Post by Jaesin » Thu Feb 13, 2020 8:10 am

My site is in develpement, yet I receive frequent attacks daily registering as a new "User" see screenshot..
What can be done to stop or slow this down?
Whatever they are doing I sometimes get a really bad slowdown on the admin side as a tell....
Thanks

Attachments

attacks made.jpg

attacks made.jpg (118.33 KiB) Viewed 615 times


New member

Posts

Joined
Wed Aug 23, 2017 11:31 pm

Post by fegdeed » Thu Feb 13, 2020 8:53 am

Hi @Jaesin, I think those are bot registrations. I recommend activating google recaptcha if you haven't yet done so.
If that doesn't reduce the bot registration, you should consider blocking the ip range within your htacess file.

New member

Posts

Joined
Fri Sep 21, 2018 12:01 am

Post by Jaesin » Thu Feb 13, 2020 9:15 am

I have done that now... thank you.
I think if i added each IP adress that file would be HUGE....lol

New member

Posts

Joined
Wed Aug 23, 2017 11:31 pm

Post by letxobnav » Thu Feb 13, 2020 1:48 pm

Simple way that helps is to block http/1.0 requests as most cheap spammers still use that.
You will find that virtually all http/1.0 requests are for contact us and register urls, your 51.15.15.164 is one of those.
just add to catalog/controller/startup/startup.php

Code: Select all

//*********************** PROTOCOL 1.0 ****************************/
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0') {
	$this->log->write('HTTP/1.0 blocked for '.$_SERVER['REMOTE_ADDR'].' requesting '.$_SERVER['REQUEST_URI']);
	header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not found', true);
	exit;
}
//*********************** PROTOCOL 1.0 ****************************/

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Jaesin » Thu Feb 13, 2020 2:47 pm

Thank you, I will give that a shot...

New member

Posts

Joined
Wed Aug 23, 2017 11:31 pm

Post by letxobnav » Thu Feb 13, 2020 4:06 pm

I use this function in startup.php

Code: Select all

public function identity ($user_agent) {
	if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0') return 'PROTOCOL10';
	if ($user_agent == '') return 'NOUSERAGENT';
	if (preg_match('/bot\/|bot\.|\.bot|:bot|\(bot|abot|kbot|lbot|nbot|pbot|vbot|zbot|obot|dbot|ebot|-bot|bot-|_bot|2bot|nbot|rbot|tbot|sbot|hbot|cbot|mbot|ybot|xbot|crawl|seek|facebookexternalhit|linkdex|paypal|scanner|sucuri|slurp|bingpreview|spider/i', $user_agent)) return 'PUBLICBOT';
	$proxy_headers = array('HTTP_CLIENT_IP','HTTP_X_FORWARDED_FOR','HTTP_X_FORWARDED','HTTP_X_CLUSTER_CLIENT_IP','HTTP_FORWARDED_FOR','HTTP_FORWARDED','X_FORWARDED_FOR','X_FORWARDED','FORWARDED_FOR','FORWARDED');
	foreach($proxy_headers as $header){
		if (isset($_SERVER[$header]) && !empty($_SERVER[$header])) return 'PROXY';
	}
	if (!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
		$headers = getallheaders();
		if (!array_key_exists("Accept-Language",$headers) && !array_key_exists("Cookie",$headers)) return 'COVERTBOT';
	}
	return 'HUMAN';
}
that is called via:

Code: Select all

$user_agent = trim(mb_strtolower($_SERVER['HTTP_USER_AGENT']));
$identity = $this->identity($user_agent);
$identity will then be:
PROTOCOL10 (old protocol used by amateur spammers, discard with 404 or send them to a static page stating to update their browser as I do)
NOUSERAGENT (always 404 these, dumb cousin of the amteur spammer, can also do this in htaccess)
PUBLICBOT (bots which identify themselves via user agent, some necessary (indexing), some ok (security firms, twitter, facebook, statistics etc.), some useless (seo firms), some bad (zgrab, ZmEu, Python-urllib, etc.) probes for vunerable (sub)systems like dede or phpmyadmin etc.
PROXY (no problems, but nice to know)
COVERTBOT (bots which pose as humans, these are generally malicious or vulnerability scanners but do not blindly block these as several are legit like internet security scanners and google itself (to check if you serve the same content to googlebot as you do to humans))
HUMAN (none of the above)

As stated, do not simply block COVERTBOT requests, block the malicious attempt itself or when they request 100 pages/second which Chinese tend to do.
They come from everywhere but mostly from Brazil, China and the US (amazon aws).
Yes, most professional spammers actually come via the cloud in the US and not via China, Russia or Nigeria.

