Dear OC!
I'm using opencart 2.0.3.1. Recently a customer with James Kelvin is doing some fraudulent logins on our store with different email addresses with same name, contact, and address. I have banned some IPs and he is doing the same fraudulent logins with random IPs (still creating accounts using different IPs).
Can any one help me suggesting an idea by which i can permanently eradicate this type of fraudsters. Thanks in Advance
Well, you will not find anyone, ANYWHERE, to assist you on this, because
if a solution would exist, for anyone, the Internet would be a much safer place.
The only FREE way, to keep Intruders off, is the use of .htaccess, where
one can block individual IP-Numners as well as entire IP Ranges, to keep 'em off.
And this is an ongoing daily battle, it's not done once and then for good.
Ernie
if a solution would exist, for anyone, the Internet would be a much safer place.
The only FREE way, to keep Intruders off, is the use of .htaccess, where
one can block individual IP-Numners as well as entire IP Ranges, to keep 'em off.
And this is an ongoing daily battle, it's not done once and then for good.
Ernie
Code: Select all
<Files *>
order allow,deny
allow from all
deny from 2.228.
deny from 5.101.
deny from 5.133.
deny from 5.189.
deny from 5.62.
deny from 5.77.34.
deny from 5.188.
deny from 14.
deny from 17.40.
deny from 31.
deny from 213.32.
deny from 213.145.
deny from 213.251.
deny from 216.
deny from 217.
</Files>
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
I would advise strongly against this as you may block good customers too with blocking ranges.
The bot or user will simply keep changing their IP Address anyway and you will be chasing your tail.
The person or bot you have mentioned seems to have been quite busy going for and attacking many OpenCart stores.
One thing that has been known to work is by adding a free extension to stop CSRF attacks.
Hope this helps: https://www.opencart.com/index.php?rout ... on_id=4773
The bot or user will simply keep changing their IP Address anyway and you will be chasing your tail.
The person or bot you have mentioned seems to have been quite busy going for and attacking many OpenCart stores.
One thing that has been known to work is by adding a free extension to stop CSRF attacks.
Hope this helps: https://www.opencart.com/index.php?rout ... on_id=4773
What harm is being caused?
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
I second this statement. The methodology on using banned IP addresses over .htaccess or from the host console can also affect the results of the search engine whenever results are appearing. The results may still be shown but the link where the search engine has tracked the URL may not be accessible which could become quite problematic for the website's reputation as it is not good practice.I would advise strongly against this as you may block good customers too with blocking ranges.
I would suggest using this extension in order to separate all users sessions when using HTML forms: https://www.opencart.com/index.php?rout ... on_id=4773
This also allows webmasters to focus on users specifically rather than automated scripts whenever data is being posted on the store.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Well, if I run a Shop for i.E. Swiss Customers, I sure don't need anyone from China
or Russia to have access to the Site. And by Nature of things, one should always first
make sure, not to block ranges, before exactly checking, what and who will be blocked.
I am doing this for Years already, by FIRST blocking only a full numbered IP, but as soon
as multiple access attempts from the same Main Ranges exist, I lock 'em down, section
for section. It's the only working way, to keep the Fellows off for good, and without using
some external 'helpers', just slowing down loading time.
And as long as one does NOT block important seach engines, nothing will happen, that's
a proven fact too.
Ernie
---
PS. I never got the Mod, mentioned above, to work, like obviously many others too. It's to
complex, and potentially problemsome, if users have to modify Source, to make such work.
or Russia to have access to the Site. And by Nature of things, one should always first
make sure, not to block ranges, before exactly checking, what and who will be blocked.
I am doing this for Years already, by FIRST blocking only a full numbered IP, but as soon
as multiple access attempts from the same Main Ranges exist, I lock 'em down, section
for section. It's the only working way, to keep the Fellows off for good, and without using
some external 'helpers', just slowing down loading time.
And as long as one does NOT block important seach engines, nothing will happen, that's
a proven fact too.
Ernie
---
PS. I never got the Mod, mentioned above, to work, like obviously many others too. It's to
complex, and potentially problemsome, if users have to modify Source, to make such work.
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Just started for me today, same names and from new york. I have default to disabled for affiliates, should I worry or just leave them there? the commission is set to 0, so I don't think I have to worry. This doesn't provide them any access to the site does it?
Well, just compare it with a decision on either keep your Backdoor in your house,commission is set to 0, so I don't think I have to worry
or then replacing it by a solid wall. You should never allow anyone into your shop,
exept for those, allowed to by their 'status'. And if you do not use i.E. Affiliates,
Product-Returns, or Gift Vouchers, the 'Access' to those 'Programs' should not be
possible at all, and any attempt, to call such an URL, should result in either an Error
Message Page, or then the Front Start.
This way, one does not have to care about such any longer, and this leaves more
time for other matters. So it's up to you, and better don't listen to anyone, telling
you, better not to touch Source, because later Upgrades would create Problems,
because they always forget, that later Upgrades contain their own new Code and
Files, to so create their own!
Removing Affiliates is not a big problem to solve, to keep a potential nasty problem
off! And depending on your Coder Talent, you can do it for free, by 'screening' freely
available info about.
Good Luck!
Ernie
---
Mods:
https://www.opencart.com/index.php?rout ... +affiliate
---
Google:
https://www.google.com/search?q='remove ... n+Opencart
---
Last edited by IP_CAM on Mon Mar 26, 2018 12:21 pm, edited 1 time in total.
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
The provided extension above is for OC v1.5x releases. This inquiry has been posted for OC v2.x releases.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Fair point but our experience is lots of OpenCart users are experiencing this on 1, 2 and 3 so it might help someone else if not the OP.straightlight wrote: ↑Sat Mar 24, 2018 7:29 pmThe provided extension above is for OC v1.5x releases. This inquiry has been posted for OC v2.x releases.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
While this statement may be agreeable, the provided extension also state a considerable fee for that to happen and, in this case, for a different OC version that may not be compatible with the OP's OC version.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
It's the cheapest an extension can be.
As above, it will fix the problem for others with the same issue.
I'm not sure what your point is, buying this extension is not mandatory
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Who is online
Users browsing this forum: No registered users and 79 guests
