Post by imagineds » Thu Mar 22, 2018 11:04 pm

So, then if one of those extensions uses a remote API then what do I do?
And if none of them do, then what?

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 11:17 pm

If one of them do, report it here and I will see what I can do to provide the instructions based on their login page. If none of them do, you'd need to provide the most recent access logs from your webserver so to see where the CSRF attacker originates from as well as knowing the route being used to auto-create accounts on your store.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 11:48 pm

I was able to get Google reCaptcha to work on the site. Had to make an adjustment on the server. So I will just see if that does the trick.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 11:49 pm

Had to make an adjustment on the server
What adjustment? This is simply vague information ...

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ameliaa » Fri Mar 23, 2018 10:44 am

Is this mod really working? I installed on both my sites. Sill receiving registration spam (lots of it), even affiliate spam.

OC Version: 2.0.1.1 and 2.0.3.1
URLs:
https://bit.ly/2pxDAtx
https://bit.ly/2pxgpP6

New member

Posts

Joined
Fri Jan 29, 2010 6:31 pm

Post by straightlight » Fri Mar 23, 2018 6:33 pm

ameliaa wrote:
Fri Mar 23, 2018 10:44 am
Is this mod really working? I installed on both my sites. Sill receiving registration spam (lots of it), even affiliate spam.

OC Version: 2.0.1.1 and 2.0.3.1
URLs:
https://bit.ly/2pxDAtx
https://bit.ly/2pxgpP6
As questioned on the above to other users, are you using any social logins extensions or remote logins to your site?

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by holiday.holiday1 » Sun Mar 25, 2018 5:39 am

I have a 1.5.4 store, have applied the mod with appropriate changes for 1.5.4, and see the changes have taken effect to the vqcache files for both catalog and admin. But, the __csrf modifications to the <form> markup are only taking effect on the admin side.
Thanks for the help and mod.


Posts

Joined
Sat Mar 24, 2018 4:34 am

Post by simone.pignatti » Mon Mar 26, 2018 8:37 pm

Hi guys, I've just uploaded v2.0 files in my 1.5.2.1 installation. Nothing happened, it seems it doesn't work at all.
Any advice?
If you like to check my web shop you can visit www (dot) batterfly (dot) com
Thank you.


Posts

Joined
Mon Mar 26, 2018 8:30 pm

Post by straightlight » Mon Mar 26, 2018 10:30 pm

What are your path and line configurations in your XML file since you are using an unsupported version?

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by simone.pignatti » Mon Mar 26, 2018 10:31 pm

straightlight wrote:
Mon Mar 26, 2018 10:30 pm
What are your path and line configurations in your XML file since you are using an unsupported version?
I didn't change anything. What do you suggest to edit?


Posts

Joined
Mon Mar 26, 2018 8:30 pm

Post by straightlight » Mon Mar 26, 2018 10:39 pm

You need to edit the XML file for the lines to be looked up. Although, since v1.5x releases are pretty old, I don't provide much support for it. However, it does not indicate nor mean that the extension does not work.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ryke-opencart » Tue Mar 27, 2018 3:42 am

Thanks for any help you can give. I'm trying to stop a flock of "bad robots" attacking my website. Found your extension and thought i had found my fix. Installed the 2.0 version on my opencart 1.5.5.1 and not working. Had seen a post of someone using and you saying would work on a 1.5 xx or something. Just figured it would work on mine. Checked the header in the source code on my Chrome browser and no <form could be found that replies to CSRF. There was no info or readme file or anything on installing or using. I hope i can even get to work on my opencart version. Any help would be appreciated. Thanks.

Newbie

Posts

Joined
Tue Mar 27, 2018 3:31 am

Post by straightlight » Wed Mar 28, 2018 8:30 pm

I have posted an update message on the CSRF page from the Marketplace. v1.5x releases has also been a success to work with this extension. Ensure to configure your XML file with the relative search lines as well as adding the ZDLib output compression set to On in your php.ini or in your .user.ini file and all should be fine. The ZDLib switch is mentioned on the documentation tab from the Marketplace.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by sfbh » Thu Mar 29, 2018 2:44 am

[Edit] Post removed by author.
Last edited by sfbh on Fri Mar 30, 2018 1:24 am, edited 2 times in total.

Newbie

Posts

Joined
Sun Apr 16, 2017 4:51 am

Post by straightlight » Thu Mar 29, 2018 3:10 am

in /admin/controller/common/header.php and /catalog/controller/common/header.php (I do not have VQmod installed. I plan to remove the manual entries and convert to an OCmod once it is working)
The package I provided already provide this solution. No need to manually apply the queries since it should automatically propagate through the entire store by using the XML file and the csrf_helper file as long as the lookup lines in the XML (search) is looking for the right location and without conflict.

Note: Do NOT publish the csrf token value on the forum nor on any public websites for security purposes. I would strongly suggest to remove it from your previous post.

The CSRF token is working properly as per your post above. Install the re-captcha module as well and see if the SPAMs and floods keeps increasing on your store afterwards.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by wildfire67 » Thu Mar 29, 2018 5:32 am

Can I pay you to install this for me? I found no instructions in the crsf20 file.

Regards

John

Thanks!

Wildfire67


User avatar
Newbie

Posts

Joined
Thu Feb 23, 2012 11:57 am

Post by sfbh » Thu Mar 29, 2018 10:26 am

[Edit] Post removed by author.
Last edited by sfbh on Fri Mar 30, 2018 1:25 am, edited 1 time in total.

Newbie

Posts

Joined
Sun Apr 16, 2017 4:51 am

Post by straightlight » Thu Mar 29, 2018 6:05 pm

VQMod must be used with this extension, it is not an OCMod extension are clearly demonstrated from the package delivered on the Marketplace. As for the manual entry, this would be insufficient since the extension is using a propagated method with regular expression from XML in order to protect users against flooders.

Take note that this extension does not protect users against SPAMs but against floods that are caused by spammers. Using re-captcha with CSRF together is the best way to go to get rid of the spammers.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Thu Mar 29, 2018 6:10 pm

The first post has now been updated for users to get more information about what CSRF attackers do.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Thu Mar 29, 2018 7:42 pm

[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.

For users that already installed the recent version, simply replace the system/helper/csrf_helper.php with the new one from the delivered package on the Marketplace. This will NOT affect any customers activities during their visits through the site. The helper file is totally safe to replace without setting the store under maintenance. Ensure to clear the OC cache, however.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 3 guests