You should however block PUBLICBOT and COVERTBOT from issueing POST requests on your account, checkout and contact us pages.

ps. to identify public bots you can also use the OC settings where those patterns are listed by default but never used with functions:

Code: Select all

	public function isBot($user_agent) {
		$bots = $this->config->get('config_robots');
		$bots = str_replace("\r\n",'|',$bots);
		$bots = str_replace('/','\/',$bots);
		$bots = str_replace('.','\.',$bots);
		$bots = '/'.str_replace('(','\(',$bots).'/i';
		return preg_match($bots,$user_agent);
	}
	
	public function botName($user_agent) {
		$botname = 'generic bot';
		if (stristr($user_agent,'compatible;')) {
			$botname = explode('compatible;',$agent);
			$botname = explode(';',$botname[1]);$botname = trim($botname[0]);
		}
		return $botname;
	}

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Jaesin » Thu Feb 13, 2020 11:15 pm

I really appreciate you taking the time to put this out, but outside of the first set of code to be placed in Startup.php...where doies the rest get placed?

New member

Posts

Joined
Wed Aug 23, 2017 11:31 pm

Post by JNeuhoff » Fri Feb 14, 2020 12:16 am

My site is in develpement, yet I receive frequent attacks daily registering as a new "User" see screenshot..
What can be done to stop or slow this down?
Whatever they are doing I sometimes get a really bad slowdown on the admin side as a tell....
Our Spambot Buster tool should help with this. We haven't had any fake account registrations on our sites for weeks, used to be2 to 3 fake registrations every hour, mostly from Russia, Ukraine, or Vietnam.

MHC Web Design
Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * TrustPilot Reviews * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by letxobnav » Fri Feb 14, 2020 9:54 am

Spambot Buster tool is a honeypot powered ip blocking tool which is good for internet security companies who actively manage those block lists but utter useless for web sites.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by straightlight » Fri Feb 14, 2020 10:48 am

I like the idea for testing purposes. In order to integrate lexobnav's project into OC, here's another and shorter version to test this.

In system/library/request.php file,

find:

Code: Select all

public $server = array();
add below:

Code: Select all

public $identity = '';
Then, find:

Code: Select all

$this->server = $this->clean($_SERVER);
add below:

Code: Select all

$this->identity = $this->identity($this->server);
Then, find:

Code: Select all

return $data;
	}
add below:

Code: Select all

protected function identity() {
		if ($this->server['SERVER_PROTOCOL'] == 'HTTP/1.0') return 'PROTOCOL10';
		
		if (!isset($this->server['HTTP_USER_AGENT']) || $this->server['HTTP_USER_AGENT'] == '') return 'NOUSERAGENT';
		
		if (preg_match('/bot\/|bot\.|\.bot|:bot|\(bot|abot|kbot|lbot|nbot|pbot|vbot|zbot|obot|dbot|ebot|-bot|bot-|_bot|2bot|nbot|rbot|tbot|sbot|hbot|cbot|mbot|ybot|xbot|crawl|seek|facebookexternalhit|linkdex|paypal|scanner|sucuri|slurp|bingpreview|spider/i', $this->server['HTTP_USER_AGENT'])) return 'PUBLICBOT';
		
		$proxy_headers = array('HTTP_CLIENT_IP','HTTP_X_FORWARDED_FOR','HTTP_X_FORWARDED','HTTP_X_CLUSTER_CLIENT_IP','HTTP_FORWARDED_FOR','HTTP_FORWARDED','X_FORWARDED_FOR','X_FORWARDED','FORWARDED_FOR','FORWARDED');
		
		foreach($proxy_headers as $header){
			if (isset($this->server[$header]) && !empty($this->server[$header])) return 'PROXY';
		}
		
		if (!isset($this->server['HTTP_ACCEPT_LANGUAGE'])) {
			$headers = getallheaders();
			
			if (!array_key_exists("Accept-Language",$headers) && !array_key_exists("Cookie",$headers)) return 'COVERTBOT';
		}
		
		return 'HUMAN';
	}
In your catalog/controller/startup/router.php file,

find:

Code: Select all

// Route
add above:

Code: Select all

if ($this->request->identity != 'HUMAN' && $this->request->identity != 'PROXY') {
			die('You are not authorized to view this page!');
		}
Then, refresh your browser and test the results. You could even revert like the following to see the error message yourself (if site is NOT live, if live - set your store under maintenance!):

Code: Select all

if ($this->request->identity == 'HUMAN' || $this->request->identity == 'PROXY') {
			die('You are not authorized to view this page!');
		}

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by letxobnav » Fri Feb 14, 2020 11:54 am

well, I will test your implementation but like I said, you do not want to block PUBLICBOT at all and you do not want to block COVERTBOT indiscriminately, just prevent them from using POST on your checkout, account and contact us pages (paypal callback agent is also a PUBLICBOT or COVERTBOT depending on what patterns you have for PUBLICBOT and you definitely want those allowed).

