Post by rajesh.insasta » Wed Mar 28, 2018 1:45 pm

Hello Everyone,
My Opencart 2.1.0.2 site getting bot attack with daily 20 to 25 fake affiliate account. So, I decided to disable the entire feature of affiliate function (Disable Affiliate Module from the extension is not working). Please, need help on how I can do this.


Posts

Joined
Tue Mar 27, 2018 12:34 pm

Post by Johnathan » Wed Mar 28, 2018 11:11 pm

This has been a common attack on OpenCart installations lately, but even if you disable the affiliate function, they can still do the same thing with regular customer accounts. I have an Account Registration Captcha that will protect both pages, so bots can't register fake customer accounts or fake affiliate accounts.

If you're not worried about customer accounts and want to disable just affiliate registration, you can make this edit:

Code: Select all

IN:
/catalog/controller/affiliate/register.php

AFTER:
public function index() {

ADD:
$this->response->redirect($this->url->link('common/home'));

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by straightlight » Thu Mar 29, 2018 7:34 am

Also take note that while the captcha extension is still useful, the spammers can still attempt to overload HTML post forms since their sessions aren't being killed. In order to do so, see the CSRF extension: https://www.opencart.com/index.php?rout ... on_id=4773 . Recommended to be used as an addition along with the re-captcha extension.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by paulfeakins » Thu Mar 29, 2018 5:03 pm

Johnathan wrote:
Wed Mar 28, 2018 11:11 pm
This has been a common attack on OpenCart installations lately
It has indeed, but has anyone worked out what the spammers actual gain yet?

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Expert Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by straightlight » Thu Mar 29, 2018 6:07 pm

Followed are information about what CSRF attackers may collect from websites or via an API: https://www.owasp.org/index.php/Cross-S ... heat_Sheet

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by frank79 » Tue May 01, 2018 6:03 pm

Disabling the Affiliate page doesn't help, as Jonathan said there are other forms spammers can use to attack a site. Moreover, many third party extensions contain custom forms that don't contain any spam protection.
I have developed a commercial extension that adds an invisible captcha protection to forms, link here:
https://www.opencart.com/index.php?rout ... n_id=13097
It also contain several custom mods for the most common Opencart themes and extension, new mods are continuosly added to the extension to extend the number third party extensions.

User avatar
Newbie

Posts

Joined
Thu Apr 26, 2012 12:01 am
Who is online

Users browsing this forum: No registered users and 39 guests