Guest book. Guest book Naughty guestbook
It was still a wild time back then and everyone wrote guest papers, which was not even considered shameful. And this banner was drawn by my young friend Vova Aqualang:
Actually, the guestbook is interesting primarily for studying “how it works.” Tsimus is that during this period of time Galkovsky obviously did not have information that Russia has been a British colony since 1917. The fuss with the “mystical Lenin” looks especially nice in this light; Galkovsky spends enormous resources, writes pages of text to explain the phenomenon of Lenin, but still cannot find an answer.
This reminded me of a note written by Galkovsky himself from his Infinite Deadlock: http://samisdat.com/3/311-114.htm
In the same way, his brain swelled until quantity turned into quality, and his brains shrunk as unnecessary. Now Galkovsky can explain everything at once with a page of text. As they say, simplicity will save the world.
It is from this side that it is interesting to see how Galkovsky grew and developed. Well, besides, he had a nice conversation with Krylov and Kholmogorov, not realizing that they were writing an endless flame for “Kozlochkov” for a salary in the KGB.
It would be great to also find the “broken compass” with other goodies.
I haven't read much yet, but I already liked the accuracy.
"We looked at the main capabilities and features of the review book component and began to review its settings. In this article, we will finish looking at the extension options and talk about spam protection.
Options that have tooltips in Russian will not be considered. Only the most interesting, important, and, in my opinion, not entirely clear settings will be considered.
ViewThe settings on this tab (picture below) relate to guest book entries (messages) left by users and responses to these entries (comments) left by the site administrator.
The numbers in the list below correspond to the numbers in the picture above. By enabling/disabling the corresponding options, you show/hide certain elements of posts and comments.
Let's look at the remaining options.
- Show Messages. If this option is disabled (selected No), then the Joomla review book will not display any entries, but only the form. In essence, the book will simply become a form of feedback.
- Show comments. You can completely hide comments on posts. They are outlined in blue in the picture above.
- Pagination. Activates the division of book entries into pages if there are many of them.
- Default page numbering. Indicates how many records should be displayed on one page.
- Pagination (Messages). You can set the values that will appear in the drop-down list (No. 9 in the figure above). Essentially, this is setting up pagination (page navigation).
- Enable Cache. If you have activated the use of a cache in Joomla's general settings, by enabling this option, add pages with guest book entries to the site's cache. This can reduce server load and increase page loading speed for users. I recommend using this option. It is worth noting that caching may result in entries in the guestbook not appearing immediately after they are published (depending on the cache).
This is one of the first five tabs (picture below) of the Phoca Guestbook settings, dedicated to security (spam protection). It is mainly aimed at identifying prohibited content in Joomla guestbook reviews using the components itself and according to your rules.
Options that have tooltips in Russian will not be considered.
For some options the following parameters are available:
- Save. If a message contains something prohibited, it will be saved in the site's database.
- Publish. If a message contains something prohibited, it will be published on the site.
- Pre-moderation. If a message contains something prohibited, it will be saved in the site's database, but will not be published until it is checked by a moderator who will make an appropriate decision.
- Reject. If a message contains something prohibited, it will not be saved in the site's database.
Please note that it is possible to “overlay” the operation of certain safer options within all component settings. For example, the publication status may depend on the option Pre-moderation on the tab Basic .
Option Enable HTML sanitization allows you to automatically remove all prohibited\unsafe HTML tags from Joomla 3 guestbook entries.
Content checkThe options on this tab allow you to configure the integration of Phoca Guestbook Joomla and anti-spam services Akismet, Mollom. The services analyze messages that users leave in the guest book. If these messages look like spam, one of the actions you specify in the option will be taken Block SPAM (Content Check). The actions are similar to the parameters of the same name described above in the subsection Safety. If selected No (Prohibited), then spam checking will not be performed using these services.
You can disable one of the services. You need to register on antispam service websites and receive the appropriate keys, which must be entered into the appropriate fields on this tab (picture above).
It is also worth noting that as of September 20, 2015, there are limits for free service accounts:
- Akismet – up to 50,000 checks per month. Approximately 1666 checks per day.
- Mollom – up to 50 checks per day. Approximately 1500 checks per month.
I have been using Akismet to protect comments on my website for over 2 years now. So far I haven't noticed any problems.
Please note that the use of these services may slow down the process of sending an entry to the guest book, since the message is first sent to the servers of these anti-spam services, where it is processed, and the result of the check is sent back. If the connection between your site and the service is overloaded, or the service itself is overloaded, then there may be a time delay from the moment the user clicks the “Submit” button until your site reacts in some way.
IP Address CheckOn this tab (picture below) you can configure the integration of the review book with anti-spam services, which detect spam based on an analysis of the IP address from which the entry is added to your website. There are three services available in which you need to register and receive the appropriate keys. You don't have to register (or use) all three services. You can experiment and determine the most effective one for you.
You can set various actions in cases when anti-spam services detect something (option Banned IPs). The actions are similar to the parameters of the same name described above in the article.
It is also possible to set a list of prohibited IP addresses manually - option IP blocking.
In Phoca Guestbook on the tab (picture below) There are many options for adding a captcha to the form for submitting entries to the review book. Based on my own experience, I can say that captcha is a very inconvenient element for visitors to your site. I recommend using it only when absolutely necessary. When nothing else helps or there are no funds to implement more convenient for visitors protection of your site from spam.
