anti spam

To prevent email spam (a.k.a. unsolicited bulk email), both end users and administrators of email systems use various anti-spam techniques. read more at WikiPedia

  •  Securityimages 4.0.0 release "enhanced Security "

    This version is now running with:
    • PHP.ini safe mode ON
    • Joomla RG Global Emulation O 
    • PHP.ini register global = Off
    Bugs solved:
    artf4021: php safe mode & com_securityimages
    artf1411: Save setting button changes if config.securiyimages.php is not writable
    artf4989: register_globals Off patch
    artf3206: com_contact
    artf2777: No text displayed in security Image  

    API  changes
    Will work only with new release of akcomment, akobook, etc...

    securityimages < 4.0.0
    in PHP <form>

    <?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
    <?php echo insertSecurityImage("security_refid"); ?>
    <?php echo getSecurityImageText("security_try"); ?>
    <?php echo getSecurityImageTextHeader(); ?> 
    <?php echo getSecurityImageTextHelp(); ?>
    <?php echo getSecurityImageField("security_try"); ?> 
     

    The code above insert the image, and the text,
    You page normally submit information to the server for processing.
    Most of the time, the last 2 lines are inserted in a <form>

    in PHP code checking the <form>

    include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');

    $checkSecurity = checkSecurityImage($security_refid, $security_try);

    if $checkSecurity = true //then the user has entered the right text.



    securityimages >= 4.0.0 Introducing a captcha hidden field visibility name
    in PHP <form> include($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php');
    $packageName = 'securityimage_newpass';
     echo "<tr><td>".getSecurityImageTextHeader()." *</td><td>".insertSecurityImage($packageName).
    "<br/>".getSecurityImageTextHelp().""
    .getSecurityImageField($packageName)."</td></tr>";
    in PHP code checking the <form> $securityimage_newpass_refid     = mosGetParam( $_POST, securityimage_newpass_refid', '' );
    $securityimage_newpass_try     = mosGetParam( $_POST, 
    securityimage_newpass_try', '' );
    $securityimage_newpass_reload     = mosGetParam( $_POST, '
    securityimage_newpass_reload', '' );         
    include_once ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
    $checkSecurity &= checkSecurityImage($securityimage_newpass_refid, $securityimage_newpass_try, $securityimage_newpass_reload);


    New!
    HNCAPTCHA: now color background is fully configurable

  • Only for Joomla! 1.X

    • BUG: wrong name for component: rename to com_akismet
    • BUGregister global off patch -> better for security
    • BUG: errors in documentation
    • BUG:error in configuration panel
    • BUG: check update URL was false, release  management category and descriptions up to date

    A version for Joomla! 1.5 is in queue :-)

    Do not forget to visit the component version management panel HEREwhich is also accessible through your administrator backend menu "Check for latest version"
  • From WikiPedia

    Inline linking (also known as hotlinking, leeching, piggy-backing, direct linking, offsite image grabs and bandwidth theft) is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located.

    This is not just Bandwidth Stealing, as

    • It cost CPU and bandwidth which means less performance for your visitors,
    • It cost a lot of money as you still pay the server cost, and loose ad revenues,
    • It drive people away from your reputable homepage since they will find your picture or files on any mirrors,
    • It may be a security threat at least for distributable software, anybody may alter (backdoor,ads, privacy information stealing) any of my open source component without my consent.

    The mod_rewrite module is able to intercept incoming URLs and modify them according to a set of rules that you specify. The basic idea is use the mod_rewrite module to inspect the incoming HTTP header. The field we're looking for is the Referer field - or basically the URL that the current request originated from.

    Referer

    This optional header field allows the client to specify, for the server's benefit, the address ( URI ) of the document (or element within the document) from which the URI in the request was obtained.
    This allows a server to generate lists of back-links to documents, for interest, logging, etc. It allows bad links to be traced for maintenance.

    So create a file .htaccess at the root of your site with the following content:

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?wiki.waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums.waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?bugs.waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?demo.waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?demo2.waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mirror.waltercedric.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?images.google.com(/)?.*$&160;&160;&160;&160; [NC]
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp|zip|css)$ http://www.waltercedric.com/bandwidthStealing.html [R,NC]

    Notes:

    • I want to allow cross linking between all my Subdomains wiki,demo, bugs, forums... so I have a bigger list of allowed Referer than usual to enter...
    • I do not allow hotlinking of the following resources for obvious reasons: jpg|jpeg|gif|png|bmp|zip|css
    • I redirect any bad people to a fix files on disk http://www.waltercedric.com/bandwidthStealing.html
    • You are allowed to copy the templates http://www.waltercedric.com/bandwidthStealing.html as long as you keep the bottom link.
    • Note the latest RewriteCond: I always allow Google to references my images

    There is a useful online generator with a lot more explanation online at the bottom of this page http://www.htmlbasix.com/disablehotlinking.shtml . This is active on my server since 2 weeks, and I've see a performance in response time.

