Anti-Spam override for all submitted data

Category: Joomla
Hits: 25943

Are you getting a lot of spam, or junk messages sent via your Joomla site?

I know certain components of Joomla let you put banned words but I know of even more that don't.  If you find all your forms need extra plugins and captchas (such as JezRecaptcha), then the website security isn't amazing.  I used to have Captcha on my K2 by Joomlaworks but if you did the sound version, it didn't work properly.  I found that sometimes the captcha wouldn't even match what you typed and what it displayed!!!

I have written this article to be another one of those programmer's tweaks.  This is quite a simple fix and I will hopefully be able to keep it simple for non-programmers.  The tweak below will stop any of your pages submitting content containing your banned words.

We're going to modify a file containing 2 lines of code by default.  The file is index2.php in your Joomla root folder.  Make a copy of it, back it up or do whatever you usually do when you modify a server-side file... ahem...

The code by to look for (joomla default) should be as follows:

copyraw 
$_REQUEST['tmpl'] = 'component';
include('index.php');
  1.  $_REQUEST['tmpl'] = 'component'
  2.  include('index.php')

There is some more text but it's in /* lines */ which means these are comments.

 

The quick solution is:

copyraw 
$_REQUEST['tmpl'] = 'component';
$offensive_words=array("viagra","cialis","[url=","porn","pfizer");
if (is_array($_GET)) $GotVars.=implode(",", $_GET).",";
if (is_array($_POST)) $GotVars.=implode(",", $_POST).",";
for($i=0;$i<count($offensive_words);$i++) { if (stripos($GotVars, $offensive_words[$i])) $offense=true; } 
if (!$offense) include('index.php');
  1.  $_REQUEST['tmpl'] = 'component'
  2.  $offensive_words=array("viagra","cialis","[url=","porn","pfizer")
  3.  if (is_array($_GET)) $GotVars.=implode(",", $_GET).","; 
  4.  if (is_array($_POST)) $GotVars.=implode(",", $_POST).","; 
  5.  for($i=0;$i<count($offensive_words);$i++) { if (stripos($GotVars, $offensive_words[$i])) $offense=true} 
  6.  if (!$offense) include('index.php')

The reporting solution (which tells your visitor what word caused an offense) is:

copyraw 
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array();
$offensive_words[]="viagra";
$offensive_words[]="cialis";
$offensive_words[]="[url=";
$errors="";
 
# CONVERT THE SUBMITTED DATA INTO STRING(S)
$GotVars="";
if (is_array($_GET)) $GotVars.=strtolower(implode(",", $_GET).",");
if (is_array($_POST)) $GotVars.=strtolower(implode(",", $_POST).",");
 
# NOW CHECK EACH BANNED WORD DOES NOT EXIST IN THE STRING
for ($i=0; $i<count($offensive_words); $i++) {
	$offensive_string.=(stripos($GotVars, $offensive_words[$i])!==false)?"- ".$offensive_words[$i].", ":"";
}
# IF THE OFFENSIVE STRING WAS POPULATED (=FOUND BANNED WORDS) THEN CREATE A MESSAGE
$errors.=(trim($offensive_string)!="")?"You have submitted word(s) that the website administrator has banned:".$offensive_string.".  Please try again without the banned words.":"";
 
# IF THE ERRORS STRING IS EMPTY PROCEED AS NORMAL, IF NOT THEN DISPLAY MESSAGE
if (trim($offensive_string)=="") {
	include('index.php');
} else {
	echo $errors;
}
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array()
  3.  $offensive_words[]="viagra"; 
  4.  $offensive_words[]="cialis"; 
  5.  $offensive_words[]="[url="; 
  6.  $errors=""; 
  7.   
  8.  # CONVERT THE SUBMITTED DATA INTO STRING(S) 
  9.  $GotVars=""; 
  10.  if (is_array($_GET)) $GotVars.=strtolower(implode(",", $_GET).",")
  11.  if (is_array($_POST)) $GotVars.=strtolower(implode(",", $_POST).",")
  12.   
  13.  # NOW CHECK EACH BANNED WORD DOES NOT EXIST IN THE STRING 
  14.  for ($i=0$i<count($offensive_words)$i++) { 
  15.      $offensive_string.=(stripos($GotVars, $offensive_words[$i])!==false)?"- ".$offensive_words[$i].", ":""; 
  16.  } 
  17.  # if THE OFFENSIVE STRING WAS POPULATED (=FOUND BANNED WORDS) THEN CREATE A MESSAGE 
  18.  $errors.=(trim($offensive_string)!="")?"You have submitted word(s) that the website administrator has banned:".$offensive_string.".  Please try again without the banned words.":""; 
  19.   
  20.  # if THE ERRORS STRING IS EMPTY PROCEED as NORMAL, if NOT THEN DISPLAY MESSAGE 
  21.  if (trim($offensive_string)=="") { 
  22.      include('index.php')
  23.  } else { 
  24.      echo $errors
  25.  } 

My comments in the code above are prefixed with #. As you can see I actually tell the user what word they've used that's been banned. You could easily not do this by replacing echo $errors="" with the word Return in the second to last line.

To sum up: my code does the following:

  1. Add words to the "offensive_words" array
  2. Joins any submitted data into 1 long string
  3. Tries to find each "offensive word" (case-insensitive) in the submitted data
  4. Creates a message if there was a banned word found
  5. If no message created, it proceeds as per usual; if not, it does not submit the form

To add more banned words, simply keep adding lines using the following syntax

copyraw 
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array();
$offensive_words[]="viagra";
$offensive_words[]="cialis";
$offensive_words[]="[url=";
$offensive_words[]="porn";
$offensive_words[]="a banned phrase";
#...
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array()
  3.  $offensive_words[]="viagra"; 
  4.  $offensive_words[]="cialis"; 
  5.  $offensive_words[]="[url="; 
  6.  $offensive_words[]="porn"; 
  7.  $offensive_words[]="a banned phrase"; 
  8.  #... 

or

copyraw 
# CREATE AN ARRAY OF BANNED WORDS
$offensive_words=array("viagra","cialis","[url=","porn","a banned phrase");
#...
  1.  # CREATE AN ARRAY OF BANNED WORDS 
  2.  $offensive_words=array("viagra","cialis","[url=","porn","a banned phrase")
  3.  #... 

Additional Information: The Open Web Application Security Project (OWASP)

Category: Joomla :: Article: 237

Add comment

Your rating:

Submit

Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: Please note that the information provided on this website is intended for informational purposes only and does not represent a warranty. The opinions expressed are those of the author only. We recommend testing any solutions in a development environment before implementing them in production. The articles are based on our good faith efforts and were current at the time of writing, reflecting our practical experience in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Latest Articles

Accreditation

Badge - Zoho Creator Certified Developer Associate
Badge - Zoho Deluge Certified Developer
Badge - Certified Zoho CRM Developer

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin bc1qf6elrdxc968h0k673l2djc9wrpazhqtxw8qqp4

Ethereum:
Donate to Joel Lipman with Ethereum 0xb038962F3809b425D661EF5D22294Cf45E02FebF

Joes Word Cloud

Please publish modules in offcanvas position.