On my website, I don’t use captchas in comments, newsletter subscription forms, and personal messages. I only use this during registration and on the feedback page. I plan to abandon captcha for registration in the near future if I can find a suitable alternative. But I’ll leave it in contacts, since I prefer to correspond with visitors either in comments or in private messages. There are a number of reasons for this (letters from the form come to me by email):
- A lot of messages arrive in mailboxes. It is not always convenient to search for certain email chains.
- The likelihood of a message ending up in the Spam folder. There were cases when users did not find letters for this reason.
- I respond to personal messages and comments on articles much faster for technical and organizational reasons.
- There were cases when users deleted email chains containing information they needed.
You can add one or more of the following captchas: reCAPTCHA, EasyCalc, Math Captcha, TTF Captcha, Mollom Captcha, hnCaptcha, Joomla default captcha. For some of them there are settings (picture above). I note that adding several captchas is an extreme measure. Especially for sites with low traffic and user activity.
To use, for example, reCAPTCHA, keys are needed. You can get them for free at captcha website.
First, let's look at those methods (settings) that do not or minimally affect the usability of your Joomla review book. But in my opinion they provide less automation and overall anti-spam protection. It is understood that the recommendations below apply in cases where entries can be left by any users (including unregistered ones).
Please note that adding a large number of values to fields such as: Prohibited words, Prohibition of whole words, Indicator words for prohibiting links and so on, can increase the size of the Phoca Guestbook database table, slow down its overall performance, and slow down the process of sending records to the book. For example, I tried adding a list of several thousand words (profanity) and adding a comment took a very long time. This was not with Phoca Guestbook, but I think that this problem may also appear for this component.
The methods listed below are worse in terms of ease of use than those described above, but are more effective and work automatically. They should be used in combination with the above list, as an addition.
Please note that you can use any combination of the above methods.
I also strongly recommend taking care of the general protection of your site. If you are interested in this topic, then check out the series of articles on protecting the Joomla website. Here is the first (of 12) part. Also consider something like RSFirewall.
To display reviews on the site (in the front part) and the form for adding them, use the menu item Guest book(picture below). It can be created in the Joomla Menu Manager, just like any other menu item.
All options “unique” for this component, available when setting up a menu item, are divided into five tabs. Most of the options are similar to those discussed in this and the previous article for the component itself. Let's look at the most interesting, in my opinion, parameters. Also, we will not touch on the settings that are the same for all types of Joomla menu items.
On the tab Menu item(picture above) in the drop-down list Selecting a guest book You can specify the book that you want to display when you click on this menu item. Book creation is discussed in the previous article “Phoca Guestbook Review. Joomla Guestbook".
On the tab (picture below) there are options that allow you to change the color design of the book. If this is disabled, the stylesheet settings of your site template will be used.
You can read more about various Joomla templates and working with them in this section.
Please note that the global (general) settings of Phoca Guestbook Joomla have less priority in cases where a specific menu item has its own settings (if they are different).
As you can see, the component is very functional and flexible in terms of settings. I think that, combined with a wide range of anti-spam options, this free review book component for Joomla 3 will be useful to anyone looking for a similar extension.
One day, my friend asked me to test his website for security.
Naturally I agreed. After scanning the ports, I realized what I needed to look for
hole in the scripts. Which is what I did. But as luck would have it, I couldn’t find anything. On
There are practically no scripts on the site, and those that exist are protected. My attention
I was attracted by the guest book. The fact is that all the scripts on the site were written
by the author, but not by the guest! This was the script of the very popular guest Sad
Raven's Guestbook. Tested the script for popular errors
- not fate, all input parameters
filtered... Then I downloaded the sources and began
figure it out.
The guest room consists of 2 modules,
administration and itself
guest room We are interested in administration...
Almost immediately I realized that the password
stored in encrypted form (MD5).
if (file_exists("passwd.dat") &&
$QUERY_STRING != ""):
require("passwd.dat");
if (!isset($alogin) || md5($pass) != $Password[$alogin] ||
!isset($Password[$alogin])):
The password is stored in the passwd.dat file. Opening this
file in the browser, I saw:
All that remained was to decrypt the password. This
done with md5indide software. For hacking
you need to create a text document and
enter the following into it:
$Password["root"] = "7e0c76b830931fc0eca7e69a4a2574db";
Next, this file is opened in md5inside and
deciphered The highest percentage gives
search through the dictionary. 20 minutes later I had
admin password. If you think that I
only got edit access
messages, then you are very mistaken. I could
edit design! I came to this section
and saw that you can edit two files
- header.inc.php and footer.inc.php . Both are responsible for the view
Guest. So, both of them have extensions themselves
see what.
First file:
Guest book
>
It might be useful to read:
- One Minute Manager - Kenneth Blanchard, Spencer Johnson One Minute Manager Kenneth Blanchard and Spencer Johnson;
- Production labor standards: types and calculation methods Calculation of time to complete work;
- Thread image Unified system of design documentation;
- Letters to yourself: why write them and what discoveries they can lead to;
- Registered letter dti - what is it How dti stands for;
- Business on government procurement for small enterprises;
- Military pensioners for Russia and its armed forces;
- Chemical milling (contour etching);