Twocents security
Twocents security
In 2018 I have built a plugin repository and dropped the demo at https://cmsimple.sk/plugins-172/.
There is also the twocents plugin there at https://cmsimple.sk/plugins-172/?Plugin ... s/twocents.
This week a see a number of posts form evidently some automacally generated addresses.
e.g.:
dkddhAgisteSwipsetix@wholedaddy.online
mailto:glilgAgisteSwipsetix@willdex.online
aslkiAgisteSwipsetix@ubiquitouses.online
mailto:meqibAgisteSwipsetix@groovys.online
mailto:cxuapAgisteSwipsetix@largenex.online
etc.
The plugin could be easilly hidden behind the register or emmberspages. But it's only a demo page, so I didn't want to use any combination of plugins.
Is there any way to block some senders? E.g. to block anything containing "AgisteSwipestix" or "omline" in the address?
Or to make the removal of unwanted messages simpler, pref. directly in the plugin background?
There is also the twocents plugin there at https://cmsimple.sk/plugins-172/?Plugin ... s/twocents.
This week a see a number of posts form evidently some automacally generated addresses.
e.g.:
dkddhAgisteSwipsetix@wholedaddy.online
mailto:glilgAgisteSwipsetix@willdex.online
aslkiAgisteSwipsetix@ubiquitouses.online
mailto:meqibAgisteSwipsetix@groovys.online
mailto:cxuapAgisteSwipsetix@largenex.online
etc.
The plugin could be easilly hidden behind the register or emmberspages. But it's only a demo page, so I didn't want to use any combination of plugins.
Is there any way to block some senders? E.g. to block anything containing "AgisteSwipestix" or "omline" in the address?
Or to make the removal of unwanted messages simpler, pref. directly in the plugin background?
Last edited by cmb on Fri Jul 17, 2020 7:02 am, edited 1 time in total.
Reason: fix typo in title
Reason: fix typo in title
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
Re: Twocents security
Consider to add a CAPTCHA (even the minimal built-in CAPTCHA may help). And yes, I'm aware that it's 2020, and classic CAPTCHAs are old school …
Christoph M. Becker – Plugins for CMSimple_XH
Re: Twocents security
From my own experience I can give some hope.
Such spam comments stop by themselves after one or two weeks if they are not published.
Such spam comments stop by themselves after one or two weeks if they are not published.
Re: Twocents security
1. I tried to install recaptcha_xh / doesn't seem to run with 1.7.2
2. adding the keys manually solved nothing / no recaptcha is visible
Any other way?
2. adding the keys manually solved nothing / no recaptcha is visible
Any other way?
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
Re: Twocents security
Sollte laufen, zumindest mit Twocents 1.0beta3 und Recaptcha_XH von bbfriend.
Keys bei Google für die Domains hast du erstellt und in die Konfiguration von Recaptcha eingetragen und in der Konfiguration von Twocents unter "Captcha" recaptcha eingetragen?
*Nachtrag
Hinweis: Ist man eingeloggt, sieht man kein Captcha.
„Bevor du den Pfeil der Wahrheit abschießt, tauche die Spitze in Honig!“ Ludwig's XH-Templates for MultiPage & OnePage
Re: Twocents security
Genau das habe ich installiert. Die keys habe ich auch erstellt und eingetragen. Da bin ich aber nicht sicher, was ist derlck wrote: ↑Fri Jul 17, 2020 5:04 pmSollte laufen, zumindest mit Twocents 1.0beta3 und Recaptcha_XH von bbfriend.
[key_public] und [key_private] und was sind die site key und secret key
Ich habe alle Kombinationen versucht, aber es hat entweder in :
oderTo use reCAPTCHA you must get an API key from https://www.google.com/recaptcha/admin/create
resultiert.Wrong CAPTCHA code!
Außerdem, sehe ich kein Captchatest ein/ausgeloggt.
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
Re: Twocents security
Recaptcha_XH >>> Google reCaptcha
Site key = Websiteschlüssel
Secret key = Geheimer Schlüssel
Das erhätst du, wenn der "Secret key" nicht stimmt.Wrong CAPTCHA code!
Bei fehlerhaftem "Site key" erscheint im Captcha (bei dir halt evtl. in englisch)
Ich habe in meiner Version von bbfriend auch noch Änderungen in der admin.php gemacht, zwecks nicht sichtbarer Pluginadministration und Deprecated-Meldungen.Fehlerhinweis für Inhaber der Website: Ungültiger Websiteschlüssel
Zeile 51
Code: Select all
// if (!empty($recaptcha)) { // lck - FIX for Pluginadministration not shown
if (XH_wantsPluginAdministration('recaptcha')) {
Code: Select all
//initvar('admin'); // lck - FIX for XH-DEPRECATED Warning
//initvar('action'); // lck - FIX for XH-DEPRECATED Warning
„Bevor du den Pfeil der Wahrheit abschießt, tauche die Spitze in Honig!“ Ludwig's XH-Templates for MultiPage & OnePage
Re: Twocents security
Hmm, there is no built-in CAPTCHA in Twocents_XH (Advancedform_XH has one, though).
Eine Alternative zu Recaptcha_XH ist Cryptographp_XH 1.0beta6. Weniger elegant als Recaptcha, aber dafür kommt man ohne Registrierung und Schlüssel aus. Allerdings sollte man noch diesen Fix vornehmen.
Christoph M. Becker – Plugins for CMSimple_XH
Re: Twocents security
Das Problem liegt hier, die Browserconsole meldet:
Aber wie lösen, die Verbindung zu Google wird über http: aufgebaut und nicht über https:Mixed Content: The page at 'https://.../' was loaded over HTTPS, but requested an insecure script 'http://www.google.com/recaptcha/api/challenge?k=...'. This request has been blocked; the content must be served over HTTPS.
„Bevor du den Pfeil der Wahrheit abschießt, tauche die Spitze in Honig!“ Ludwig's XH-Templates for MultiPage & OnePage
Re: Twocents security
Aber warum? In captcha.php scheint alles explizit HTTPS zu verwenden.
Christoph M. Becker – Plugins for CMSimple_XH