    More tips&160;

    • To have an insight on resources stealing in nearly real time, simply put a statistics marker with for example Google Analytics to see how many people are landing on that page per week or months!
    • To generate money (better than nothing), dot forget also to put advertisements publicity on your redirect hot linking page
  • Has been released at Joomla Forge, see details here

    It is also rnning on my homepage so it is a pretty stable version ;-) tested against akcomment, akobook, contact

    Securityimages 3.0.0rc2

    • new: Logged in Users No/Yes Switch off the system for logged in users? 
    • new: new plugin HNCapctha which create beautiful captcha  (as seen on my site)
    • new: better localization of installation 
    • new: A system class detector which detect GD library and help users 
    • new: add 3 more fonts 
    • bug: reverse logic for displaying reload, sound button 
    • new start sound support, not active in this release. 
    • new better admin panel with screenshots of possible captcha and securityimage virtual box
    • Refactoring:
      - OO improvments: 8 new classes, DAO, move common setting to general tabs
      - move fonts to root of components/com_securityimages so they can be share among plugins
  • Definition: On défnit le spam comme étant l'envoi non solicité de mails à des centaines, des milliers ou des millions d'utilisateurs au hasard. Ces messages propose des biens matériels, des services financiers, des fichiers importants et même de la pornographie. Les technologies internet étant en perpétuelle évolution, le spam évolue en même temps. On a même vu des spammeurs attaquer des forums de discussions en y postant des messages sans rapport avec les sujets.

    Cette page va être constamment mise à jour, je ne donne pas de documentions sur le fonctionnement des logiciels présentés, simplement des pistes de départ pour lutter contre le spam, en général le fabricant ou la société possède déja un tutorial sur son programme.

    Filtrage du contenu HTML en temps réel

    Webwasher est gratuit pour un usage personnelle www.webwasher.com il permet de filtrer les webbugs, interdit les referers, FILTRE les bannières de publicité par taille (beaucoup ont une taille standard) et au choix interdit ou filtre les GIF animés (n'affiche que la première image). L'effet bonus est que le surf est plus rapide sans publicité.

    Firewall: filtrer l'accés aux ports du pc

    Toujours installer un firewall, il s'agit d'un logiciel qui filtre les ports de communications de votres pc et permet de définir des règles d'autorisation, vour verrez alors:

    • Quelquefois votre pc envoyer des donnees vers des sites étranges alors que vous ne browser pas de page, il s'agit de scripts qui renvoie des cookies (petit fichiers texte qui contiennent des informations sur vos habitudes, ou qui sont nécessaires au bon fonctionnement des sites de ventes) de tracing.
    • Des programmes de votre disque qui envoient des données alors que vous leur interdisez! Media Player 9, winamp3, XML Spy,.... etc c'est honteux
    • Des personnes qui envoient des requtes sur la pile tcip ou sur le system (port 445 par exemple) il s'agit de worms, chevaux de troie, virus divers. En fait les virus se propagent de machine infectées à machine infectées sans la moindre actions de l'utilisateur. La plupart de ces vers, s'installent et ouvrent des accés a votre machine à distance. Les plus évolués exploitent des failles ou coupe tout simplemeent le firewall!

    Firewall gratuit:Kerio personal www.kerio.com

    Autres browser

    Preferer le browser Opera qui est moins répandue que Internet explorer IE)car:

    • Il permet d'interdire les referer, technology qui permet de vous suivre (de quelle site A venez vous, si vous arrivez sur un site B), (menu file - preferences - privacy)
    • Moins répandue donc il y a moins de scripts/virus qui risque de marcher, la plupart étant optimisé/ne fonctionnant que sous Internet explorer (IE),
    • Il permet de mieux filtrer les cookies.
    • Il permet d'uinterdire gif animés, pubs, et scripts sournoix.