You can of course say, "I only allow some public bots (identified by some patterns) and block all other bots" but those other bots will include payment gateways, law enforcement agencies, internet security companies, census, seo companies and search engines including google itself.
The problem with covert bots is that you do not know what their intentions are until you see what they are doing, when they POST on account, checkout or contact pages, then you know their intention and no bot should be posting there.

So I would advice not to use it as a blunt blocking tool but targetted at the problem of machine registrations and spamming.
(I also use it to forcefully destroy the session file on exit but that is another topic)

I simply set the identity in a session variable in startup.php so I can use it everywhere.

Code: Select all

$user_agent = trim(mb_strtolower($_SERVER['HTTP_USER_AGENT']));
$this->session->data['identity'] = $this->identity($user_agent);
in the validate function of contact.php

Code: Select all

		if ($this->session->data['identity'] == 'PUBLICBOT' || $this->session->data['identity'] == 'COVERTBOT') {
			$this->error['enquiry'] = $this->language->get('enquiry_by_bot');
		}

and no POST can commence.

Also, as these are bots

Code: Select all

if ($this->request->identity != 'HUMAN' && $this->request->identity != 'PROXY') {
			die('You are not authorized to view this page!');
		}
using

Code: Select all

die('You are not authorized to view this page!');
is of little use, better use

Code: Select all

header($this->server['SERVER_PROTOCOL'] . " 404 Not found", true);
exit();
or

Code: Select all

header($this->server['SERVER_PROTOCOL'] . " 403 Forbidden", true);
exit();
also, better use this function for determining PUBLICBOT as it uses the admin bot pattern settings which has a GUI so you need not hardcode the public bot patterns and can adjust easily.

Code: Select all

	public function isBot() {
		$bots = $this->config->get('config_robots');
		$bots = str_replace("\r\n",'|',$bots);
		$bots = str_replace('/','\/',$bots);
		$bots = str_replace('.','\.',$bots);
		$bots = '/'.str_replace('(','\(',$bots).'/i';
		return preg_match($bots,$this->server['HTTP_USER_AGENT']);
	}

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by JNeuhoff » Fri Feb 14, 2020 5:10 pm

letxobnav wrote:
Fri Feb 14, 2020 9:54 am
Spambot Buster tool is a honeypot powered ip blocking tool which is good for internet security companies who actively manage those block lists but utter useless for web sites.
Sorry, you are mistaken here. It protects websites, and by default only blocks spambot attacks, not their IP-addresses. The latter can optionally be blocked for future requests if the site administrator decides to do so, based upon an IP-lookup tool. This is important because IP-addresses can be dynamically assigned ones. In addition our tool also checks for typical human user events from mouse/keyboard/touch which spambots usually fail to trigger.

Also, your suggestion of checking the user agent string for crawlers and robots is not very efficient for a protection against spambots, most spambots use fake user agents, pretending to be regular web browsers.

MHC Web Design
Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * TrustPilot Reviews * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by sw!tch » Fri Feb 14, 2020 6:30 pm

I think to sum it up - Nowadays you need multiple solutions and there is no 100% prevention. User agents can be spoofed, advanced captchas can now be solved by bots.

HoneyPots when combined with Recapcha, I admit are still laughably quite effective for such an old technique. HoneyPots may also have downsides for WCAG and accessibility compliance (screen readers) and how to get a proper implementation. Further some people who use auto fill plugins, Roboform, LastPass, may trigger false positives (depending on how you name your fields) , leaving them unable to checkout or register.

Just like SPAM email .. never goes away.. its really an endless game. Use a combination of both and see what works best.

Always have a good backup and [ learn how to recover ] before you make any changes.


