Guest book. Guest book Naughty guestbook

galkovsky shared the link that I had been looking for for a long time - the archive of his guest book for 1998-1999. In these carefree years of youth, it seems to me that I just managed to buy a 144,000 modem on my own and periodically surf the Internet at night and not just on free city resources. Then, as you might guess, I lost interest not only in reality but in everything except the Internet. Until 1998, I visited it only periodically; since 1995 I stayed with friends, etc. and then the Third Reich began to flow through the veins. Then, I remember, it simply killed me that the sites were not connected in any way and it was extremely difficult to find something interesting and most of my time was simply spent mindlessly wandering through links, then it seemed to be called “surfing,” but with my psychopathic persistence I climbed everything from fakrunet to lenin.ru. It was somewhere there that I heard about Galkovsky for the first time, but due to the speed of movement and his young age, I ran past. I realized that I had missed it only in 2004, when, following the slander of my comrades, I decided to start a LiveJournal for myself, just like with adults, Chizhikov immediately gave me a link to Galkovsky’s LiveJournal and off we go. By the end of 2005 I finally reached the archives for 1998, but we are growing. For one thing, you can remember your mediocre and irretrievably lost youth!

It was still a wild time back then and everyone wrote guest papers, which was not even considered shameful. And this banner was drawn by my young friend Vova Aqualang:

Actually, the guestbook is interesting primarily for studying “how it works.” Tsimus is that during this period of time Galkovsky obviously did not have information that Russia has been a British colony since 1917. The fuss with the “mystical Lenin” looks especially nice in this light; Galkovsky spends enormous resources, writes pages of text to explain the phenomenon of Lenin, but still cannot find an answer.

This reminded me of a note written by Galkovsky himself from his Infinite Deadlock: http://samisdat.com/3/311-114.htm

In the same way, his brain swelled until quantity turned into quality, and his brains shrunk as unnecessary. Now Galkovsky can explain everything at once with a page of text. As they say, simplicity will save the world.

It is from this side that it is interesting to see how Galkovsky grew and developed. Well, besides, he had a nice conversation with Krylov and Kholmogorov, not realizing that they were writing an endless flame for “Kozlochkov” for a salary in the KGB.

It would be great to also find the “broken compass” with other goodies.

I haven't read much yet, but I already liked the accuracy.

"We looked at the main capabilities and features of the review book component and began to review its settings. In this article, we will finish looking at the extension options and talk about spam protection.

Options that have tooltips in Russian will not be considered. Only the most interesting, important, and, in my opinion, not entirely clear settings will be considered.

View

The settings on this tab (picture below) relate to guest book entries (messages) left by users and responses to these entries (comments) left by the site administrator.

The numbers in the list below correspond to the numbers in the picture above. By enabling/disabling the corresponding options, you show/hide certain elements of posts and comments.

  • Display Name in message.
  • Display Email in message.
  • Display Website in message.
  • Display Name in replies.
  • Display Topic in comment.
  • Display Email in replies.
  • Display Website in responses.
  • Show date in replies.
  • Drop-down list.

    • Let's look at the remaining options.

    • Show Messages. If this option is disabled (selected No), then the Joomla review book will not display any entries, but only the form. In essence, the book will simply become a form of feedback.
    • Show comments. You can completely hide comments on posts. They are outlined in blue in the picture above.
    • Pagination. Activates the division of book entries into pages if there are many of them.
    • Default page numbering. Indicates how many records should be displayed on one page.
    • Pagination (Messages). You can set the values ​​that will appear in the drop-down list (No. 9 in the figure above). Essentially, this is setting up pagination (page navigation).
    • Enable Cache. If you have activated the use of a cache in Joomla's general settings, by enabling this option, add pages with guest book entries to the site's cache. This can reduce server load and increase page loading speed for users. I recommend using this option. It is worth noting that caching may result in entries in the guestbook not appearing immediately after they are published (depending on the cache).
    Safety

    This is one of the first five tabs (picture below) of the Phoca Guestbook settings, dedicated to security (spam protection). It is mainly aimed at identifying prohibited content in Joomla guestbook reviews using the components itself and according to your rules.

    Options that have tooltips in Russian will not be considered.

    For some options the following parameters are available:

    • Save. If a message contains something prohibited, it will be saved in the site's database.
    • Publish. If a message contains something prohibited, it will be published on the site.
    • Pre-moderation. If a message contains something prohibited, it will be saved in the site's database, but will not be published until it is checked by a moderator who will make an appropriate decision.
    • Reject. If a message contains something prohibited, it will not be saved in the site's database.

    Please note that it is possible to “overlay” the operation of certain safer options within all component settings. For example, the publication status may depend on the option Pre-moderation on the tab Basic .