    Eradiquer les scripts présent sur votre PC

    Installer et lancer à intervalle régulier adWare de lavasoft, ou son concurent Spybot (totallement gratuit). il s'agit de tools qui scanne la mémoire, la base de registre et le disque dur a la recherche de:

    • Datamining,
    • Adware
      Adware may just be the newest and perhaps most misunderstood form of targeted advertising and there are legitimate companies that ensure personal information is not tracked.. 'just your browsing habits'. However the very nature of Spyware & Adware enables the compilation of really any data tracking companies see a need or have the desire to collect on you. There is no way of controlling what leaves your computer. Many companies have good "advertising only" intentions but doesnt any company have potential bad apples that could gather just a little bit more info than they are supposed to. For example when you order something online or login to a personal account, your username and passwords are sometimes displayed in the URL field at the top of your screen. If these query strings were captured there is no telling just how much damage could be done to your identity & your finances!
      Adware like Spyware, comes with great risk to your privacy. Tracking software is installed on your PC which continuously gathers data about yourself and others who use your computer. A livelink from your PC to the Spyware Co. is virtually peeking in on your every move whether you like it or not.
    • Publicité,
    • Parasites,
    • Scumware,
      Spyware consists of deeply embedded components of freeware, shareware and file sharing software. Free and near free sites are enabled to secure a revenue source by requiring users to agree to the monitoring of their keystrokes and online activity by the spyware developing company. Such Advertising supported software gives the shareware providers a revenue stream at the expense of your personal privacy. Your browsing habits, frequented sites, favorite downloads and the like are carefully recorded and provided to companies that in turn bombard you with targeted popups and banner ads that will 'conveniently' be in your area of interest.
    • Spybots
      Spybot worms are virtual pests more commonly known as spyware that sneak into your computer via exposed ports and disguised downloads and compromise your personal Security. These spybots spread via IRC and other programs and typically attempt to modify the config files of mIRC client software. As new users join the same specific channel shared by an infected PC, the malicious worm will prompt for download. This prompt can be disguised very well as a legitimate requirement like a client
      software upgrade, but Beware Scan all downloads first.
    • Keyloggers, petits programmes qui enregistrent vos passwords lorque vous les saississer!
    • Virus chevaux de Troie (Trojans), certains essaient même d'ouvrir votre firewall.
      A Trojan horse is a computer program which contains malicious programming code.This code is contained inside apparently harmless software or data and can unexpectedly seize control and often impose irrepairable damage. IE. such as damaging FAT files on your hard disk. A Trojan horse can be programmed to self replicate and may widely redistribute its harmful payload as part of a computer virus.
    • Dialers, leurs but: vous connecter par modem sur un service payant à plusieurs euro la minutes, pas dangeureux si vous n'avez pas de modem téléphonique (56K).
    • Malware,
      Malware is a shortened version of 'malicious software code'. Malicious software can include anything from trojans, hijackers, spyware and adware to computer worms and viruses. Any piece of content and code that acts in a way contrary to expectations could be deemed as malware. Therefore by this definition irritating popups and unsolicited email (spam) can be forms of malware.
    • Browser hijackers, and tracking components

    il nettoie votre pc de toutes ces cochonneries, pensez a updater regulierement sa base de connaissance, il est gratuit mais il faut l'acheter si vous voulez le laissez tourner en tache de fond (protection maximale). La derniere version registrer contient une partie résidente qui interdit les banners, bloque les referer et interdit les changements dans la base de registre de windows.

    Règles d'or: ne jamais...

    • NE JAMAIS ouvrir un email, suspect mais le détruire! souvent le mail contient des balises ou confirme à son expéditeur que la personne a lu son message et donc que l'email est valide. Prévenir vos connaissances qu'il ne doivent pas utiliser des titres de mail peu équivoque sous risque de se faire détruire par vous. Genre salut, hi hello. De meme, ne vous faites pas avoir par des titres de messages qui ne vous disent rien (du genre Re: xxxxxxx si vous avez rien envoyes a cette personne)
    • NE JAMAIS mettre sur votre site votre email, si vous voulez vous faire contacter, preferer créer une image jpg qui contient vos coordonnees: la reconnaissance de caractère est consommatrice de calcul et hors de portée d'un robot qui scannerai le web a la recherche d'email (quoique).
    • NE JAMAIS répondre et demander à se faire enlever d'une liste de diffusion, cela ne marche pas et vous allez apparaitre sur une autre liste car votre email à été validé.
    • NE JAMAIS transmettre un numéro secret, au pire cachez le dans une image en alternant les fontes, couleurs et taille de caractères. Vous pouvez aussi incliner ou barrer les caractères pour rendre l'OCR inopérant.
    • TOUJOURS mentir! si jamais on vous demande un email valide afin de compléter une registration ou finir un download, penser a donner ou a creer une boite au lettre "poubelle" qui ne servira qu'a cet usage.
    • Si vous avez des doutes sur certains mails, bloqué dans votre firewall tout le trafic le temps de lire vos mails (au moins aucune info ne pourra sortir de maniere automatique sur le reseau)

