OpenCart Community

Hi all!
Not sure if this is the right area for this question or not....

Lately in the past couple days my Ocart has been innundated with bogus new customers... they all follow the same rough format so I can detect them as bogus, I've blocked IP's, added an "admin must approve", etc... The IP addresses are all clearly through TOR or similar type thing, many within the 185.202.101.0/24 subnets... I've blocked most IP's...

any thoughts as to how to prevent these bogus new customers from being created? They're created at all times day and night, so it's doubtful it's a manual creation.

Is there any way to limit the phone number to 10 digits, or perhaps force only valid zipcodes for the area?

thanks!
Mike B

I also have the same issue

would you mind posting an example of one of those bogus new customers? either here or PM to me? I'd love to compare notes on these guys

Mike B

did this just start on your site this month as well?

Hi, I am having the same problem, have you any idea how to stop them.

anyone that is having the same problem, can you post a sample of one of those bogus accounts?

Please have a look through the General Support forums for your version.

This has been asked and answered several times now.

my apologies, I didn't see anything in there... I'll dig deeper :-)

I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....

Mike B

exibar wrote: ↑

Thu Feb 15, 2018 5:27 am

I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....

Mike B

Can you let me know too? I'm also on 1.5.6.4 using Journal theme

Thanks

There is an issue in Register page as it ignores captcha. Just try registering, even with Captcha not entered, you will be able to log in. I made the following adhoc changes to restrict the bogus customer. Now one cannot register without entering Captcha. Still, I think, we should improve the solution like, the original code does not validates the captcha, if already exists in session. For spammers, this will be boon and defeat the reason for adding captcha in first place.

1. Add the following line in Index function (around line 50) in catalog\controller\account\register.php

if (isset($this->error['captcha'])) {
$data['error_captcha'] = $this->error['captcha'];
} else {
$data['error_captcha'] = '';
}

2. Changed validate function in catalog\controller\extension\captcha\google.php to
public function validate() {
// Check if Captcha is entered or not
if (!isset($this->request->post['g-recaptcha-response']) or empty($this->request->post['g-recaptcha-response'])) {
return $this->language->get('error_captcha');
} elseif (empty($this->session->data['gcapcha'])) {
$this->load->language('extension/captcha/google');

$recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']);

$recaptcha = json_decode($recaptcha, true);

if ($recaptcha['success']) {
$this->session->data['gcapcha'] = true;
} else {
return $this->language->get('error_captcha');
}
}
}

I downloaded a captcha vQmod from the ocart extentions pages for ocart 1.5.6. It didnt' work so I modified it and now it works like a champ, no more bot registrations!
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.

Mike B

I purchased the ClearThinking extension - http://www.opencartx.com/account-registration-captcha

Works much better than the solution above as the user doesn’t have to type anything, just click on the Google Recaptcha box.

Works great, spam eliminated.

yah, there are a bunch of pay modules for it... but I'm kinda frugal and don't want to pay for it when it can be coded for free :-)

the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)

The "click" type "I am not a robot" captcha type is really nice though. but for my purposes, the number captcha works a treat and prevents the bots from registering just the same... so I'm happy :-)

exibar wrote: ↑

Fri Feb 16, 2018 1:54 am

yah, there are a bunch of pay modules for it... but why should we have to pay for it when it can be coded for free?

the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)

Depends how you look at it, a user having to manually type a Captcha code (which you can't always read properly) rather than just clicking a simple button could potentially cause them to not sign up which = less $$$ ultimately.

But I hear what you're saying, just think for the sake of $20 I would rather have a better customer experience.

I just fixed mine a really simple way. So far I have had zero bogus registrations in a week and I was getting 5 a day.

I noticed the bogus codes are typically random letters. In my country all area codes are 4 digit numeric so I did this to the register.php file. I did not modify the resulting error message so they would not have a solution. Anyone in my country would just enter the correct post code and not even notice.

// only accept 4 character number for area codes for registration
if ((utf8_strlen(trim($this->request->post['postcode'])) < 4 || utf8_strlen(trim($this->request->post['postcode'])) > 4 || !is_numeric($this->request->post['postcode']))) {
$this->error['postcode'] = $this->language->get('error_postcode');
}