    Option Enable HTML sanitization allows you to automatically remove all prohibited\unsafe HTML tags from Joomla 3 guestbook entries.

    Content check

    The options on this tab allow you to configure the integration of Phoca Guestbook Joomla and anti-spam services Akismet, Mollom. The services analyze messages that users leave in the guest book. If these messages look like spam, one of the actions you specify in the option will be taken Block SPAM (Content Check). The actions are similar to the parameters of the same name described above in the subsection Safety. If selected No (Prohibited), then spam checking will not be performed using these services.


    You can disable one of the services. You need to register on antispam service websites and receive the appropriate keys, which must be entered into the appropriate fields on this tab (picture above).

    It is also worth noting that as of September 20, 2015, there are limits for free service accounts:

    • Akismet – up to 50,000 checks per month. Approximately 1666 checks per day.
    • Mollom – up to 50 checks per day. Approximately 1500 checks per month.

    I have been using Akismet to protect comments on my website for over 2 years now. So far I haven't noticed any problems.

    Please note that the use of these services may slow down the process of sending an entry to the guest book, since the message is first sent to the servers of these anti-spam services, where it is processed, and the result of the check is sent back. If the connection between your site and the service is overloaded, or the service itself is overloaded, then there may be a time delay from the moment the user clicks the “Submit” button until your site reacts in some way.

    IP Address Check

    On this tab (picture below) you can configure the integration of the review book with anti-spam services, which detect spam based on an analysis of the IP address from which the entry is added to your website. There are three services available in which you need to register and receive the appropriate keys. You don't have to register (or use) all three services. You can experiment and determine the most effective one for you.

  • Honeypot.

    • You can set various actions in cases when anti-spam services detect something (option Banned IPs). The actions are similar to the parameters of the same name described above in the article.

    It is also possible to set a list of prohibited IP addresses manually - option IP blocking.

    In Phoca Guestbook on the tab (picture below) There are many options for adding a captcha to the form for submitting entries to the review book. Based on my own experience, I can say that captcha is a very inconvenient element for visitors to your site. I recommend using it only when absolutely necessary. When nothing else helps or there are no funds to implement more convenient for visitors protection of your site from spam.

    On my website, I don’t use captchas in comments, newsletter subscription forms, and personal messages. I only use this during registration and on the feedback page. I plan to abandon captcha for registration in the near future if I can find a suitable alternative. But I’ll leave it in contacts, since I prefer to correspond with visitors either in comments or in private messages. There are a number of reasons for this (letters from the form come to me by email):

    • A lot of messages arrive in mailboxes. It is not always convenient to search for certain email chains.
    • The likelihood of a message ending up in the Spam folder. There were cases when users did not find letters for this reason.
    • I respond to personal messages and comments on articles much faster for technical and organizational reasons.
    • There were cases when users deleted email chains containing information they needed.

    You can add one or more of the following captchas: reCAPTCHA, EasyCalc, Math Captcha, TTF Captcha, Mollom Captcha, hnCaptcha, Joomla default captcha. For some of them there are settings (picture above). I note that adding several captchas is an extreme measure. Especially for sites with low traffic and user activity.

    To use, for example, reCAPTCHA, keys are needed. You can get them for free at captcha website.

    First, let's look at those methods (settings) that do not or minimally affect the usability of your Joomla review book. But in my opinion they provide less automation and overall anti-spam protection. It is understood that the recommendations below apply in cases where entries can be left by any users (including unregistered ones).

  • Enable logging of adding records (logging). This can be done in Phoca Guestbook – Settings – Logging, activate both options ( Enable Logging, Saving Log Log). If there are problems with the database, then disable Saving Log Log. If it doesn't help, then turn it off and Enable Logging.
  • Enable pre-moderation. This can be done in option Pre-moderation.
  • Enable administrator email notifications about new posts. This can be done in Phoca Guestbook – Settings – Basic option Send Email.
  • Enable user verification. This can be done in Phoca Guestbook – Settings – Basic option Disable user verification.
  • Content check.
  • Configure integration with one or more anti-spam services in the component settings on the tab ExaminationIP-addresses.
  • Specify a unique session suffix. This can be done in option Session suffix.
  • Enable HTML sanitization. This can be done in Phoca Guestbook – Settings – Security option Enable HTML sanitization.
  • Enable hidden field. This can be done in option Show hidden fields.
  • Constantly analyze the event log and make appropriate adjustments to protect your site.
  • Constantly monitor all letters about new posts, moderate them, and based on moderation, make appropriate adjustments to protect the site, for example, add IP addresses, words, and so on to the filter.
  • Set a list of prohibited words. This can be done in Phoca Guestbook – Settings – Security options Prohibited words, Prohibited entire words. Considering the peculiarities of the language (cases, declensions, variety of obscene language, etc.), as well as the imperfection of this filter (searching for clear matches), in my opinion, these are not such effective options.
  • Set limits on the maximum number of message characters. The default is 2000. This can be done in Phoca Guestbook – Settings – Security option Characters.
  • Limit the number of links displayed in a post. This can be done in Phoca Guestbook – Settings – Security option Maximum Url. Set to "-1" (without quotes) if you don't want to show links at all.
  • Specify a list of words that identify links in guestbook entries for Joomla 3. This can be done in Phoca Guestbook – Settings – Security option Indicator words for banning links.