    Luttes communautaires p2p

    Si vous avez la chance d'avoir un provider qui utilise la technologie POP3 (par exemple si vous utilisez Outlook) alors vous pourrez utliser un plugin outlook, il existe un réseau peer to peer de lutte contre le spam (à installer comme un plugin), il s'agit d'un réseau communautaire de lutte ou chacun marque les emails suspect et aide les autres à ne plus les recevoir.

    • http://www.cs.berkeley.edu/~zf/spamwatch/"SpamWatch is a collaborative spam filtering system built on top of Tapestry, a peer-to-peer location/routing infrastructure. SpamWatch has the following features:
      Collaborative - Every user in a SpamWatch community contributes to the community by tagging certain emails as spam, and benefits from the contribution of all others.
      Peer-to-peer - Peer nodes (often local mail servers) join the large peer-to-peer network and provide service to local users. Tapestry ensures quick and accurate location of records and supports dynamic joining/leaving of peers.
      Content similarity based - The identification of spam emails are based on the content of emails, not on subject, sender or IP address. Moreover, moderate altercation of the content is tolerated. Common techniques used by spammers such as changing the salutation or spacing between words will not prevent the spams from being caught."
    • http://www.outlook-spam-filter.com/Outlook Spam Filter 2.0 is an easy-to-use Microsoft Outlook® add-on designed to provide an advanced protection against spammers and unsolicited emails. The program uses Bayesian filtering technology that identifies about 97% of incoming spam messages. Outlook Spam Filter seamlessly integrates into the Microsoft Outlook® workspace, scanning and quarantining away junk emails. Caught spam is placed in a special 'Spam' folder under your inbox if you ever want to review it later.
    • Taper p2p spam outlook dans google pour trouver d'autre technologies intéressantes

    Veille

    • Méfier vous de messenger et de hotmail, Microsoft est connu pour pousser le marketting au maximum, raison de plus pour installer un firewall et filtrer.
    • Si vous remplissez un formulaire web pour pouvoir télécharger un logiciels ou recevoir un login, creer un compte bidon qui fera office de poubelle. Ces sociétés veulent un fichier clients et le monnayent souvent à d'autres société.

    Autres

    Si vous avez de la bande passante (adsl ou cable 512kbits) et si vous étes parano, interdisez le cache! ou videz le après chaque session de surf (y comprit le contenu offline). TweakUI permet de faire cela. En effet nombre de cookie sont sauvés dans le cache, il signale dans quelle site vous etes passés, sur quelle site de vente vous êtes allés etc....Vous serez obligés de vous relogguer à chaque fois sur ebay par ex. ou vos forums, mais c'est le prix de la tranquilité.

    Spam humanistes ou bienfaiteur

    Rien n'est pire que cela, ce sont vos propres amis qui vous innonde de mails à la con, il s'agit de hoax, par ex: "mon enfant est malades, si chacun me renvoie 1$ alors...." ou "une télécommande pour éteindre les radards routiers" ou "nokia vous offre un portable si vous envoyer 50 fois ce messages" et autres débilités. La avant de faire n'importe quoi, allez sur un des sites qui référence les hoax et regarder avant de polluer la boite d'email de vos camarades. Attention les hoax subissent des mutations! les idiots qui les crées font varier quelques paragraphes dès qu'il savent qu'ils sont repérés.

    portail Hoax: http://hoaxbusters.ciac.org/

    Browser internet anonymement

    2 alternatives:

    • Chainer les proxy publics dans internet explorer: pour peu que vous utilisiez des proxy dans des pays différents, il y a très peu de chance qu'une société, ou un gouvernement arrive a récupérer les logs de tous les serveurs avant que ceux ci ne se fassent purger par leurs prestataires. Les proxy publics se trouvent avec www.google.com en tapant "proxy public". Pour les chainer, il suffit de les séparer par des ";" dans le panneau de configurations de IE.
    • Acheter ce service à des sociétés tierces (www.anonymizer.com par exemple) même principe que le proxy.
    • Utiliser JAP, (projet open source) JAP rend possible le surf sur internet de manière anonyme et empêche la tracabilité.
    • Utiliser FreeNET

