Community Forum

Please read the intro before joining/posting. Thank you.

If you have questions about our software, chances are this forum has the answers.

You'll need to register before you can post on the forum to ask your question or to answer another one. A reply will be posted to each and every question that is asked so there is no need to double post or bump your post. We'll do our best to answer promptly, but in some cases it may take a day or two. If you bump your post, it may be removed. Bear with us and we'll get your question answered quickly.

Here are a few tips to help you to get your questions answered more rapidly.

IMPORTANT: Posts in English only. We don't employ translators and we'll be unable to understand your message properly and will probably delete it.
SOFTWARE: Each software has it's own forum. Software here is NOT supported. Posts about this software will be deleted. Supported software questions ONLY please.
SEARCH: Use the search option to see if your question has been answered on the forum before now or if there is an answer in the documentation of your software.
PERSONAL SUPPORT: If you have purchased a commercial version of any software, using the contact option at the licence centre ensures a faster response.
AUTO DELETION: Accounts older than 5 days, with no posts or topics, are automatically deleted. Only register if you are thinking of posting.
LINKS: Any links posted are not clickable (to deter spammers) and must be copied / pasted into your browser address bar.

            

You are not logged in.

SpamPosts in the Maian Responder forum by RigPa
RigPa
11-09-2022 13:23:53

I am getting totally spammed. Are there any other way than CleanTalk? Is it possible to use Google Captcha?

maiandavid
12-09-2022 03:21:00

If you use the 'post' or 'get' form options you can create your own form with any spam protection. Just change the form action to point to your check location that does the tests and when it passes the checks post it to the responder location.

<form method="post" action="yourcheckpage.php">

    <label>Enter First Name:</label>
    <input type="text" name="nm" value=""><br><br>

    <label>Enter Last Name:</label>
    <input type="text" name="nm2" value=""><br><br>

    <label>Enter Email Address:</label>
    <input type="text" name="em" value=""><br><br>

    <input type="hidden" name="cid" value="xx">
    <input type="hidden" name="mthd" value="post">
    <button type="submit">Submit</button>

  </form>

When all checks have passed post to your responder 'signup.php' page.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
05-10-2022 16:22:16

Someone - a script, hacked the responder and sent out 8.000 spam mails. I am sure they did not guess the password. How can I stop bots from reading the files? Which directories and what attributes are needed?

RigPa
05-10-2022 16:44:24

Mails are sent from the responder:

Mail delivery failed: returning message to sender
Contact photo
From Mail Delivery System on 2022-10-05 18:34
Details Plain text
Part 3.eml
(~2 KB)
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  shary.harding@fpbe.net
    host nirvana.admins.ws [217.23.49.208]
    SMTP error from remote mail server after RCPT TO:<shary.harding@fpbe.net>:
    553 Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3 - See:
    http://www.uceprotect.net/rblcheck.php?ipr=144.76.115.20
Reporting-MTA: dns; cp05.nordicway.dk

Action: failed
Final-Recipient: rfc822;shary.harding@fpbe.net
Status: 5.0.0
Remote-MTA: dns; nirvana.admins.ws
Diagnostic-Code: smtp; 553 Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3 - See: http://www.uceprotect.net/rblcheck.php?ipr=144.76.115.20
From    The Passionate Blogger
To    ? Alice want to meet you! CLICK HERE: http://www.kitframe.com/uploads/go.php?z5t ? 20fhig
Date    Today 17:54
Hi ? Alice want to meet you! CLICK HERE: http://www.kitframe.com/uploads/go.php?z5t ?




----------------------
Self Hosted Autoresponder System. Powered by Maian Responder

maiandavid
06-10-2022 09:08:15

Ideally you need to identify where the attack generated from. Are your signup forms protected?

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
08-10-2022 21:33:34

The signup is integrated on a WordPress page with no smtp info. But it is clear that they had access to connect.php. From there they had access to the database.

maiandavid
10-10-2022 09:01:59

Are you sure the Wordpress installation didn't cause the problem? It's famous for vulnerabilities. lol.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
10-10-2022 13:57:22

Yep. But WP passes control to Maian Responder and there is only ONE place to find the login info to the Maian database: \control\connect.php. I set the attributes to 600 on that directory and changed password and so far, the mail sending has stopped. Is it ok to set this dir to 600? Or would it be accidental if it works?

