Joomla extensions have moved!

Galaxiis (formely www.waltercedric.com) creates industry leading premium Joomla Extensions and is the longest running Joomla extensions provider since 2005.

Powerful Joomla extensions. - Excellent documentation. - Amazing support.

Visit now www.galaxiis.com

Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage (in comments or guestbook section for example). The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024....
This also do not allow robot to easily sumbit code without parsing Your HTML page before...

User developer guide of the cryptographic component framework for Mambo: com_hashcash

A version 1.0 will be release soon....GNU/GPL

Developer Documentation


@component: com_hashcash
@copyright (C) 2005 Walter Cedric for Mambo Integration
@license http://www.gnu.org/copyleft/gpl.html GNU/GPL

Free Software

3rd partly Javascript

3rd partly PHP

  • MD5/RSA/SHA1 part of PHP language.

Based on:

Kudo to all developer above! Thanks to GPL I do not have to reinvent the wheel...

Links:

Requirements

  • Component: com_hashcash - cryptographic facility for Mambo
  • Component already using com_hashcash: com_akobook 3.42 and hashcash1.0 and com_akocomment 2.0 and hashcash 1.0
  • Required prior to installation: com_log4php

Principe:

Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage. The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024....
This also do not allow robot to easily sumbit code without parsing Your HTML page before...

How It works in details

This code add a supplementary hidden field in all html form submitted to the user.

- The hidden field name has a random name (Hname), each time different at each load of the page
- The hidden field value is a cryptographic hashcode (MD5, MD4 or RSA) value. (Hvalue),

Hvalue = Crypt(UserSessionID + mosConfig_absolute_path + UserBrowserAgent + TodayDate(F j, Y, g a))

Crypt is the cryptographic PHP function: MD5, MD4 or RSA

If the user want to submit a comment, the browser with the help of a small javascript will have to
- locate the hidden field name (Hname) with javascript: (function replace())
- rehash with MD5 the hidden field value (Hvalue) (it is time consuming)
and send everything back to server.

If the spammer do not follow the challenge, the comment wont be accepted....
You Can switch ON/OFF this feature in Admin control panel under the tab posting of component akocomment and akobook

Configuring HashCash

open file /com_hashcash/settings.php with Your favorite text editor:

key in filevaluesnotes 
$hashcash_use = 'md5''md4','md5' or 'sha1'md4, md5 or sha1 
$hashcash_debugtrue/falseWill write all informations in page by from submit 
$hashcash_log_activetrue/falseSpams submission will be written to logs 
$hashcash_log_alltrue/falseLog accepted and refused post -> be careful with size of logs! 
$hashcash_log_file$GLOBALS['mosConfig_absolute_path'] . "/components/com_hashcash/hashcash.log"Location of the logs file 
$hashcash_Notify_Admintrue/falseNotify an administrator by email? 
$hashcash_log_sizeintegereach 64kb a mail will be sent to admin with the content of logs 
$hashcash_AdminEmailvalid emailadmin email 

Note: An Administrator frontend will be shipped with release 1.0

Protecting Your Mambo Forms against Spammers and Robots

php code send to the client (in the code where You create the form)
# include and instance of Object, in the portion of code where Hashcash is needed, note that I have here a strong reference to the algorithm...(Here MD5)
# This will be soon a factory
include($mosConfig_absolute_path.'/components/com_hashcash/plugins/md5/php/CodeInliner.php');
$MD5CodeInliner =& new MD5CodeInliner(true);

...

Insert this JS (js1), the browser will use this js during submit to localize the random hidden field name, and encrypt its value
echo $MD5CodeInliner->insertHashCashJavascript(false);

...

Insert this code in your submit or validation JS method, this will call js1
echo $MD5CodeInliner->insertSubmitJavascript();

...

add the hascash input field in Your form
echo $MD5CodeInliner->insertHiddenField($contentid);

Verifying on the server in Your code that the user submission can be accepted

in the code where You validate and do somethig interesting with the submission
include($mosConfig_absolute_path.'/components/com_hashcash/HashcashChecker.php');
$HashcashChecker =& new HashcashChecker();

$submission = $HashcashChecker->check($submission, $contentid);

$commentIsAccepted = strlen($submission) != 0;

if ($commentIsAccepted)
{

...

}

else

 

Changelog:

Real object model, abstract class and factory still missing...

 

You might like also

com_HashCash 1.2.0 released
Whats new:A Real Admin panel New: Text editor for modifying the language file, New: Huge manual with screenshots on how to activate hashcash for Your homepageA more complete About menu with credits and linksNew: Check latest version link to easily check if You have the latest codeA more robust and Object Oriented approachNote this component still require You to install com_log4php before!Download HERE or at #Joomla forgeI will make a break, 1 or 2 days but will then concentrate on …
5027 Days ago
No Thumbnail was found
http://dev.wp-plugins.org/browser/wp-hashcash/trunk/http://www.cypherspace.org/adam/hashcash/http://www.lapo.it/hashcash.htmlhttp://www-128.ibm.com/developerworks/linux/library/l-hashcash.htmlwww.hashcash.org …
5110 Days ago
No Thumbnail was found
Hashcash component has protected successfuly my homepage against several attack these past days...(Casino, poker and so on...) Hello Spammer I seing Your server IP in Hashcash logs files... :-)80.178.207.175 (Amsterdam, Netherlands) and 83.241.10.135 ( Marina Del Rey, California, United States ) and 83.28.166.64 (Marina Del Rey, California, United States)and 83.28.167.186 (Marina Del Rey, California, United States)Next release of hashcash:A correct and well formed XML in logs files ;-)A random security images -> changes in akocomment, easy to do since there …
5233 Days ago
the component hashcash for Mambo is available in it's version 1.0 !!!
What's new:A lot more Object Oriented, I've tried to stabilize the interface, and avoid version breaking -> I reduce the surface of knowledge 3rd party component must have to facilate migration of existing component already using Hashcash.An admin panel.Logs files of activity on Your Site can now be viewed in the admin panel.Configuration is done with the help of panels and tabs, no file to edit.Use of Log4PHP everywhere to make debugging easier.More cryptographic plugins: RSA, MD4For convenient download, I've …
5241 Days ago