    P2P kazaa, emule, edonkey

    En P2P vous n'etes jamais anonyme, Car pour fonctionner, ces logiciels ouvrent des connections point à point entre les clients (pas besoin de serveurs hormis pour indexer les clients et gérer la gestion des crédits, les recherches de fichiers). En fait installer un firewall et tenez vous au courant de ce qui circule sur ces réseaux (Méfier vous des vers (worms) sur le port 445 de emule, n'autoriser que les quelques ports nécessaire à son fonctionnement). Ne vous en faites pas la communauté open source cherche deja un moyen de se passer de ces adresses IP (par exemple en utilisant le broadcasting ou le cryptage par couches/mixages des paquets comme dans JAP) et donc de disparaitre du radar des majors ou des personnes malveillantes. Ne partager jamais votre liste de fichiers, inutile de dire à un etranger que vous avez 20000 mp3 ou autres a partager.

    Désactiver

    • Désactiver ActiveX en priorité dans les pages, c'est la pire des technologies internet et elle permet d'avoir un controle quasi-totale sur votre systeme.
    • Internet explorer IE est une calamités technologique ambulantes, essayer tant que possible de vous en passser, essayer Firefox ou mozilla
    • Vérifier toujours 2 fois avant d'accepter ou de truster une compagnie avant d'installer un de leur plugin.

    Pouriel

    Beaucoup de process de registration, ou de download demande maintenant une adresse email pour fonctionner (bonne idee pour se constituer un fichiuer rapidement), l'idée est de creer une boite a letter poubelle ou mieux temporaire qui ne servira qu'a cela.
    ex: This email address is being protected from spambots. You need JavaScript enabled to view it. ou This email address is being protected from spambots. You need JavaScript enabled to view it.
    www.abuse.org vous permet de creer un email bidon de duree de vie limité (de 1h a 24h) et qui redirige les mails vers votre adresse reelle.

    Liens internet

     

    Trop tard

    Vous etes reperés, votre boite au lettres contient plus de mails de spam que de mails intéressant, seule solution: La fuite! détruisez et ne vous connectez plus sur ce compte. Astuces pour signalez a tous vos contacts que vous n'etes plus la, remplissez votre boite a lettre a la limite admissible, ou si cela est possible: utiliser la fonction auto reply qui contiendra votre nouvelle adresse sous forme d'images si possible scrambler comme cet exemple:

  •  

    SecurityImages BETA will be available in no more than 2 days...

    Note that SecurityImages is still WAY to intrusive toward Joomla! as core file has to be changed in order to use Captcha.

    Lets take the contact section of Joomla! as  an example.

    • Download the patch HERE (soon available as a ready to use patch) and overwrite file on your server OR
    • Do it on your own, this is more for3rd party developer, or people wanting to understand the internal of Joomla! or SecurityImages
    Click Read MORE!


    It is always recommended to use a switch in all your component to activate deactivate SecurityImages per components  through the administrator control panel.

    This is done by adding to administrator/components/com_contact/contact_items.xmlthe following code:

    <param name="useSecurityImages" type="radio" default="1" label="Use SecurityImage Captcha" description="Enable Captcha verification">
    <option value="0">No</option>
    <option value="1">Yes</option>
    </param>

    Joomla will read this xml file on the fly  and build the graphical user interface for the contact settings.

    contact.settings.securityimages.5.0

    Since Joomla! 1.5 now use a Model View Controller paradigm, we have to alter the controller, and add a new Task displaySecurityImagesCaptcha()in  components/com_contact/controller.php:

      functiondisplaySecurityImagesCaptcha() { 
            global
    $mainframe
           
            //Per contact you can define if the user has to resolve the capctha 
           
    $contactId=JRequest::getVar('contact_id',0,'','int'); 
           
    // load the contact details 
           
    $model   = &$this->getModel('contact'); 
           
    $qOptions['id'] =$contactId
           
    $contact       =$model->getContact($qOptions); 
           
    $params= newJParameter($contact->params); 
             
            if (
    $params->get('useSecurityImages')) {     
               
    $check=null
               
    $mainframe->triggerEvent('
    onSecurityImagesDisplay', array($check)); 
                if (!
    $
    check) { 
                    echo
    "<br/>Erreur affichage du Captcha<br/>"
                } 
            } 
                 
        } 
    As you can see, the event "onSecurityImagesDisplay" is triggered on a per contact name basis. That mean that some contact can have a Captcha while other have not. 