Active Member

Posts

Joined
Sat Apr 28, 2012 2:32 pm

Post by johnp » Fri Feb 14, 2020 6:39 pm

Have a look at CIDRAM. I use it on all my Opencart sites alongside Ninja Firewall. It blocks spambots, bans IPs and is easy to update.

https://github.com/CIDRAM/CIDRAM

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD 2.6.1 lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by letxobnav » Fri Feb 14, 2020 7:52 pm

Sorry, you are mistaken here. It protects websites, and by default only blocks spambot attacks, not their IP-addresses.
Then you changed your description and/or product features.
Originally you only advertized with using a honeypot which is not the same as a css/js honeypot trap field.
There was also no mention of mouse/keyboard/touch events.
These measures may be pretty effective.
Still, lose the ip blocking as it is obsolete the moment you register the ip.

and
Also, your suggestion of checking the user agent string for crawlers and robots is not very efficient for a protection against spambots, most spambots use fake user agents, pretending to be regular web browsers.
That is why we identify public bots as well as covert bots.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by letxobnav » Fri Feb 14, 2020 7:56 pm

Have a look at CIDRAM. I use it on all my Opencart sites alongside Ninja Firewall. It blocks spambots, bans IPs and is easy to update.
yeah, don't.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by letxobnav » Fri Feb 14, 2020 8:14 pm

Of course the above posts attempt to prevent machines (bots) and not humans.
Professional spammers know this so they deploy human spam farms to bypass these measures and the captchas of this world.
Those you cannot counter for bogus customer registrations but for spam you can, be it only by a little AI on the content of the enquiry as commercial spam filters do.

Since we are dealing with spam on an ecommerce site you will hardly find spam for viagra or porn sites etc. unless you sell those yourself.
So you will most likely receive spam from wholesalers trying to sell you products you are selling yourself or from SEO companies trying to sell you internet exposure of your web site (hits).

The former is difficult to detect as they will use the same words and phrases your customers might use in any enquiry but the latter is easier.

Always block enquiries containing:
1) "://", no spam is complete without a link
2) typical SEO words which your customers would rarely use like "traffic", "keyword", "unlimited", "guaranteed", "earn", "bargain", "advertising", "blast", "trial", "deal", "opportunity", "cashback", "thousands", "million", "billion", "brand", "click", "unsubscribe".
And my favorite, the exclamation point, spammers love that character, I hate it, no sane customer will use it and I have not seen a spam without it.

Your words might differ depending on what you sell and commercial spam filters use way more elaborate AI than this but they also have to deal with more spam content diversity. But with this you will prevent a large percentage of human spam on your site.

There are actually websites to guide marketers/spammer on which words not to use in order to bypass spam filters.
https://blog.hubspot.com/blog/tabid/630 ... 2m604vieh1


new functions added to contact.php:

Code: Select all

	// check complete array on the presents of a value
	private function deep_in_array($value, $array, $case_insensitive = true) {
		foreach ($array as $item) {
			if (is_array($item)) {
				$this->deep_in_array($value, $item, $case_insensitive);
			} else {
				if ($case_insensitive) {
					if (stristr($item,$value)) return true;
				} else {
					if (strstr($item,$value)) return true;
				}
			}
		}
	return false;
	}
	
	// check if a string contains a word
	private function containsWord($str, $word) {
		return preg_match('#\\b' . preg_quote($word, '#') . '\\b#i', $str);
	}
	

added to the validate() function in contact.php

Code: Select all

if (isset($this->request->post['enquiry']) && !isset($this->error['enquiry'])) {
	
	if (!isset($this->error['enquiry'])) {
		// block prohibited characters !, % and $$$
		$regex = '/(!|\%|\$\$\$)/i';
		if (preg_match($regex, $this->request->post['enquiry'],$match)){
			$this->log->write('CONTACT US: CHAR BLOCKED: '.$match[0]);
			$this->error['enquiry'] = 'Enquiry inappropriate, please re-phrase.';
		}
	}
	
	if (!isset($this->error['enquiry'])) {
		// prohibited words definition
		$patterns = array(
		"word1",
		"word2",
		"word3"
		);
	
		// block prohibited words
		foreach ($patterns as $pattern) {
			if ($this->containsWord($this->request->post['enquiry'], $pattern)) {
				$this->log->write('CONTACT US: WORD BLOCKED: '.$pattern);
				// uncomment to test if your patterns are right or wrong
				//$this->log->write('CONTACT US: ENQUIRY BLOCKED: '.$this->request->post['enquiry']);
				$this->error['enquiry'] = 'Enquiry inappropriate, please re-phrase.';
				break;
			}
		}
	}
	
	if (!isset($this->error['enquiry'])) {
		// fragments not allowed to be posted
		$no_post_array = array(
		'://',
		'<script',
		'<applet', 
		'<body', 
		'<bgsound', 
		'<base', 
		'<basefont', 
		'<canvas', 
		'<embed', 
		'<frame', 
		'<frameset', 
		'<head', 
		'<html', 
		'<id>', 
		'<iframe', 
		'<ilayer', 
		'<layer', 
		'<link', 
		'<meta', 
		'<name', 
		'<object', 
		'<style', 
		'<title', 
		'<xml', 
		'md5',
		'base64_decode',
		"Content-Type:",
		"MIME-Version:",
		"Content-Transfer-Encoding:",
		"cc:"
		);