RigPa
15-10-2022 14:36:21

I am by no means a PHP expert but I think I made it all the way through the captcha function and I get a 0.9 score back with a manual sign-up. Right after that, I need to pass mail and name to the maian responder (POST) but I can't make that post work. Can't even find something similar on the net.

Do you have a suggestion for a POST action to the signup.php? I'm kinda stuck there.

(Every single signup form on the entire Internet is spammed today so I honestly think this spam check should be part of Maian Responder.)

maiandavid
16-10-2022 17:02:20

I don't think 600 will work for the public html area. The sign up form is something you create yourself, and in many cases the form exists on another domain, so adding spam controls would mean installing other plugins etc. You should create the spam controls yourself before the data is passed to the responder. A spam option is something I'm considering though.

It should be fairly easy o implement if you are using the standard post option. You could protect the form with Askimet for example before it is passed:

https://akismet.com/

Or use Google captcha? The best way might be an ajax form that does all the checks, then you use Curl to post the data to the responder.

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
29-10-2022 19:11:57

Akismet is far from enough. I hope Google Captcha is more efficient. My responder is bombarded with hundreds of signups every day and it is unusuable until I make GC work.

So far I get a return code from GC and I need to post the variables from the form (nm, nm2 & em) but I can't figure out how. I can't get those 3 variables picked up from the form and can't find anything on Google that can do that.


<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Google reCAPTCHA v3</title>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.2/css/bulma.min.css">
    <script src="https://www.google.com/recaptcha/api.js?render=62Lf4eGgiA3AAAAG4PTBv5yOaFw4KKa1436iyC3Ni378FhU"></script>
    <script>
        grecaptcha.ready(() => {
            grecaptcha.execute('6Lf24eGgiAAAA3AL94O3MS5l0O6PNuo7JOEISNL8j4Lb77', { action: 'contact' }).then(token => {
              document.querySelector('#recaptchaResponse').value = token;
            });
        });
    </script>
</head>


<?php // Check if form was submitted:

$myfile = fopen("newfile.txt", "w") or die("Unable to open file!");

    $txt = "start\n";
    fwrite($myfile, $txt);

if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['recaptcha_response'])) {
    // Build POST request:
    $recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
    $recaptcha_secret = '6Lf24eGgiAAAA3AL94O3MS5l0O6PNuo7JOEISNL8j4Lb77';
    $recaptcha_response = $_POST['recaptcha_response'];
   
   
    // Make and decode POST request:
    $recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
   
    $recaptcha = json_decode($recaptcha);

    // Take action based on the score returned:
    if ($recaptcha->score >= 0.5) {  //this works//
                       
            This is where I need to get the vars and put them into the array:
           
            $postParameter = array(
                'nm' => nm,       (Firstname)      <<<------
                'nm2' => nm2,         <<<<----
                'em' => em              <<<-----
            );
           
           
            $curlHandle = curl_init('https://passionblogist.make-it-count.dk//signup.php');
            curl_setopt($curlHandle, CURLOPT_POSTFIELDS, "var1=em&var2=nm&var3=nm2");       <<<<--------------- OR HERE
            curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

            $curlResponse = curl_exec($curlHandle);
            curl_close($curlHandle);   
       
    } else {
            $errors = $resp->getErrorCodes();
           
    }
   
} ?>


<body>
    <section class="section">
        <div class="container">
            <div class="columns">
                <div class="column is-half">
                    <form method="POST">
                        <h1 class="title">
                            reCAPTCHA v3 example
                        </h1>

                        <div class="field">
                            <label for="name" class="label">Name</label>
                            <div class="control">
                                <input type="text" class="placeholder" div="ph" class="pl" name="nm" placeholder="First Name" required><br>
                            </div>
                        </div>
                       
                              <div class="field">
                            <label for="name2" class="label">Name2</label>
                            <div class="control">
                                <input type="text"  class="placeholder" div="ph"  class="pl" name="nm2" placeholder="Last Name" required>><br>
                            </div>
                        </div>

