changed some things for better spam protection

src/Hackspace/Bundle/CalciferBundle/Controller/EventController.php

@@ -156,16 +156,17 @@ public function createAction(Request $request)
     {
         $entity = new Event();
 
-        $em = $this->saveEvent($request, $entity);
-
-
-        $errors = $entity->isValid();
-        if ($errors === true) {
-            $em = $this->getDoctrine()->getManager();
-            $em->persist($entity);
-            $em->flush();
-
-            return $this->redirect($this->generateUrl('_show', array('slug' => $entity->slug)));
+        if (! $request->get('origin')) {
+            $em = $this->saveEvent($request, $entity);
+            $errors = $entity->isValid();
+            if ( $errors === true ) {
+                $em = $this->getDoctrine()->getManager();
+                $em->persist($entity);
+                $em->flush();
+                return $this->redirect($this->generateUrl('_show', array('slug' => $entity->slug)));
+            }
+        } else {
+            return $this->redirect($this->generateUrl(''));
         }
 
         return array(
@@ -284,16 +285,18 @@ public function updateAction(Request $request, $slug)
             throw $this->createNotFoundException('Unable to find Event entity.');
         }
 
-        $em = $this->saveEvent($request, $entity);
 
 
         $errors = $entity->isValid();
-        if ($errors === true) {
+        if ($errors === true && (! $request->get('origin'))) {
+            $em = $this->saveEvent($request, $entity);
             $em = $this->getDoctrine()->getManager();
             $em->persist($entity);
             $em->flush();
 
             return $this->redirect($this->generateUrl('_show', array('slug' => $entity->slug)));
+        } else {
+            return $this->redirect($this->generateUrl(''));
         }
 
         return array(

src/Hackspace/Bundle/CalciferBundle/Controller/RepeatingEventController.php

@@ -178,6 +178,9 @@ private function fillEntity(Request $request, RepeatingEvent $entity)
 
     private function saveRepeatingEvent(Request $request, RepeatingEvent $entity)
     {
+        if ( $request->get('origin')) {
+            return false;
+        }
         $location = $request->get('location');
         $location_lat = $request->get('location_lat');
         $location_lon = $request->get('location_lon');

src/Hackspace/Bundle/CalciferBundle/Resources/assets/css/events.scss

@@ -34,4 +34,13 @@
     margin-top: 0;
     margin-bottom: 0;
   }
-}
+}
+
+.oos {
+  position:absolute;
+  left:-10000px;
+  top:auto;
+  width:1px;
+  height:1px;
+  overflow:hidden;
+}

src/Hackspace/Bundle/CalciferBundle/Resources/views/Event/event_form.html.twig

@@ -147,7 +147,22 @@
                 </div>
             </div>
         </div>
+        <div class="field oos">
+                <label class="control-label required" for="event_origin">Origin</label>
+                <div class="ui icon input" title="Origin URL (Screenreader: bitte leer lassen)">
+                    <input type="text"
+                           name="origin"
+                           id="event_origin"
+                           maxlength="255"
+                           value="{{ entity.origin|default('') }}"
+                           class="form-control">
+                    <i class="icon globe"></i>
+                    <div class="ui corner label">
+                        <i class="icon asterisk"></i>
+                    </div>
+                </div>
+            </div>
     </div>
 
     <input type="submit" class="ui button green" value="Speichern"/>
-</form>
+</form>

src/Hackspace/Bundle/CalciferBundle/Resources/views/RepeatingEvent/repeating_event_form.html.twig

@@ -157,8 +157,23 @@
             <div class="ui label">Du kannst hier kommasepariert <a
                         href="https://en.wikipedia.org/wiki/Tag_%28metadata%29">Tags</a> angeben.
             </div>
+        <div class="field oos">
+                <label class="control-label required" for="event_origin">Origin</label>
+                <div class="ui icon input" title="Origin URL (Screenreader: bitte leer lassen)">
+                    <input type="text"
+                           name="origin"
+                           id="event_origin"
+                           maxlength="255"
+                           value="{{ entity.origin|default('') }}"
+                           class="form-control">
+                    <i class="icon globe"></i>
+                    <div class="ui corner label">
+                        <i class="icon asterisk"></i>
+                    </div>
+                </div>
+            </div>
         </div>
 