    The next step is to add the task checkSecurityImagesCaptcha() checking the captcha in the components/com_contact/controller.php
    functioncheckSecurityImagesCaptcha() { 
            global
    $mainframe
      
           
    $contactId=JRequest::getVar('id',0,'','int'); 
           
    // load the contact details 
           
    $model   = &$this->getModel('contact'); 
           
    $qOptions['id'] =$contactId
           
    $contact       =$model->getContact($qOptions); 
           
    $params= newJParameter($contact->params); 
           
            //check if that user has a capctha 
           
    if (!$params->get('
    useSecurityImages')) {  
                return
    true
            } 
           
    $return=false
           
    $securityImagesJoomlaContactUserTry=JRequest::getVar('securityImagesJoomlaContactUserTry',false,'','CMD'); 
           
    $mainframe->triggerEvent('
    onSecurityImagesCheck', array($securityImagesJoomlaContactUserTry &$return));
            return
    $return;
        } 
    One more step is to alter the original submit() method of the controller in components/com_contact/controller.php
            global$mainframe  

           
    if (!$this->
    checkSecurityImagesCaptcha()) {
               
    JError::raiseWarning("999","Invalid Captcha Code");
               
    $this->display();
                return
    false;
            } 
    And finally altering the view /com_contact/views/contact/tmpl/default_form.php
    to display the Captcha field

    <?phpif ($this->params->get('useSecurityImages')) {?>             
    <img src="/index.php?option=com_contact&task=
    displaySecurityImagesCaptcha&contact_id=<?phpecho$this->contact->id;?>"> 
    <br /> 
    <input type="text" name="securityImagesJoomlaContactUserTry" /> 
    <br /> 
     <?php}?>
    As you see a lot of thing have been done, and I am still testing and improving the code.
  •  Hello spammers, just to tell You that I NEVER publish a guestbook entry or comment without trying to search first in google if You are not a possible spammer!

    Example: someone has posted in my guestbook the following "thanks you for such a nice website" with his homepage and email. I copy the url of that person in google and finds 100 results, the same comments, the same rating 5/5 given to 100 sites...Hello I am not naive -> entry deleted

    I wish everyone is doing the same, be really cautious!  A lot of people only want to increase their ranking in Google!

    {mosgoogle center}
  • Hashcash component has protected successfuly my homepage against several attack these past days...(Casino, poker and so on...) Hello Spammer I seing Your server IP in Hashcash logs files... :-)

    • 80.178.207.175 (Amsterdam, Netherlands) and
    • 83.241.10.135 ( Marina Del Rey, California, United States ) and
    • 83.28.166.64 (Marina Del Rey, California, United States)and
    • 83.28.167.186 (Marina Del Rey, California, United States)

    Next release of hashcash:

    • A correct and well formed XML in logs files ;-)
    • A random security images -> changes in akocomment, easy to do since there is a very good tutorial at DEVSHED.com
    • A way to blacklist comments by IP...
    • Maybe some geolocalization of IP...
    • Some graphical statistics...

  • Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding

    1. Create a temporary directory c:\patch
    2. Copy an existing patch distribution, under a new name
      For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
    3. Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zipand save it in the same directory c:\patch\
      patches.for.securityimages.howto
    4. Now download a free trial copy of Beyond compare from www.scootersoftware.com and install this great application
    5. Select the 2 zip files, and right click “compare”
      patches.for.securityimages.howto.1
    6. Now it is like a game, on the left side, you have you patch that need to be updated with the latest Joomla! core changes, just edit every file present on the left and update line that are new or changed till you are finished. Luckily there is only 14 files to merge
      patches.for.securityimages.howto.2
    7. Test the result in a Joomla test instance.

    I do this for you at each release of Joomla!

  • rockettheme

    Note: I'll do this for you, but you'll have to send me the template per mail first. Since most of the RocketTheme  templates are commercial. I will send it back to you patched.

    Example patching ja_purity_template.zip

    1. Download beyond compare and install (trial 30 days)
    2. Download an existing patches for joomla! for example Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00

    Select both files

    • Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00
    • ja_purity_template.zip

    Right click and select compare

    Move to ja_purity_template.zip\template\ja_purity\html in the left windows and right click, select "Set a base folder", do the same in the right windows and select "components" and right click, select "Set a base folder"

    rocketThemeForSecurityImages001  

    Now move to each file, you'll see that Rocketthemes is overriding internal file of Joomla! (this is allowed), select on rigth side a file default_form.php and right click "compare to" (or click F7), select on the other side the same file name at an equivalent position in file system

    rocketThemeForSecurityImages002

    You see now the differences, the objective is to copy some part of the left side into the right side, select code on the right side and click the arrow to copy a block of code,

    rocketThemeForSecurityImages003

    If you succeed, carefully copying the code, you ll have a Rocket Theme (or any other Joomla! templates) patched for SecurityImages.