                        <div class="field">
                            <label for="email" class="label">Email</label>
                            <div class="control">
                                 <input type="email"  class="placeholder" div="ph"  class="pl" name="em" placeholder="Email" required><br>
                            </div>
                        </div>

                        <div class="field is-grouped">
                            <div class="control">
                                <button class="button is-link">Send Message</button>
                            </div>
                        </div>

                        <input type="hidden" name="recaptcha_response" id="recaptchaResponse">
                    </form>
                </div>
            </div>
        </div>
    </section>
</body>
</html>



Captcha codes are modded.

maiandavid
02-11-2022 10:06:19

What do you see if you log the post response to a file?

file_put_contents('path_to_log.txt', print_r($_POST, true), FILE_APPEND);

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
21-11-2022 14:37:20

Its weird. I posted a week ago and did see the post a few days ago when I checked. I also saw it 3 minutes ago but now it is gone. So I try again:


Thanks! That helped somewhat :-)

Array
(
    [nm] => jjj
    [nm2] => kkk
    [em(ail)] => f@gmail.com       (get this errmsg when posting submitting this text: was found without a matching
    [recaptcha_response] => 03AEkXODBvfMUVHvL13avlA_jRlDM1g5hLoEcXfLhQSVa84GQS5xYIDMd85oSch8BTwAn0zeaX4CjSV1sOj7tSgXnyO7ENQVGXRCvCSWxRU0HUc22NIQwPPalg9xSdfqXpK6LvGn0o0l1A4SHhHbeLYrOSprYduSMy4637ggcMRAWvCWpBC5QJ7THNnNEhQmo2k7nEo-ylrwbGsu4hHJCDSUX3kDq5zyDRI2QPja4FX-
)
(I shortened the captchs_response)

So the data is ok.

But the Post curl gives an error: ["fail","An error occurred, please try again later."]

So I still have to make the POST work. Looks like this now:


            $pp = array('cid' => '1', 'nm' => $firstname, 'nm2' => $lastname, 'em' => $mail);
                       
            $fp = fopen('file.txt', 'w');
            fwrite($fp, print_r($pp, TRUE));
            fclose($fp);
                   
            $curlHandle = curl_init('https://passionblogist.make-it-count.dk/signup.php');
            curl_setopt($ch, CURLOPT_URL,$curlHandle);
            curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $pp);
       
            curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

            $curlResponse = curl_exec($curlHandle);
            curl_close($curlHandle);
           
I dunno about the list number...?

RigPa
21-11-2022 14:39:12

I couldnt write sqrbracketstart em sqrbracketend in previous post   - forum synthax square brackets kinda ruins the PHP code

maiandavid
30-11-2022 03:33:07

Is there anything else in the logs folder when it fails? Any other errors?

David - Lead Developer/Programmer
www.maianmedia.com
RigPa
05-12-2022 11:28:04

From WP log:

[05-Dec-2022 12:08:17 Europe/Copenhagen] PHP Warning:  curl_setopt() expects parameter 1 to be resource, null given in /home/lukparke/passionblogist.com/contact.php on line 82


My own log:
start of log
RC=0.9 (RC from Google)
before POST
AndyMcPhersonAndy@gmail.com   
After curl:
["fail","An error occurred, please try again later."]



POSTed array - which fails:
Array
(
    [cid] => 1
    [nm] => Andy
    [nm2] => McPherson
    (em) => Andy@gmail.com                        ------------- (substituted parenthesis because of BB code on the forum)
)

Nothing in the Maian log files


The part that fails: (line 82)
80: $pp = array('cid' => '1', 'nm' => $firstname, 'nm2' => $lastname, 'em' => $mail);
81: $curlHandle = curl_init('https://passionblogist.make-it-count.dk/signup.php');
82: curl_setopt($ch, CURLOPT_URL,$curlHandle);                                <<<<<<<<<<<<<<-------- Error
83: curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $pp);
84: curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
85: $curlResponse = curl_exec($curlHandle);
86: curl_close($curlHandle);

Seems the curl post is bad. The parameter string is probably wrong...

100% Free SoftwareSoftware Versions, Development, Docs & UpgradesHostingNewsletter
Made with in the U.K & Hong Kong

Free PHP Software / Responsive PHP Scripts / Lightweight PHP Software / White Label PHP Software