		// check all post variables for the fragments
		$npas = sizeof($no_post_array);
		for ($d = 0; $d < $npas; $d++) {
			$fragment = $no_post_array[$d];
			if ($this->deep_in_array($fragment, $this->request->post)) {
				$this->log->write('CONTACT US: BLOCKED '.$fragment);
				$this->error['enquiry'] = 'No MARKUP, SPAM, LINKS or CODE accepted.';
				break;
			}
		}
	}
}

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by straightlight » Fri Feb 14, 2020 8:28 pm

letxobnav wrote:
Fri Feb 14, 2020 11:54 am
well, I will test your implementation but like I said, you do not want to block PUBLICBOT at all and you do not want to block COVERTBOT indiscriminately, just prevent them from using POST on your checkout, account and contact us pages (paypal callback agent is also a PUBLICBOT or COVERTBOT depending on what patterns you have for PUBLICBOT and you definitely want those allowed).

You can of course say, "I only allow some public bots (identified by some patterns) and block all other bots" but those other bots will include payment gateways, law enforcement agencies, internet security companies, census, seo companies and search engines including google itself.
The problem with covert bots is that you do not know what their intentions are until you see what they are doing, when they POST on account, checkout or contact pages, then you know their intention and no bot should be posting there.

So I would advice not to use it as a blunt blocking tool but targetted at the problem of machine registrations and spamming.
(I also use it to forcefully destroy the session file on exit but that is another topic)

I simply set the identity in a session variable in startup.php so I can use it everywhere.

Code: Select all

$user_agent = trim(mb_strtolower($_SERVER['HTTP_USER_AGENT']));
$this->session->data['identity'] = $this->identity($user_agent);
in the validate function of contact.php

Code: Select all

		if ($this->session->data['identity'] == 'PUBLICBOT' || $this->session->data['identity'] == 'COVERTBOT') {
			$this->error['enquiry'] = $this->language->get('enquiry_by_bot');
		}

and no POST can commence.

Also, as these are bots

Code: Select all

if ($this->request->identity != 'HUMAN' && $this->request->identity != 'PROXY') {
			die('You are not authorized to view this page!');
		}
using

Code: Select all

die('You are not authorized to view this page!');
is of little use, better use

Code: Select all

header($this->server['SERVER_PROTOCOL'] . " 404 Not found", true);
exit();
or

Code: Select all

header($this->server['SERVER_PROTOCOL'] . " 403 Forbidden", true);
exit();
also, better use this function for determining PUBLICBOT as it uses the admin bot pattern settings which has a GUI so you need not hardcode the public bot patterns and can adjust easily.

Code: Select all

	public function isBot() {
		$bots = $this->config->get('config_robots');
		$bots = str_replace("\r\n",'|',$bots);
		$bots = str_replace('/','\/',$bots);
		$bots = str_replace('.','\.',$bots);
		$bots = '/'.str_replace('(','\(',$bots).'/i';
		return preg_match($bots,$this->server['HTTP_USER_AGENT']);
	}
The modifications provided on my behalf on the above was simply for testing purposes as also mentioned for implementing the already provided codes into OC without the need to duplicate the public functions into several controllers since the request library file can already pull those types of requests centrally throughout the platform. Should further coding need to be done? It sure can.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by paulfeakins » Fri Feb 14, 2020 9:00 pm

sw!tch wrote:
Fri Feb 14, 2020 6:30 pm
I think to sum it up - Nowadays you need multiple solutions and there is no 100% prevention. User agents can be spoofed, advanced captchas can now be solved by bots.
Actually our Advanced CAPTCHA has so far been 100% effective and is also invisible:
https://www.opencart.com/index.php?rout ... n_id=36312

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Expert Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by letxobnav » Fri Feb 14, 2020 11:00 pm

One thing you need be aware of when using honeypot trap fields, i.e. hidden fields you hope a bot will fill, is that bots know this and are not stupid.

While it is convenient to show a customer all the fields in error at once as OC does default, it is a vital means for bots to see which fields it needs to fill and which it does not.
A bot can simply submit the form empty and read the resulting html with the required fields marked as in error and it knows that only those need to be provided when it submits the spam content.
So either display field errors one by one or make sure you also provide a hidden field error message for the hidden field if empty so it does not know which field to avoid.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan
Who is online

Users browsing this forum: GaiaBudz, ihateusernames and 31 guests