JTC Anti-Spam|Anti-Hacker

[AITpro Admin]

JTC Anti-Spam|Anti-Hacker Help Info

JTC Anti-Spam|Anti-Hacker protects all WordPress Forms (Login, Registration, Lost Password, Comments), BuddyPress, bbPress (Login, Registration and Activation) and WooCommerce Forms (Login and Registration) againts SpamBot and HackerBot Brute Force Login attacks. 99% of all hacking and spamming is automated with HackerBots and SpamBots. JTC prevents constant and repeated User Account lockouts caused by HackerBots and SpamBot Brute Force Login attacks. JTC also prevents HackerBot and Spambot auto-registrations, auto-logins, auto-posting and auto-commenting.

Forum Help Links:
Xternal Tools (XTF) Guide
Trackback Spam Protection
Comment Form CSS Code Styling Examples

If you forget what the CAPTCHA is and cannot login to your website use the BPS Pro Xternal Tools (XTF) Form (see Forum Help Links at the top of this Question Mark help window) to Turn Off JTC. Login to your website, go to the BPS JTC page, correct the CAPTCHA and turn JTC back On.

JTC Anti-Spam|Anti-Hacker Setup Steps
1. Enter a user friendly CAPTCHA in the JTC CAPTCHA text box.
2. Copy and paste the CAPTCHA you entered in the JTC CAPTCHA text box into the JTC ToolTip text box.
3. Either keep this default text “Hover or click the text box below” that will be displayed on all your forms or edit this text and add the message you want to add.
4. Select Turn On JTC Logging if you would like to log blocked attempts by spammers and hackers.
5. Choose the forms where you want your CAPTCHA displayed.

General Info about JTC Anti-Spam|Anti-Hacker
JTC Anti-Spam|Anti-Hacker provides website security protection as well as website Anti-Spam protection. JTC Anti-Spam|Anti-Hacker is user friendly Anti-Spam/Anti-Hacker Protection. You can customize and personalize your JTC ToolTip message and CAPTCHA to match your website concept.

JTC Anti-Spam|Anti-Hacker Security/Spammer Protection:
• Hacker Protection
• Spammer Protection
• DoS/DDoS Attack Protection
• Brute Force Login Attack Protection
• SpamBot Trap

Hacker, Spammer, DoS/DDoS & Brute Force Login Protection Explained
JTC Anti-Spam|Anti-Hacker is specifically designed to stop all Form processing if an invalid CAPTCHA is entered or the SpamBot Trap is triggered.

What this means is auto-posting Hacker/HackerBot and Spammer/SpamBot programs/software/applications/user agents cannot overload your Website with Brute Force Login attacks, DoS/DDoS attacks or other Request attacks auto-posted to Forms on your website since HackerBot/SpamBot Requests are stopped before Form processing is allowed to continue to connect to your WordPress Database and process the Form Request – the HackerBot/SpamBot Request resource usage would be insignificant and would not negatively impact your Website resources.

NOTES:
99% of all comment spam is automated using SpamBots and is not done by human spammers. JTC Anti-Spam|Anti-Hacker is 100% effective at stopping HackerBot and SpamBot auto-Registrations, auto-Logins & auto-Posting.

Trackback/Pingback Spam:
The WordPress Trackback feature allows someone to post a comment directly to your website from another website without registering or logging into your website or using your comment form, even if you require that all user’s have to register and login to your website in order to post comments. Since Trackbacks do not use any of the WordPress Forms and are posted directly to your site then JTC cannot prevent Trackback Spam comments that are directly posted to your website. We have created a solution for Trackback Spam (see Forum Help Links at the top of this Question Mark help window). NOTE: If you are using JetPack then you may still get Trackback Spam even after using the Bonus Custom Code. This is not 100% confirmed, but it looks like that is the case. You can either choose to ignore the Trackback Spam or you can delete the wp-trackback.php file. The wp-trackback.php file only does one thing: allows Trackback comments to be directly posted to your website.

JTC CAPTCHA:
This is the CAPTCHA that users will enter to Register, Login or post Comments on your website. You can use any numbers or characters and spaces in the CAPTCHA. You can even use HTML code characters except for these HTML code characters: < > ‘ ” &. You can use a phrase for the CAPTCHA or it can be a single word or you can use your own original combination of words, numbers and HTML characters.

NOTE: It is recommended that you make your CAPTCHA user friendly, simple, clear and easy to understand for your users.

Example CAPTCHA’s:
B4today, Jack and Jill, $$$Money$$$, (-)^(-), ***Your Website Name***, Xfactor, spam free zone, spammers suck, etc.

Examples of CAPTCHA’s that you should not use:
A mathematical number or a common word in the dictionary. Spambots are designed to try numbers and common words in a dictionary. You could of course use a common word in the dictionary and add a number to it – blue88, which would make this a very random CAPTCHA, but still very user friendly.

