fbpx
Welcome, Guest
Username: Password: Remember me

TOPIC: Forms: Geolocation and Blacklist filters

Forms: Geolocation and Blacklist filters 1 month 1 week ago #30713

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
Due to the amount of spam I've received via the Forms component in JD Builder, I'd like to see a geolocation lookup, and if the geolocation returns some out of country, then stricter controls are put in place.

I provide a service that only applies within the United States, as I physically need to go any place I'm providing a service for. As such, there are very few cases where a contact would start out from outside the nation due to needing my service after they make a trip. So I don't want to restrict all contact, I just want to put in a few more restrictions.

To me, the following would be grand:
  1. Do an IP geolocation
  2. If IP is in the US (or whatever country specified by site owner), largely let things through and ignore the rest of the list
  3. Tack on a combination of reCAPTCHA and keyword blacklisting
  4. Let things through if it passes the above
  5. If CAPTCHA/keyword fails, fail with a fairly generic error to not simply give away the fact that I'm filtering out all SEO crap

Keyword blacklisting would be grand in general, as I have no desire for emails mentioning "SEO" (unless by doing so, I could know who the sender was, so I could pelt them with rotten fruit).

I don't really like reCAPTCHA due to the fact that v3 works best if you let Google track everything anyone does on your site (and I don't trust them), and v2 makes you wonder if that was a bicycle or a motorcycle far too often. So I'd rather not subject most people using the forms to reCAPTCHA.

80% of the contact form spam I get is both out of nation, and mentions SEO or some drug, so the filter of those would be quite useful to me.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 1 month 1 week ago #30736

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
Hi,

For the moment, we don't have any plans to implement a similar feature in JD builder.

However, I have seen that using something like CloudFlare is really using in these cases, where you can block/restrict access to whole site base on the country of the visitor.

It's a free feature in CloudFlare firewall.

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 1 month 1 week ago #30746

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
Blocking almost the entire world is more than a bit overkill, and there are legit reasons for someone to view the site, even contact me, from out of the US. Requesting things be a bit more restricted is very different from requesting no access.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 1 month 1 week ago #30747

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
Sure, with CloudFlare there are few things you can. There is a JavaScript challenge or you can display a Captcha to users as well.

Read more about it here: support.cloudflare.com/hc/en-us/articles...nd-Challenge-Passage

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 1 month 1 week ago #30750

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
I suppose a bit better, but to simply limit the entire site isn't really what I need, I'm only looking to deal with the forms. The least invasive means to obtain a desired effect.

Although the Form Element Documentation links to an invalid page for Webhook, I did find the video on another thread asking for webhook documentation, and it helps a bit. Even without full allowing of a captcha system just for selective requests, this almost would work, if:
  • On form submit, if response is 200, display the configured success message
  • Otherwise, if there is a payload response on something like a 403, 409, or 422, return this messaging (configurable as to which status codes to pass messaging through on)
  • Provide a general failure message if above conditions not met

This way, joomdev wouldn't be trying to figure out all of the weird scenarios people want to conditionally block on, but could allow the site owner a means of providing useful information to the website user.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 1 month 4 hours ago #30838

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
My apologies for the delay here.

Webhooks aren't the only way people are submitting forms and if we only rely on the webhooks response, it will not send emails or anything else, which users will then think something else is wrong.

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 1 month 28 minutes ago #30841

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
I was intending those conditions only be met if the Submit Options had Webhook as the only hook. If the Webhook doesn't return a 200 code, likely no email would be sent anyway, and so it would be good to inform the front end user that the message didn't go through. If there is a 400 level response, that means the resource was missing or there were issues authenticating/validating what came through. Some 500 level responses may go through.

Consider the case of if a 3rd party service goes down, and the joomdev site owner didn't realize it. The front end user may be trying to send a contact request, but the webhook server is sending a 404 response. That message will not go though, but the front end user just assumes they actually did send out a contact request.

If the JD Builder form is configured to do both a webhook and an Admin Mail, then the mail should continue to go through, even with the 3rd party service being down. So then no message would be required for the front end user.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 4 weeks 20 minutes ago #30871

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
Thanks! I understand the logic and where we are coming from, unfortunately we don't have this feature built in yet. I'll however put this on our internal road as a broad spam protection topic and see what we can come up with in the near future.

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.

Forms: Geolocation and Blacklist filters 3 weeks 5 days ago #30878

  • Kevin589
  • Kevin589's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Thanks for reply and suggest great information this is useful.

RapidFS
Last Edit: 3 weeks 5 days ago by Kevin589.
The administrator has disabled public write access.
Moderators: chandandeep
Time to create page: 0.412 seconds
Cron Job Starts