Hello Everyone,
My Opencart 2.1.0.2 site getting bot attack with daily 20 to 25 fake affiliate account. So, I decided to disable the entire feature of affiliate function (Disable Affiliate Module from the extension is not working). Please, need help on how I can do this.
My Opencart 2.1.0.2 site getting bot attack with daily 20 to 25 fake affiliate account. So, I decided to disable the entire feature of affiliate function (Disable Affiliate Module from the extension is not working). Please, need help on how I can do this.
This has been a common attack on OpenCart installations lately, but even if you disable the affiliate function, they can still do the same thing with regular customer accounts. I have an Account Registration Captcha that will protect both pages, so bots can't register fake customer accounts or fake affiliate accounts.
If you're not worried about customer accounts and want to disable just affiliate registration, you can make this edit:
If you're not worried about customer accounts and want to disable just affiliate registration, you can make this edit:
Code: Select all
IN:
/catalog/controller/affiliate/register.php
AFTER:
public function index() {
ADD:
$this->response->redirect($this->url->link('common/home'));
Also take note that while the captcha extension is still useful, the spammers can still attempt to overload HTML post forms since their sessions aren't being killed. In order to do so, see the CSRF extension: https://www.opencart.com/index.php?rout ... on_id=4773 . Recommended to be used as an addition along with the re-captcha extension.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
It has indeed, but has anyone worked out what the spammers actual gain yet?
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Followed are information about what CSRF attackers may collect from websites or via an API: https://www.owasp.org/index.php/Cross-S ... heat_Sheet
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Disabling the Affiliate page doesn't help, as Jonathan said there are other forms spammers can use to attack a site. Moreover, many third party extensions contain custom forms that don't contain any spam protection.
I have developed a commercial extension that adds an invisible captcha protection to forms, link here:
https://www.opencart.com/index.php?rout ... n_id=13097
It also contain several custom mods for the most common Opencart themes and extension, new mods are continuosly added to the extension to extend the number third party extensions.
I have developed a commercial extension that adds an invisible captcha protection to forms, link here:
https://www.opencart.com/index.php?rout ... n_id=13097
It also contain several custom mods for the most common Opencart themes and extension, new mods are continuosly added to the extension to extend the number third party extensions.
Our new Opencart Extension:
AI Assistant - automatic product and category text generator
Who is online
Users browsing this forum: No registered users and 71 guests