JTC ToolTip:
This is the jQuery ToolTip message that is displayed to users when they hover or click on the CAPTCHA text box. This is where you will tell your users what they need to enter for the CAPTCHA. It can be a phrase, complete this sentence, a Hint or simply just Type/Enter: xxxxx or you can get as creative as you want to get with your jQuery ToolTip. Randomness is what makes a CAPTCHA very effective. JTC is designed with CAPTCHA randomness capability as one of its primary features.

JTC Title|Text:
This is the text that is displayed to users above the CAPTCHA text box/Form Field. You can use the Color Picker to change the color of the text that is displayed. You can choose to make the text bold by clicking the Bold checkbox.

JTC Title|Text After:
This is additional text that is displayed after the JTC Title|Text. You can use the Color Picker to change the color of the text that is displayed. You can choose to make the text bold by clicking the Bold checkbox.

JTC Logging:
Turn On or Turn Off JTC logging. JTC log entries are logged in the BPS Pro Security Log file. The JTC log entries include the Form name for whichever Form the CAPTCHA was not successfully entered, CAPTCHA value that was entered, BOT/HUMAN value, Username/Display Name (Comment Form only) and all the other standard Security Log entry values/fields.

Enable JTC for WooCommerce:
Check this checkbox if you have the WooCommerce plugin installed if you would like to use BPS JTC on the WooCommerce custom login page. BPS JTC will still continue to work normally on the standard WordPress Forms: Login, Register, Lost Password, Comment, BuddyPress Register and BuddyPress Sidebar Login Forms when you check this checkbox. This checkbox option setting is not for turning JTC On or Off if you are using WooCommerce. Use the JTC Enable|Disable JTC For These Forms option checkboxes to enable or disable JTC on each of your Forms.

Enable|Disable JTC For These Forms:
Checking a Form checkbox will display a CAPTCHA on that Form to all users. Unchecking a Form checkbox will remove the CAPTCHA on that Form for all users. The Comment Form is a special case and the CAPTCHA can be displayed based on the User Roles that you choose. See the Comment Form help section below.

Comment Form: (only applies if Comment Form CAPTCHA is enabled/checked)
Enable|Disable JTC For These Registered/Logged In User Roles:
Users must be logged into your website for the Comment Form User Roles to work. If you do not require that users are registered and logged in to post comments on your website then these JTC options will not have any effect. These options are ONLY for registered and logged in users and ONLY for your Comment Form if you are using this WordPress Discussion setting: Users must be registered and logged in to comment. If you do not want to require that users are registered and logged in to comment then the JTC Comment Form CAPTCHA will still work as long as you have this WordPress Discussion setting checked: Comment author must fill out name and email.

Checking a User Role checkbox will display a CAPTCHA to all users with that User Role on your website’s Comment Form. Unchecking a User Role checkbox will remove the CAPTCHA from displaying to users with that User Role on your website’s Comment Form. If your website is using/has Custom User Roles, your Custom User Roles will be displayed in a scrollable box below the standard WP User Roles: Administrator, Editor, Author, Contributor, Subscriber.

Login, Register, Lost Password, Multisite, BuddyPress and WooCommerce Forms: CAPTCHA Error message:
The Default JTC Form CAPTCHA error message is: ERROR: Incorrect JTC CAPTCHA Entered. You can change or add to the default error message. This error message applies to all Forms except for the Comment Form CAPTCHA error message.

Comment Form: CAPTCHA Error message:
The Default JTC Comment Form CAPTCHA error message is: ERROR: Incorrect JTC CAPTCHA Entered. Click your Browser’s back button and re-enter the JTC CAPTCHA. You can change or add to the default error message. This error message only applies to the Comment Form CAPTCHA error message and does not affect or change any of the other Form CAPTCHA error messages.

Comment Form: CSS Styling
You can position the JTC Title|Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes. By default the position of the JTC Title|Text label and the JTC CAPTCHA Form Input text box is below your Comment Form submit button. For CSS code styling examples (see Forum Help Links at the top of this Question Mark help window).

Comment Form Label:
This is the JTC Title|Text label above the Form Input text box.
Comment Form Input Text Box:
This is the JTC CAPTCHA Form Input text box.

Additional Brute Force CAPTCHA Option:
If you do not allow anyone else to log into your website then here is an example of how JTC Anti-Spam|Anti-Hacker could be used as an additional Brute Force Login Protection feature.

Example: You create a JTC CAPTCHA: My Example CAPTCHA, you either leave the JTC ToolTip: text box blank or you create a Hint for yourself – JTC ToolTip: My Example Hint. If your JTC ToolTip: text box is blank then the CAPTCHA will not be displayed – only you will know what the CAPTCHA is. If you create a personal Hint for yourself then only you will know what the answer to the Hint is.