    If you can’t do this, remember ill do it for you! Templates that I already patched are

    • jA_purity
    • JA Opal

    This post is cross-posted from my WIKI

  • 3028_logo-jext 
    JArtForms seems to have issue with SecurityImages, as seen in my forum here, so here are the patched
    versions working with SecurityImages 5.0.

    ArtForms2.1b7.1-for-J1.5-RC1-Update-Only.zip is clearly developed for SecurityImages 4.X.X (Joomla 1.0.X)
    and not for SecurityImages 5.X.X (Joomla 1.5.X)


    The JArtForms component is a package for an easy From Generator for Joomla 1.0.xx.
    It allows you to generate as much Forms as you like, you can define all fields
    that you need and also make file upload and attachment possible.
    The idea of the JArtForms is to give a tool that is enabling you to create a
    dynamic forms in minutes within your Joomla! CMS.
    The key features are:

    • Possibility for create an unlimited amount of forms with unlimited fields and contents.
    • Possibility to edit component's CSS, language, settings and update easy from old versions.
    • Optional you can save all received forms in database.
    • Custom Lay-out for every field.
    • View received forms in Front End.
    • Joomla's SEF support and added sh404sef support.
    • Joomfish support.
    • Newsletter Bridge (only Letterman for now).
    • Database Backups and easy updates from previous versions.
    • Captcha support with optional systems for every form (Alikon Mod, CaptchaForm,
      CaptchaTalk, reCaptcha, Alikon Mambot, SecurityImages and EasyCaptcha).
    • Language and Captcha audio support for spanish, english, german, hungarian,
      dutch, turkish, brazilian portuguese, french, italian and polish (polish without audio files).
    • And much more!

    I wont maintain nor make any new versions of JArtForms. Please contact the authors and ask them to
    patch their code, or with the next version my code will suddenly break...

    For Joomla 1.5, either download

    For hacker, all you have to do is use the version  ArtForms2.1b7.1-for-J1.5-RC1-Update-Only.zip and follow
    the tutorial below

     

    in file administrator/components/com_artforms/lib/af.lib.afforms.php line 672 replace code producing captcha with

    case '6':  //securityimages captcha component
    if (file_exists(JPATH_SITE.DS."administrator".DS."components".DS."com_securityimages".DS."config.securityimages.php")) {
    $html = '<div align="center">';
    $html .= "<script type=\"text/javascript\" src=\"".JURI :: root()."components/com_securityimages/js/securityImages.js\"></script>";
    $html .= "<img id='_artFormCaptcha' name='_artFormCaptcha' align='middle' src='".JURI :: root()."/index.php?option=com_securityimages&task=displayCaptcha'>";
    $html .= "<a href=\"javascript:askNewSecurityImages('_artFormCaptcha');\">";
    $html .= "<img src=\"".JURI :: root()."/components/com_securityimages/buttons/reload.gif\" id='_artFormCaptchaReload' name='_artFormCaptchaReload' border='0'>";
    $html .= "</a>";
    $html .= '</div>';
    $html .= '<div>'.JText::_('ARTF_CAPTCHA_TITLE').'<input type="text" name="_artFormCaptchaUserTry" id="_artFormCaptchaUserTry" /></div>';
    $html .= '</div>';
    return $html;
    } else {
    return;
    }
    break;
    .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: 008000; } .csharpcode .kwrd { color: 0000ff; } .csharpcode .str { color: 006080; } .csharpcode .op { color: 0000c0; } .csharpcode .preproc { color: cc6633; } .csharpcode .asp { background-color: ffff00; } .csharpcode .html { color: 800000; } .csharpcode .attr { color: ff0000; } .csharpcode .alt { background-color: f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: 606060; }

     

    Line 164 for the code checking the captcha

    if (file_exists(JPATH_SITE.DS."administrator".DS."components".DS."com_securityimages".DS."config.securityimages.php")) {
    $checkSecurity = false;
    $_artFormCaptchaUserTry = JArrayHelper::getValue( $_POST, '_artFormCaptchaUserTry', '' );
    $mainframe->triggerEvent('onSecurityImagesCheck', array($_artFormCaptchaUserTry, &$checkSecurity));
    if ( !$checkSecurity ) {
    $msg = JText::_( 'ARTF_CAPTCHA_FAIL' ).'&afimg=0';
    $mainframe->redirect( JRoute::_( $alink.'&formid='.$formid.'&Itemid='.$Itemid.'&afmsg='.$msg ) );
    }
    .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: 008000; } .csharpcode .kwrd { color: 0000ff; } .csharpcode .str { color: 006080; } .csharpcode .op { color: 0000c0; } .csharpcode .preproc { color: cc6633; } .csharpcode .asp { background-color: ffff00; } .csharpcode .html { color: 800000; } .csharpcode .attr { color: ff0000; } .csharpcode .alt { background-color: f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: 606060; }