         <input type="submit" class="ui green button" value="Speichern"/>
 
-</form>
+</form>

web/.htaccess

@@ -5,9 +5,183 @@
 # to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
 DirectoryIndex app.php
 
+RewriteEngine On
+# Begin HackRepair.com Blacklist
+# Abuse Agent Blocking
+		RewriteEngine on
+#		RewriteCond %{REQUEST_URI} .*\.ics [NC]
+#		RewriteRule ^(.*) app.php [L]
+		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
+#		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
+#		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
+#		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
+		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
+		RewriteRule ^.* - [F,L]
+
+
+# Abuse HTTP Referrer Blocking end
+
 <IfModule mod_rewrite.c>
     RewriteEngine On
-
     # Determine the RewriteBase automatically and set it as environment variable.
     # If you are using Apache aliases to do mass virtual hosting or installed the
     # project in a subdirectory, the base path will be prepended to allow proper
@@ -39,7 +213,76 @@ DirectoryIndex app.php
 
     # Rewrite all other queries to the front controller.
     RewriteRule .? %{ENV:BASE}/app.php [L]
+
+
+
 </IfModule>
+# Start Custom Blocks
+# Bluecoat
+deny from 8.21.4.254
+deny from 65.46.48.192/30
+deny from 65.160.238.176/28
+deny from 85.92.222.0/24
+deny from 206.51.36.0/22
+deny from 216.52.23.0/24
+# cyveillance
+deny from 38.100.19.8/29
+deny from 38.100.21.0/24
+deny from 38.100.41.64/26
+deny from 38.105.71.0/25
+deny from 38.105.83.0/27
+deny from 38.112.21.140/30
+deny from 38.118.42.32/29
+deny from 65.213.208.128/27
+deny from 65.222.176.96/27
+deny from 65.222.185.72/29
+# Cyberpatrol
+deny from 38.103.17.160/27
+# Internet Identity - Anti-Phishing
+deny from 66.113.96.0/20
+deny from 70.35.113.192/27
+# Ironport
+deny from 204.15.80.0/22
+# Lightspeed Systems Security
+deny from 66.17.15.128/26
+deny from 69.84.207.32/27
+deny from 69.84.207.128/25
+# Layered Technologies
+deny from 72.36.128.0/17
+deny from 72.232.0.0/16
+deny from 72.233.0.0/17
+deny from 216.32.0.0/14
+# M86
+deny from 67.192.231.224/29
+deny from 208.90.236.0/22
+# Phish-Inspector.com
+deny from 209.147.127.208/28
+# Prescient Software, Inc. Phishmongers
+deny from 198.186.190.0/23
+deny from 198.186.192.0/23
+deny from 198.186.194.0/24
+# urlfilterdb
+deny from 207.210.99.32/29
+# websense-in.car1.sandiego1.level3.net
+deny from 4.53.120.22
+# Websense
+deny from 66.194.6.0/24
+deny from 67.117.201.128/28
+deny from 69.67.32.0/20
+deny from 131.191.87.0/24
+deny from 204.15.64.0/21
+deny from 208.80.192.0/21
+deny from 212.62.26.64/27
+deny from 213.168.226.0/24
+deny from 213.168.241.0/30
+deny from 213.168.242.0/30
+deny from 213.236.150.16/28
+# End Custom Blocks. Add a couple line breaks below this as well.
+# Block comment spammers and bad bots
+# Add your custom IP block list here. Example format:
+# deny from 4.53.120.22
+# End Block comment spammers, bad bots and some proxies
+# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
 
 <IfModule !mod_rewrite.c>
     <IfModule mod_alias.c>