Encryption|Decryption ModSecurity CRS Bypass
ModSecurity CRS is a security feature installed on some web hosts. ModSecurity CRS sees the legitimate CSS code in the option settings as malicious and will prevent you from saving your option settings. When trying to save your option settings you may see an error message or you may be redirected to your website Home page or nothing happens or other various problems. To evade/bypass ModSecurity CRS click the Encrypt JTC Code button before clicking the Save Options button. Your option settings are encrypted in the POST Form submission and then decrypted in the Form processing code. That means that your option settings are only encrypted temporarily during Form submission to bypass/evade ModSecurity CRS detection. The Decrypt JTC Code feature was added as an additional user friendly convenience feature. It allows you to decrypt your CSS code in real time if you already clicked the Encrypt JTC Code button. You can then continue editing your CSS code and then click the Encrypt JTC Code button again when you are done editing your CSS code. Important!!! Do not forget to click the Encrypt JTC Code button before clicking the Save Options button.

Comment Form CSS Styling

You can position the JTC Title/Text Form label and the JTC CAPTCHA Form Input text box by editing the CSS in these text boxes. By default the position of the JTC Title/Text label and the JTC CAPTCHA Form Input text box is below your Comment Form submit button.
Default CSS: position:relative;top:0px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;

Position the JTC Title/Text and JTC CAPTCHA Form Input text box parallel to the Post Comment or Submit Comment button and resizing the Form Input text box to a 230 pixel width:
Comment Form Label: The JTC Title/Text above the Form Input text box
position:relative;top:-84px;left:165px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;
Comment Form Input Text Box: The JTC CAPTCHA Form Input text box
position:relative;top:-84px;left:165px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;width:230px;

Positioned parallel to the Comment Form Submit button

Position the JTC Title/Text and JTC CAPTCHA Form Input text box above the Comment Form and resizing the Form Input text box to a 230 pixel width:
Comment Form Label: The JTC Title/Text above the Form Input text box
position:relative;top:-520px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;
Comment Form Input Text Box: The JTC CAPTCHA Form Input text box
position:relative;top:-520px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;width:230px;

NOTE: Edit your Theme’s style.css stylesheet to create a gap for the JTC Title/Text and JTC CAPTCHA Form Input text box.
In this example I commented out the existing CSS in the style.css file for the 2014 Theme Comment Form label and then created a 80 pixel gap/margin for the JTC Form Input text box.

/*
.comment-form label {
	display: block;
}
*/
.comment-form label {display:block;margin-top:80px;}

Positioned above the Comment Form

Position the JTC Title/Text and JTC CAPTCHA Form Input text box above the Form Submit button:
Comment Form Label: The JTC Title/Text above the Form Input text box
position:relative;top:-150px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;
Comment Form Input Text Box: The JTC CAPTCHA Form Input text box
position:relative;top:-150px;left:0px;padding:0px 0px 0px 0px;margin:0px 0px 0px 0px;

NOTE: Edit your Theme’s style.css stylesheet to create a gap for the JTC Title/Text and JTC CAPTCHA Form Input text box.
In this example I edited the existing CSS code in the style.css file for the 2014 Theme Comment Form buttons and added a top margin of 70px pixel gap/margin for the JTC Form Input text box.

/* Buttons */
button,
.button,
input[type="button"],
input[type="reset"],
input[type="submit"] {
background-color: #24890d;
border: 0;
border-radius: 2px;
color: #fff;
font-size: 12px;
font-weight: 700;
padding: 10px 30px 11px;
text-transform: uppercase;
vertical-align: bottom;
margin-top:70px;
}

Positioned above the Form Submit button

• This topic was modified 2 years, 4 months ago by AITpro Admin.
• This topic was modified 2 years, 4 months ago by AITpro Admin.
• This topic was modified 2 years, 4 months ago by AITpro Admin.
• This topic was modified 2 years, 1 month ago by AITpro Admin.
• This topic was modified 2 years, 1 month ago by AITpro Admin.
• This topic was modified 2 years, 1 month ago by AITpro Admin.

[Andre]

Hi !

Cool feature, cause I want Askimet not running, costs money.
Questions:
Does it run on repsonsive sites without a problem=?
Is it only for forms?
<CHeers– :, Andre

[AITpro Admin]

JTC Anti-Spam hooks into all WordPress and BuddyPress forms using standard WordPress & BuddyPress actions and filters.  So yes it is only for forms.  And I have not tested fully for mobile site issues, but the jQuery ToolTip displays fine when javascript is disabled in a standard Browser so I assume it would still display fine on a mobile device.

[Paul D.]

Hi Edward,

Any plan to integrate JTC in Contact forms ?
Thanks,
Paul

[AITpro Admin]

We use cforms which already comes with a CAPTCHA.  Which contact form plugin are you referring too?  We looked at this briefly, but then put it aside for a later look since this would require hooking into each contact form plugin’s code individually.

[Bill Justesen]

Are there any plans to make it so that different CAPTCHAs can be entered on different forms? Such as one for the Login form versus one for the Comment form?

[AITpro Admin]

Never even thought of that.  Not sure why that would be any better, but maybe I am missing an idea here.  Why would having different CAPTCHA’s be beneficial?

[oleg]

Hello,

I activated JTC-Anti spam on login form, but after logout i can’t login cause of Incorrect Captcha.
It is possible to disable the captcha in Database?

Thank you

[AITpro Admin]

FTP to your website or use your host control panel file manager and rename the /bulletproof-security plugin folder to /__bulletproof-security.
Log into your site.
Rename the /__bulletproof-security plugin folder back to /bulletproof-security.
Go to JTC Anti-Spam / Anti-Hacker and add/enter the CAPTCHA that you want to use.  Be sure to enter the same CAPTCHA value in both the JTC CAPTCHA and JTC ToolTip text boxes

[Kouichi Sugawara]

Hi AITpro

JTC Readme says:
DoS/DDoS attacks or other Request attacks auto-posted to Forms on your website since HackerBot/SpamBot Requests are stopped before Form processing is allowed to continue to connect to your WordPress Database and process the Form Request.

RSS-Feed Button Attack/DDoS:
I have RSS Feed Button Attack before BPS PRO acivated.
In ths case Apache Loggins:

133.242.171.999 - - [08/Oct/2014:08:51:40 +0900] "GET /feed/ HTTP/1.0" 301 -
133.242.171.999 - - [08/Oct/2014:08:51:40 +0900] "GET /feed/ HTTP/1.0" 301 -
133.242.171.999 - - [08/Oct/2014:08:51:40 +0900] "GET /feed/ HTTP/1.0" 301 -
133.242.171.999 - - [08/Oct/2014:08:51:41 +0900] "GET /feed/ HTTP/1.0" 301 -
133.242.171.999 - - [08/Oct/2014:08:51:41 +0900] "GET /feed/ HTTP/1.0" 301 -
・・・Continued / 133.242.171.999 is my Server-IP/maybe xmlrpc.php Attack

This Attack was solved by deactvation of RSS-Feed Button on WordPress Widget.
RSS Feed Button Attack seems to be DDoS Attacks.
Does BPS PRO-JTC solve  this kind of DDoS Attackes ?

[AITpro Admin]

This Bonus Custom Code protects against XML-RPC exploits/attacks:  http://forum.ait-pro.com/forums/topic/wordpress-xml-rpc-ddos-protection-protect-xmlrpc-php-block-xmlrpc-php-forbid-xmlrpc-php/

Feeds are simply just outputted posts/pages in xml format.  Feeds are not attacked as far as I know and have never heard of a Feed being attacked/exploited.  Feeds are scraped or mined though when someone wants to use your Feed content on their website.  That would be more of an SEO or content copying issue and not a security issue.

[Darko]

[Topic has been merged into this relevant Topic]

Hello,

is there some option to put JTX Anti-Spam field before comments, not after comments. People dont see antirobot filed bellow so they press “POST COMMENT” before they notice antirobot field.

[AITpro Admin]

@ Darko – In BPS Pro 10 we will be adding customization options for JTC.  So far the scheduled tasks include:  allowing someone to change any/all CSS from within JTC.  Allow someone to change the location of the JTC Form Input text field.  Allow someone to change the jQuery Animation options.  I have added your request as another scheduled task since I think this is a very good idea.

Currently JTC uses existing hooks in WordPress, BuddyPress and bbPress to position where the JTC Form Input field is displayed.  The most logical position chosen was the default Form position:  to put the JTC Form Input field after all other Form Input fields using the hooks provided by WordPress, BuddyPress and bbPress.

What I believe is possible (don’t hold me to this) is to use CSS Position properties to move the JTC Form Input fields to wherever you want them to be without changing the hooks that are currently being used by JTC.  We are actually doing that method for other similar things in several places on this site and other sites so it is most likely a very simple thing to do.

So to answer your question.  At this time you would have to manually edit this file:  /bulletproof-security/includes/login-security.php and change/edit the CSS properties to change where the JTC Form Input field is displayed.  BPS Pro 10 is still in early development stages so there is no time estimate available for when BPS Pro 10 will be released publicly.

[Paul]

I am just playing before i put on live site on localhost, should the jtc work on that environment, as i have it enabled but i can login without filling it in?

[AITpro Admin]

JTC works exactly the same on a Local XAMPP, MAMP, WAMP, LAMP servers as it does on a Live hosted website/server.  If you are able to login without adding the CAPTCHA then either the CAPTCHA is blank / you have not setup JTC completely/correctly or you have another login or membership plugin installed/activated that is overriding JTC.

[Author]

Posts