     

     

     

    .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: 008000; } .csharpcode .kwrd { color: 0000ff; } .csharpcode .str { color: 006080; } .csharpcode .op { color: 0000c0; } .csharpcode .preproc { color: cc6633; } .csharpcode .asp { background-color: ffff00; } .csharpcode .html { color: 800000; } .csharpcode .attr { color: ff0000; } .csharpcode .alt { background-color: f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: 606060; }
  • These files are from the 1.0.11 Joomla distributions plus all changes required to support securityimages in
    • com_contact
    • com_login
    • com_registration
    Please Note:
    1. this is a FTP patch!
    2. There is now way to deactivate securityimages in com_contact (other than deactivating securityimages sitewide)

    Patch is available in my download section and at Joomla Forge HERE

    Do yourself a favor and always use the latest securityimages version 3.0.7 . All versions of securityimages with a release  <= 3.0.5  have a  highly critical  securty flaws (server takeover) so UPGRADE

  • joomla_cms

    logo_virtuemart

    As some users have encounter issues with VirtueMart 1.1.3 as no captcha is displayed as default, here is a small how to. The features is a bit hidden, but it works as expected.


    Go to yoursite/administrator/index.php?pshop_mode=admin&page=admin.user_field_list&option=com_virtuemart

     

     virtuemart.securityimages

    Add a new field! (Add / Edit User Fields)

     virtuemart.securityimages.2
    Result, layout can be optimized a bit I agree

     virtuemart.securityimages.3

    Read more in the Official Documentation of SecurityImages

  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10

    Since Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.10 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages

    DOWNLOAD HERE and stay up to date with the Joomla! 1.5 patches RSS feed&160;Feed Icon

  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11

    securityimages box Since Joomla 1.5.11 is released...Here are the new patches for SecurityImages 5.1.1 AND Joomla! 1.5.11

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.11 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new Boolean value
      (true or false) in Joomla! configuration for using SecurityImages. (do nothing if you were previously using patches)

    DOWNLOAD HERE and stay up to date with the Joomla! 1.5 patches RSS feedFeed Icon

  • smallbox_securityimages

    Only for SecurityImages 5.1.x and Joomla! 1.5.12

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.12 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE config once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    &160;

    Download/ Details / Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

  • smallbox_securityimages

    Only for SecurityImages 5.1.x and Joomla! 1.5.13

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.13 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    &160;

  • Only for SecurityImages 5.1.x and Joomla! 1.5.14

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.14 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  • Only for SecurityImages 5.1.x and Joomla! 1.5.15

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages&160;

    • Are for Joomla! 1.5.15 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.15-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.16


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages
    • Are for Joomla! 1.5.16 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.16-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.17


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages
    • Are for Joomla! 1.5.17 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  •  

    User of Joomla! 1.5.17 with patch “Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip” you can skip this update: no need to install since patches are identical

    • Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip = Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

     

    Only for SecurityImages 5.1.x and Joomla! 1.5.18


    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.18 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  • 152release

    Since Joomla 1.5.2 is released...Here are the new patches for SecurityImages 5.0.0

    • Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages
    • Are for Joomla! 1.5.1 only and SecurityImages 5.0.0Beta2
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details
    • Download file Joomla_1.5.2-Stable-Full_PackageForSecurityImages5.0.0.zip (33kB) and overwrite file on your server
    Download them here
  •  

    Only for SecurityImages 5.1.x and Joomla! 1.5.21

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.21 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    User of Joomla! 1.5.20 with patch “Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip”

    you can skip this update: no need to install since Joomla 1.5.21 did not change any of the files that are required for securityimages

    • Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    • EQUAL
    • Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

     

    Keep up to date with the Joomla! 1.5 patches RSS Feed Icon

    Download

    How to install documentation

  • Only for SecurityImages 5.1.x and Joomla! 1.5.22
    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.22 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server with the zip package usign FTP/SCP
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.

    How to install documentation

    Download Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip