Feature #8174
Blacklist email address domains
| Status: | Needs Feedback | Start date: | 2010-06-11 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Interceptor | |||
| Target version: | v2.0 | Estimated time: | 0.50 hour | |
| Votes: | 0 |
Description
As we struggle with some guy trying to flood our lottery based upon formhandler, i created a simple class which redirects ths user if a blacklisted email is used.
Usage:
Use as saveInterceptors or initInterceptor
saveInterceptors {
1 {
class = Tx_Formhandler_Interceptor_BlacklistEmailTLD
config {
redirectPage = 135
report.email = monitoring@paints.de
report.subject = {$siteconf.siteURL} SPAM Attacke
report.sender = {$siteconf.meta.email}
domains {
tlds = gluecks-mail.de
toCheck = email
}
}
}
}
tlds is a comma seperated list of domains to block
toCheck is a single field which should be checked (email address field)
Further ideas for development:
This class could be extended with some kind of askimet blacklist.
Not only TLD but IP ranges could be used to filter massive spam attacks.
ps: would you be so kind to look in http://forge.typo3.org/issues/7071 again?
History
Updated by Felix Nagel almost 3 years ago
I forgot the file ;-)
Updated by Reinhard Führicht almost 3 years ago
Hi Felix,
first of all, thanks for this class.
I like the idea of blocking possible SPAM attacks by blacklisting the email TLDs, but I think it should only be included to Formhandler if the blocking takes available blacklists into account, not only manually configured domains.
So, what do you think? Is it possible for you to rewrite the interceptor for using available blacklists too?
Updated by Felix Nagel almost 3 years ago
This was a quick fix for a client, but i could allocate some spare time. At least I hope so ;-)
We should discuss some points:
First of all: Im actually not very familiar with this kind of SPAM protection as I personally prefer captchas So we should decide which blacklist to implement. Im not pretty sure which fits our needs most.
As far as i can see Akismet (http://akismet.com/development/) is not free for commercial use. I would prefer a OS solution, so its ready to use out-of-the-box without getting a licence first. As there is no Extension for providing Akismet (http://typo3.org/extensions/repository/view/wt_spamshield/current/ has Akismet built which could be interesting) it could be an idea to make a general API extension first.
I worked with BadBehavior (http://www.bad-behavior.ioerror.us/) before but this is not what we're looking for.
Spam Assassin (http://spamassassin.apache.org/) would be interesting as its true OS software and fits our needs for checking emails, but afaik there's no way to use it via PHP.
Another way could be DNSBL (http://en.wikipedia.org/wiki/DNSBL) for checking sending IP address which are widely used, but i never heard before. SpamAssassin works with DNSBLs, too. There are some some simple PHP functions (http://www.php.net/manual/en/function.checkdnsrr.php#72297) to use these as a filter. Which DNSBL could be configured very easily by TS. What do you think?
More information about DNSBL:
http://spamlinks.net/filter-bl.htm (general info)
http://www.sdsc.edu/~jeff/spam/cbc.html (compare of DNSBL)
http://www.spamhaus.org (see ZEN, widely used DNSBL with free and commercial service)
Updated by Reinhard Führicht almost 3 years ago
- Status changed from New to Needs Feedback
Hi Felix,
it's hard to say which blacklist ot implement. The best way would be to implement one and design the code in a way a user can easily write his own connector to another blacklist.
Like this:
saveInterceptors {
1 {
class = Tx_Formhandler_Interceptor_BlacklistEmailTLD
config {
redirectPage = 135
report.email = monitoring@paints.de
report.subject = {$siteconf.siteURL} SPAM Attacke
report.sender = {$siteconf.meta.email}
domains {
tlds = gluecks-mail.de
toCheck = email
}
checkBlackLists {
1.class = Tx_Formhandler_Blacklist_DNSBL
1.config {
fieldsToCheck = email
}
2.class = Tx_Formhandler_Blacklist_Akismet
2.config {
key = 1123412afjksfd1234142
fieldsToCheck = email
}
}
}
}
}
Tx_Formhandler_Blacklist_XYZ would just have to return TRUE or FALSE, just like an error check.
I think DNSBL would be a great starting point. It is hard to say how the TypoScript should look like, but we'll see while implementing.
So, do you have time to look into that? If not, I could start by having a look at the attached interceptor and start refactoring a bit.
Updated by Felix Nagel almost 3 years ago
Hey Reinhard,
configure the blacklists via TS seems to be the most fitting idea. We'll need a URL in TS, but as you wrote: we will see when implementing it.
I'm not able to allocate some spare time atm, but I'm willing to implementing this sometime. Perhaps you could just post a "work started" comment here so we don't develop it twice.
Updated by Reinhard Führicht over 1 year ago
- Target version set to v2.0