Post by exibar » Thu Feb 15, 2018 12:13 am

Hi all!
Not sure if this is the right area for this question or not....

Lately in the past couple days my Ocart has been innundated with bogus new customers... they all follow the same rough format so I can detect them as bogus, I've blocked IP's, added an "admin must approve", etc... The IP addresses are all clearly through TOR or similar type thing, many within the 185.202.101.0/24 subnets... I've blocked most IP's...

any thoughts as to how to prevent these bogus new customers from being created? They're created at all times day and night, so it's doubtful it's a manual creation.

Is there any way to limit the phone number to 10 digits, or perhaps force only valid zipcodes for the area?

thanks!
Mike B

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Thu Feb 15, 2018 4:26 am

I also have the same issue

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by exibar » Thu Feb 15, 2018 4:31 am

would you mind posting an example of one of those bogus new customers? either here or PM to me? I'd love to compare notes on these guys

Mike B

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by exibar » Thu Feb 15, 2018 4:33 am

did this just start on your site this month as well?

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by 1975bloom » Thu Feb 15, 2018 5:02 am

Hi, I am having the same problem, have you any idea how to stop them.

New member

Posts

Joined
Wed Apr 10, 2013 10:42 pm

Post by exibar » Thu Feb 15, 2018 5:04 am

anyone that is having the same problem, can you post a sample of one of those bogus accounts?

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by uksitebuilder » Thu Feb 15, 2018 5:17 am

Please have a look through the General Support forums for your version.

This has been asked and answered several times now.

ImageImageImageImageImage

For Friendly Professional Support - Click Here


User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by exibar » Thu Feb 15, 2018 5:22 am

my apologies, I didn't see anything in there... I'll dig deeper :-)

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by exibar » Thu Feb 15, 2018 5:27 am

I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....

Mike B

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Thu Feb 15, 2018 10:25 pm

exibar wrote:
Thu Feb 15, 2018 5:27 am
I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....

Mike B
Can you let me know too? I'm also on 1.5.6.4 using Journal theme

Thanks

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by ChinmayBhatta » Fri Feb 16, 2018 12:13 am

There is an issue in Register page as it ignores captcha. Just try registering, even with Captcha not entered, you will be able to log in. I made the following adhoc changes to restrict the bogus customer. Now one cannot register without entering Captcha. Still, I think, we should improve the solution like, the original code does not validates the captcha, if already exists in session. For spammers, this will be boon and defeat the reason for adding captcha in first place.

1. Add the following line in Index function (around line 50) in catalog\controller\account\register.php

if (isset($this->error['captcha'])) {
$data['error_captcha'] = $this->error['captcha'];
} else {
$data['error_captcha'] = '';
}

2. Changed validate function in catalog\controller\extension\captcha\google.php to
public function validate() {
// Check if Captcha is entered or not
if (!isset($this->request->post['g-recaptcha-response']) or empty($this->request->post['g-recaptcha-response'])) {
return $this->language->get('error_captcha');
} elseif (empty($this->session->data['gcapcha'])) {
$this->load->language('extension/captcha/google');

$recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']);

$recaptcha = json_decode($recaptcha, true);

if ($recaptcha['success']) {
$this->session->data['gcapcha'] = true;
} else {
return $this->language->get('error_captcha');
}
}
}

Newbie

Posts

Joined
Wed Mar 08, 2017 7:16 pm

Post by exibar » Fri Feb 16, 2018 12:40 am

I downloaded a captcha vQmod from the ocart extentions pages for ocart 1.5.6. It didnt' work so I modified it and now it works like a champ, no more bot registrations!
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.

Mike B

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Fri Feb 16, 2018 12:52 am

I purchased the ClearThinking extension - http://www.opencartx.com/account-registration-captcha

Works much better than the solution above as the user doesn’t have to type anything, just click on the Google Recaptcha box.

Works great, spam eliminated.

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by exibar » Fri Feb 16, 2018 1:54 am

yah, there are a bunch of pay modules for it... but I'm kinda frugal and don't want to pay for it when it can be coded for free :-)

the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)

The "click" type "I am not a robot" captcha type is really nice though. but for my purposes, the number captcha works a treat and prevents the bots from registering just the same... so I'm happy :-)
Last edited by exibar on Fri Feb 16, 2018 1:59 am, edited 1 time in total.

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Fri Feb 16, 2018 1:58 am

exibar wrote:
Fri Feb 16, 2018 1:54 am
yah, there are a bunch of pay modules for it... but why should we have to pay for it when it can be coded for free?

the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)
Depends how you look at it, a user having to manually type a Captcha code (which you can't always read properly) rather than just clicking a simple button could potentially cause them to not sign up which = less $$$ ultimately.

But I hear what you're saying, just think for the sake of $20 I would rather have a better customer experience.

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London
Who is online

Users browsing this forum: No registered users and 1 guest