Select Page

User/Developer guide Hashcash1.0

Posted by | Apr 26, 2005 | | 0 |

User/Developer guide Hashcash1.0

Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage (in comments or guestbook section for example). The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024….
This also do not allow robot to easily sumbit code without parsing Your HTML page before…

User developer guide of the cryptographic component framework for Mambo: com_hashcash

A version 1.0 will be release soon….GNU/GPL

Developer Documentation

@component: com_hashcash
@copyright (C) 2005 Walter Cedric for Mambo Integration
@license http://www.gnu.org/copyleft/gpl.html GNU/GPL
Free Software

3rd partly Javascript

3rd partly PHP

  • MD5/RSA/SHA1 part of PHP language.

Based on:

Kudo to all developer above! Thanks to GPL I do not have to reinvent the wheel…

Links:

Requirements

  • Component: com_hashcash – cryptographic facility for Mambo
  • Component already using com_hashcash: com_akobook 3.42 and hashcash1.0 and com_akocomment 2.0 and hashcash 1.0
  • Required prior to installation: com_log4php

Principe:

Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage. The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024….
This also do not allow robot to easily sumbit code without parsing Your HTML page before…

How It works in details

This code add a supplementary hidden field in all html form submitted to the user.

– The hidden field name has a random name (Hname), each time different at each load of the page
– The hidden field value is a cryptographic hashcode (MD5, MD4 or RSA) value. (Hvalue),

Hvalue = Crypt(UserSessionID + mosConfig_absolute_path + UserBrowserAgent + TodayDate(F j, Y, g a))

Crypt is the cryptographic PHP function: MD5, MD4 or RSA

If the user want to submit a comment, the browser with the help of a small javascript will have to
– locate the hidden field name (Hname) with javascript: (function replace())
– rehash with MD5 the hidden field value (Hvalue) (it is time consuming)
and send everything back to server.

If the spammer do not follow the challenge, the comment wont be accepted….
You Can switch ON/OFF this feature in Admin control panel under the tab posting of component akocomment and akobook

Configuring HashCash

open file /com_hashcash/settings.php with Your favorite text editor:

key in filevaluesnotes 
$hashcash_use = ‘md5’‘md4′,’md5’ or ‘sha1’md4, md5 or sha1 
$hashcash_debugtrue/falseWill write all informations in page by from submit 
$hashcash_log_activetrue/falseSpams submission will be written to logs 
$hashcash_log_alltrue/falseLog accepted and refused post -> be careful with size of logs! 
$hashcash_log_file$GLOBALS[‘mosConfig_absolute_path’] . "/components/com_hashcash/hashcash.log"Location of the logs file 
$hashcash_Notify_Admintrue/falseNotify an administrator by email? 
$hashcash_log_sizeintegereach 64kb a mail will be sent to admin with the content of logs 
$hashcash_AdminEmailvalid emailadmin email 

Note: An Administrator frontend will be shipped with release 1.0

Protecting Your Mambo Forms against Spammers and Robots

php code send to the client (in the code where You create the form)
# include and instance of Object, in the portion of code where Hashcash is needed, note that I have here a strong reference to the algorithm…(Here MD5)
# This will be soon a factory
include($mosConfig_absolute_path.’/components/com_hashcash/plugins/md5/php/CodeInliner.php’);
$MD5CodeInliner =& new MD5CodeInliner(true);

#Insert this JS (js1), the browser will use this js during submit to localize the random hidden field name, and encrypt its value
echo $MD5CodeInliner->insertHashCashJavascript(false);

#Insert this code in your submit or validation JS method, this will call js1
echo $MD5CodeInliner->insertSubmitJavascript();

#add the hascash input field in Your form
echo $MD5CodeInliner->insertHiddenField($contentid);

Verifying on the server in Your code that the user submission can be accepted

in the code where You validate and do somethig interesting with the submission
include($mosConfig_absolute_path.’/components/com_hashcash/HashcashChecker.php’);
$HashcashChecker =& new HashcashChecker();

$submission = $HashcashChecker->check($submission, $contentid);

$commentIsAccepted = strlen($submission) != 0;

if ($commentIsAccepted)
{

}

else

 

Changelog:

Real object model, abstract class and factory still missing…

 

Rate:

About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Related Posts

SecurityImages 4.0.1

SecurityImages 4.0.1

November 12, 2006

Joomla! mosSociable new version

Joomla! mosSociable new version

September 7, 2008

Joomla 1.5.11 Security Release Now Available

Joomla 1.5.11 Security Release Now Available

June 3, 2009

SecurityImages 5.1.0 Release

SecurityImages 5.1.0 Release

September 20, 2008

Categories