() on boolean in public_html/oc-includes/osclass/model/Admin.php:63
line 63- if( $return->numRows() > 0 ) {
if( $return->numRows() > 0 ) {
$this->setFields( array('pk_i_id', 's_name', 's_username', 's_password', 's_email', 's_secret', 'b_moderator') );
} else {
$this->setFields( array('pk_i_id', 's_name', 's_username', 's_password', 's_email', 's_secret') );
}
-
@jerry singh
The latest version of the plugin is not on Osclass Market but here:
http://amfearliath.ml/osclass-spam-protection/
As for the errors, i have also some of the WARNINGS but not the FATAL one you post at the end.
The fatal one
PHP Fatal error: Uncaught Error: Call to a member function numRows() on boolean in public_html/oc-includes/osclass/model/Admin.php:63
could be a Hosting problem, from what i recall reading this forums.
-
Hello!
Sorry, I'm using Google translator.
Bots are registered on the site and not place ads.
They create a profile and fill in two fields: a website and a description.
I suggest:
1) Make a stop word filter in the description field.
2) It is necessary to automatically remove users without ads after a certain time.
-
I am receiving error while install this plugin;
Plugin can not install due to ; Error importSQL::spam_prot
/home2/xxxxx/public_html/www.mysite.com/oc-content/plugins/spamprotection/assets/create_table.sql
What can be reason? related with plugin or hosting?
-
I am receiving error while install this plugin;
Plugin can not install due to ; Error importSQL::spam_prot
/home2/xxxxx/public_html/www.mysite.com/oc-content/plugins/spamprotection/assets/create_table.sql
What can be reason? related with plugin or hosting?
Seeing your other post:
https://forums.osclass.org/plugins-20/spam-registrations-in-spite-of-using-nocaptcha-recaptcha-plugin/msg160324/#msg160324
i doubt it is the plugin causing the problem.
Have you ever installed that plugin in the past ?
-
Yes, it was already installed CAPTCHTA plugin, since it is not stopping spams, I decided to use Anti Spam & Protection System plugin, and I am receiving above error while install.
-
Yes, it was already installed CAPTCHTA plugin, since it is not stopping spams, I decided to use Anti Spam & Protection System plugin, and I am receiving above error while install.
I don't follow. The question is: is the FIRST time you install this Anti-spam plugin ? or the second ?
-
Yes first time !
-
Yes first time !
Ok some more questions:
1. Do you have any such problem with other plugins or just this one?
2. Have you checked your debug.log for errors ?
3. What kind of hosting do you use ? PHP version ? Mysql version?
-
1 ) Only this plugin I face problem
2 ) linux SHARED hosting, PHP Version, 5.3.29, MySQL Version, 5.6.33
3 ) I dont see a ERROR LOG file under FTP files
-
1 ) Only this plugin I face problem
2 ) linux SHARED hosting, PHP Version, 5.3.29, MySQL Version, 5.6.33
3 ) I dont see a ERROR LOG file under FTP files
Ok, PHP 5.3 is very old and discontinued. COULD be your problem. Switch to 5.6 or later (up to 7.0.x and NOT 7.1)
Also to see debug.log follow this:
https://doc.osclass.org/Debug_PHP_errors
-
Is Liath to be declared MIA ?
;D ;D ;D ;D
-
Is Liath to be declared MIA ?
;D ;D ;D ;D
Too bad he didn't get to finish v1.7.4 Final... :'(
-
Hello,
Thanks to Liath and everyone. I haven't used this plugin as I don't have a published website yet, but the plugin looks very good and I think Liath has put in a lot of work.
If I may make a suggestion - I just made a post regarding the contact form spam (and from my experience with other websites, this is a huge problem from common scammers and Nigerian princes). So, if it is possible please consider adding limits to the amount of emails an user can send via contact form per hour/day/month etc., I posted more regarding this at the other topic - https://forums.osclass.org/plugins/no-more-inquiry-spam/ (https://forums.osclass.org/plugins/no-more-inquiry-spam/)
TIA!
-
@Resta i don't think a plugin can do what you ask, still not 100% sure.
What could be done with this plugin is for contact emails to be filtered, using the stop-words.
-
Liath pls give us a SIGN.
;D ;D ;D ;D
-
Hi Afficionado,
Just curios - what major issues are you are experiencing with this plugin? What else is required to be done or what is unfinished for this plugin to work efficiently. TIA!
-
Hi Afficionado,
Just curios - what major issues are you are experiencing with this plugin? What else is required to be done or what is unfinished for this plugin to work efficiently. TIA!
The latest version (not on Market) has several non-critical problems, already reported here by me and others. It has been a few months and ... forgive me ... i don't remember exactly. It is all in this topic.
I use the version from Liath's site and works well. My post above was more a "i hope Liath is doing well" and not a call for bug fixes.
-
Ok, I hope he is well too but from his older posts I gather that he is busy running his business for a livelihood, osclass is just the sidestuff - he knows how to work with osclass and has contributed a lot.
-
A small TIP for actually everybody.
This EXCELLENT plugin can be also used for MODERATING ALL ADS posted.
How ? Just put as stop-words the letters "a" and "e" and maybe a few common ones ("s" etc). So ALL ads contain them and they will be placed in the moderation queue.
-
Thanks Afficionado - I want to block users who enter their email address or any html/url in their description, from submitting the form (not moderation but completely block the submission). Is it possible to do it with this plugin? Thanks!
-
Thanks Afficionado - I want to block users who enter their email address or any html/url in their description, from submitting the form (not moderation but completely block the submission). Is it possible to do it with this plugin? Thanks!
Completely block with this plugin are only the IPs. Nothing else. The rest goes flagged for moderation.
-
Afficionado,
I want to let you and others know that if you want to moderate all posted ads, then install the more-edit plugin and check only the first option - Moderate all ads (admins have to moderate them).
I have now installed this anti spam plugin to see if I can stop users from posting their URL or email in the ITEM CONTACT FORM - I put the stop words as @, .com and I want to see if this works.
-
Afficionado,
I want to let you and others know that if you want to moderate all posted ads, then install the more-edit plugin and check only the first option - Moderate all ads (admins have to moderate them).
I have now installed this anti spam plugin to see if I can stop users from posting their URL or email in the ITEM CONTACT FORM - I put the stop words as @, .com and I want to see if this works.
More edit was creating more problems than help, so i had to ditch it. Also it doesn't warn people that his post will be moderated (hidden).
Also not sure if both plugins should be used together.
-
Ok, I have had more edit for a while and seems to be working fine - when the user submits the ad the top flash message tells them that the ad will be reviewed and the ad gets blocked until reviewed and unblocked by admin.
As I mentioned, I installed this plugin now and it is working for the purpose of stopping the contact form spam but the only thing is it does not capture or show the IP address of the user in the blocked emails or anywhere else so the IP address can be added to the block list (it is only available in the account signup settings area).
Anyway, I want to mention that this specific user seems to be able to somehow enter their own message in the contact form while my item contact form is configured with a standard message (with input hidden field) for all items but the spammer is somehow able to put their own url in message and submit the form. I opened another thread and I hope someone addresses this issue.
https://forums.osclass.org/general-help/user-loading-item-contact-form-on-their-pc-submit-it-without-visiting-the-site/ (https://forums.osclass.org/general-help/user-loading-item-contact-form-on-their-pc-submit-it-without-visiting-the-site/)
-
@resta not sure i follow. Contact form emails are stopped with More edit ? Isn't that plugin for ads ?
-
No, more edit is only for blocking the ad submission for moderation - which I have had for a while.
The rest is regarding this Liath's spam protection plugin, that I just installed yesterday in order to stop contact form spam, and while that is stopping the contact form spam by checking for stopwords it is not capturing/providing the IP of the user and so the same spammer keeps submitting same thing over and over.
With regards to the third paragraph please see my other thread. Thanks!
-
Two months late to the party. I just installed this plugin, it looks amazing.
Kudos to Liah!
-
Anti spam plugin installation error
showing this message please help to resolve the error.
Plugin couldn't be installed because of: Error importSQL::spam_prot
/home/swapoqvy/public_html/oc-content/plugins/spamprotection/assets/create_table.sql
-
I have several of these in my debug logs. PHP 7.
[24-Oct-2018 05:32:49 Europe/London] PHP Fatal error: Uncaught Error: Call to a member function numRows() on boolean in /home/oc-includes/osclass/model/Admin.php:63
Stack trace:
#0 /home/oc-includes/osclass/model/Admin.php(47): Admin->__construct()
#1 /home/oc-content/plugins/spamprotection/functions/params.php(10): Admin::newInstance()
#2 /home/oc-content/plugins/spamprotection/functions/index.php(8): require('/home/s...')
#3 /home/oc-content/plugins/spamprotection/index.php(99): require('/home/s...')
#4 /home/oc-includes/osclass/classes/Plugins.php(148): include_once('/home/s...')
#5 /home/oc-includes/osclass/classes/Plugins.php(526): Plugins::loadActive()
#6 /home/oc-load.php(265): Plugins::init()
#7 /home/index.php(23): require_once('/home/s...')
#8 {main}
thrown in /home/oc-includes/osclass/model/Admin.php on line 63
Any ideas anyone ? I see this is actually an abandoned plugin, still any ideas are welcome because i (we all) need this plugin.
Thanks
-
Hello. After installing the plug-in and entering the admin panel error appears
Warning: in_array() expects parameter 2 to be array, boolean given in C:\Webserver\OpenServer\domains\DOMAIN.COM\oc-content\plugins\spamprotection\classes\class.spamprotection.php on line 1349
Warning: Cannot modify header information - headers already sent by (output started at C:\Webserver\OpenServer\domains\DOMAIN.COM\oc-includes\osclass\utils.php:1744) in C:\Webserver\OpenServer\domains\BBS.KG\oc-includes\osclass\utils.php on line 1749
How to solve a problem?
-
Message for LIATH
Your plugin is really fantastic and even usin PHP 5.4 I managed to make it work.
I just modify into backend.php :
function sprot_install() {
if (version_compare(phpversion(), '5.3', '<')) {
trigger_error("I'm sorry, but you need to install at least PHP 5.5 to make use of this Plugin", E_USER_ERROR);
}
spam_prot::newInstance()->_install();
}
as I use PHP 5.4.45
Thanks again
Yan
-
Message for LIATH
Your plugin is really fantastic and even usin PHP 5.4 I managed to make it work.
as I use PHP 5.4.45
Thanks again
Yan
PHP versions less than 5.6 are NOT to be used. For many reasons, security is one of them. And speed an other.
If you use 5.4 then update asap. No reason to to stay at that very old version.
-
Hi Aficionado
I perfectly know that PHP 5.4 is deprecated and I am doing a lot of work to make software doing good with PHP 5.6 migration on my dedicated server
Thanks a lot for your message
Yan
-
Any ideas how i can also check for spam words in the "website" field of the ads ?
I prohibit the use of any link shorteners, still posters can put shorteners in website field.
Thanks
-
That website field is a custom field or a plugin field? If it's a custom field, can you give me it's name or ID?
Regards.
-
That website field is a custom field or a plugin field? If it's a custom field, can you give me it's name or ID?
It is a custom field named "Website" (type URL, Identifier name: new-custom-field).
-
hi friends, I'm really happy that you still like my plugin and it helps you and i'm sorry about my absence, but a lot of my work has changed so much that osclass has moved more and more into the background.
I do not know if I'm going to continue this plugin, but I do not mind if someone else cares about it. I think that the plugin is not too complicated, so anyone with some php experience should be able to adjust and fix one or two flaws... or more ;)
if you want, i can upload my last version 1.7.5. but i do not know if there are dependencies on others of my plugins ... maybe it needs to be improved
-
hi friends, I'm really happy that you still like my plugin and it helps you and i'm sorry about my absence, but a lot of my work has changed so much that osclass has moved more and more into the background.
I do not know if I'm going to continue this plugin, but I do not mind if someone else cares about it. I think that the plugin is not too complicated, so anyone with some php experience should be able to adjust and fix one or two flaws... or more ;)
if you want, i can upload my last version 1.7.5. but i do not know if there are dependencies on others of my plugins ... maybe it needs to be improved
All i can say is thank you for that plugin. I heavily used it in all my sites and has saved me hours of work.
Osclass Market has 1.7.1 of your plugin, i use 1.7.4 from your site (with no problems, apart from a few notices and warnings).
-
i have uploaded 1.7.5 to my site, dont know if i have uploaded another version than 1.7.1 to the market ;D
you wil find it in the post for this plugin, next to the download button
-
Do you remember what has changed in 1.7.5 (from 1.7.4) ?
-
no... i'm sorry, i dont know anything what i did there :-X
-
no... i'm sorry, i dont know anything what i did there :-X
Since 1.7.4 works great, i did a folder/file comparison of 175beta and 174.
3 differences,
* one new config.php file in admin folder of the plugin
* two new js files, admin.js and script.js
I have no idea what those are, but i believe it will be allright to try. I will update here after installing that in one high traffic site of mine.
-
The differences between 1.7.4 (NOT 1.7.1 from Osclass market) with 1.7.5beta are some Admin protection functions.
-
Version 1.7.5beta has one fatal error:
PHP Fatal error: Uncaught Error: Class 'Debugger' not found in /home/oc-content/plugins/spamprotection/classes/class.spamprotection.php:719
-
Two things that (i THINK) are easy to implement.
1. In the Duplicated checker, FLAG one ad as duplicate ONLY if the regionals are the same. Because sometimes we want an ad to be posted in different areas, cities etc. Right now only the title and description is checked.
2. Do not check for spam keywords if the ADMIN is editing/saving an ad. Because then you need to go back a few steps (after flagged for spam, you are in the Home Page).
Just my 2cents
-
WARNING :-[ :-[ :-[
-
WARNING :-[ :-[ :-[
What PHP version are you using ? What kind of webserver ?
The SECOND warning is kind strange, i think it doesn't come from the plugin. Is the time/date of the second warning very close to the 1st ?
I have never seen those in all my installations.
-
Hi, I have exactly the same problem and I cant access admin anymore.
Conflict with debug plugin. If I disable debug, cant access admin. If I enable debug I have a message on top of home page live telling me to change config.php. If I do I loose admin etc..
Feel like between a rock and a hard place.
Can you help ?
Thanks
osclass 3.8
Eva theme
php 7 or 7.1
-
Upon saving default settings in this plugin I immediately got a Forbidden error.
-
@Liath and @ojasweb
Personally i could never save any options in this plugin, because i get a 403 (forbidden) from mod_security. I always disable mod_security to change settings.
FYI
i can't understand why this happened and dont know how to solve this :/
Me too.
-
del