    • Please note that adding a large number of values ​​to fields such as: Prohibited words, Prohibition of whole words, Indicator words for prohibiting links and so on, can increase the size of the Phoca Guestbook database table, slow down its overall performance, and slow down the process of sending records to the book. For example, I tried adding a list of several thousand words (profanity) and adding a comment took a very long time. This was not with Phoca Guestbook, but I think that this problem may also appear for this component.

    The methods listed below are worse in terms of ease of use than those described above, but are more effective and work automatically. They should be used in combination with the above list, as an addition.

  • Allow only registered users to add entries to the guestbook. By default, Phoca Guestbook is configured this way. It is better to have a captcha when registering.
  • Disable the Javascript editor. This can be done in Phoca Guestbook – Settings – Form option Enable Javascript Editor.
  • Add captchas (or several) to the form for adding an entry to the review book. This can be done in Phoca Guestbook – Settings – Captcha option Enable Captcha. Enable captcha for all users.
  • Turn on timing and locking. This can be done in Phoca Guestbook – Settings – Captcha options Enable time countdown And Blocking time.

    • Please note that you can use any combination of the above methods.

    I also strongly recommend taking care of the general protection of your site. If you are interested in this topic, then check out the series of articles on protecting the Joomla website. Here is the first (of 12) part. Also consider something like RSFirewall.

    To display reviews on the site (in the front part) and the form for adding them, use the menu item Guest book(picture below). It can be created in the Joomla Menu Manager, just like any other menu item.


    All options “unique” for this component, available when setting up a menu item, are divided into five tabs. Most of the options are similar to those discussed in this and the previous article for the component itself. Let's look at the most interesting, in my opinion, parameters. Also, we will not touch on the settings that are the same for all types of Joomla menu items.

  • Menu item.
  • Options. These options were discussed in a previous article.
  • Form.
  • View. These options were discussed earlier in this article.

    • On the tab Menu item(picture above) in the drop-down list Selecting a guest book You can specify the book that you want to display when you click on this menu item. Book creation is discussed in the previous article “Phoca Guestbook Review. Joomla Guestbook".

    On the tab (picture below) there are options that allow you to change the color design of the book. If this is disabled, the stylesheet settings of your site template will be used.

    You can read more about various Joomla templates and working with them in this section.


    Please note that the global (general) settings of Phoca Guestbook Joomla have less priority in cases where a specific menu item has its own settings (if they are different).

    As you can see, the component is very functional and flexible in terms of settings. I think that, combined with a wide range of anti-spam options, this free review book component for Joomla 3 will be useful to anyone looking for a similar extension.

    One day, my friend asked me to test his website for security.
    Naturally I agreed. After scanning the ports, I realized what I needed to look for
    hole in the scripts. Which is what I did. But as luck would have it, I couldn’t find anything. On
    There are practically no scripts on the site, and those that exist are protected. My attention
    I was attracted by the guest book. The fact is that all the scripts on the site were written
    by the author, but not by the guest! This was the script of the very popular guest Sad
    Raven's Guestbook. Tested the script for popular errors
    - not fate, all input parameters
    filtered... Then I downloaded the sources and began
    figure it out.

    The guest room consists of 2 modules,
    administration and itself
    guest room We are interested in administration...
    Almost immediately I realized that the password
    stored in encrypted form (MD5).

    if (file_exists("passwd.dat") &&
    $QUERY_STRING != ""):
    require("passwd.dat");
    if (!isset($alogin) || md5($pass) != $Password[$alogin] ||
    !isset($Password[$alogin])):

    The password is stored in the passwd.dat file. Opening this
    file in the browser, I saw:

    All that remained was to decrypt the password. This
    done with md5indide software. For hacking
    you need to create a text document and
    enter the following into it:
    $Password["root"] = "7e0c76b830931fc0eca7e69a4a2574db";
    Next, this file is opened in md5inside and
    deciphered The highest percentage gives
    search through the dictionary. 20 minutes later I had
    admin password. If you think that I
    only got edit access
    messages, then you are very mistaken. I could
    edit design! I came to this section
    and saw that you can edit two files
    - header.inc.php and footer.inc.php . Both are responsible for the view
    Guest. So, both of them have extensions themselves
    see what.

    First file:



    Guest book




    >

     

    It might be useful to read: