How it is working?

1. It is a component com_hashcash containing alls script to create a MD5 key in PHP and javascript, and verifying a challenge.
2. The server is sending inside a hidden field a MD5 value which is directly linked to the server, user sessionid, time.
3. The client will have to encrypt with a MD5 javascript (costly cpu operation for a spammer) the value of this hidden field and send it back to the server as hidden field name.
4. If the test is not succesful, the spammer will get banned for 60seconds.
5. All successful/unsucessful submit are logged in a file.
6. When the file get bigger as 64kb, an email is sent to the admin.

Installation:
This component has no administration panel! Simply overwrite the file on Your server with the content of the zip. A component package install is on the way.

Original Mambo file affected for the login page:

• /administrator/index.php <- add verification of the challenge
• administrator\templates\mambo_admin\login.php <- insert hidden fields, and reference to MD5 javascript
• administrator\templates\mambo_admin_blue\login.php <- insert hidden fields, and reference to MD5 javascript

• Many cryptographic algorithm, SHA1 on the way,
• A mambots for changing on the fly all FORM before submit,
  
• Ako_comment has been already patched, and  tested -> Waiting OK from Arthur Konze for releasing.
• Ako_guestbok must be changed
  

Comments

Add New Search RSS

Write comment
Name:
Email:	do not notifynotify
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
Please input the anti-spam code that you can read in the image.

Powered by !JoomlaComment 3.20

3.20 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."