Post by exibar » Thu Feb 15, 2018 12:13 am

Hi all!
Not sure if this is the right area for this question or not....

Lately in the past couple days my Ocart has been innundated with bogus new customers... they all follow the same rough format so I can detect them as bogus, I've blocked IP's, added an "admin must approve", etc... The IP addresses are all clearly through TOR or similar type thing, many within the 185.202.101.0/24 subnets... I've blocked most IP's...

any thoughts as to how to prevent these bogus new customers from being created? They're created at all times day and night, so it's doubtful it's a manual creation.

Is there any way to limit the phone number to 10 digits, or perhaps force only valid zipcodes for the area?

thanks!
Mike B

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Thu Feb 15, 2018 4:26 am

I also have the same issue

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by exibar » Thu Feb 15, 2018 4:31 am

would you mind posting an example of one of those bogus new customers? either here or PM to me? I'd love to compare notes on these guys

Mike B

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by exibar » Thu Feb 15, 2018 4:33 am

did this just start on your site this month as well?

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by 1975bloom » Thu Feb 15, 2018 5:02 am

Hi, I am having the same problem, have you any idea how to stop them.

New member

Posts

Joined
Wed Apr 10, 2013 10:42 pm

Post by exibar » Thu Feb 15, 2018 5:04 am

anyone that is having the same problem, can you post a sample of one of those bogus accounts?

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by uksitebuilder » Thu Feb 15, 2018 5:17 am

Please have a look through the General Support forums for your version.

This has been asked and answered several times now.

User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by exibar » Thu Feb 15, 2018 5:22 am

my apologies, I didn't see anything in there... I'll dig deeper :-)

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by exibar » Thu Feb 15, 2018 5:27 am

I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....

Mike B

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Thu Feb 15, 2018 10:25 pm

exibar wrote:
Thu Feb 15, 2018 5:27 am
I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....

Mike B
Can you let me know too? I'm also on 1.5.6.4 using Journal theme

Thanks

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by ChinmayBhatta » Fri Feb 16, 2018 12:13 am

There is an issue in Register page as it ignores captcha. Just try registering, even with Captcha not entered, you will be able to log in. I made the following adhoc changes to restrict the bogus customer. Now one cannot register without entering Captcha. Still, I think, we should improve the solution like, the original code does not validates the captcha, if already exists in session. For spammers, this will be boon and defeat the reason for adding captcha in first place.

1. Add the following line in Index function (around line 50) in catalog\controller\account\register.php

if (isset($this->error['captcha'])) {
$data['error_captcha'] = $this->error['captcha'];
} else {
$data['error_captcha'] = '';
}

2. Changed validate function in catalog\controller\extension\captcha\google.php to
public function validate() {
// Check if Captcha is entered or not
if (!isset($this->request->post['g-recaptcha-response']) or empty($this->request->post['g-recaptcha-response'])) {
return $this->language->get('error_captcha');
} elseif (empty($this->session->data['gcapcha'])) {
$this->load->language('extension/captcha/google');

$recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']);

$recaptcha = json_decode($recaptcha, true);

if ($recaptcha['success']) {
$this->session->data['gcapcha'] = true;
} else {
return $this->language->get('error_captcha');
}
}
}

Newbie

Posts

Joined
Wed Mar 08, 2017 7:16 pm

Post by exibar » Fri Feb 16, 2018 12:40 am

I downloaded a captcha vQmod from the ocart extentions pages for ocart 1.5.6. It didnt' work so I modified it and now it works like a champ, no more bot registrations!
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.

Mike B

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Fri Feb 16, 2018 12:52 am

I purchased the ClearThinking extension - http://www.opencartx.com/account-registration-captcha

Works much better than the solution above as the user doesn’t have to type anything, just click on the Google Recaptcha box.

Works great, spam eliminated.

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by exibar » Fri Feb 16, 2018 1:54 am

yah, there are a bunch of pay modules for it... but I'm kinda frugal and don't want to pay for it when it can be coded for free :-)

the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)

The "click" type "I am not a robot" captcha type is really nice though. but for my purposes, the number captcha works a treat and prevents the bots from registering just the same... so I'm happy :-)
Last edited by exibar on Fri Feb 16, 2018 1:59 am, edited 1 time in total.

New member

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Fri Feb 16, 2018 1:58 am

exibar wrote:
Fri Feb 16, 2018 1:54 am
yah, there are a bunch of pay modules for it... but why should we have to pay for it when it can be coded for free?

the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)
Depends how you look at it, a user having to manually type a Captcha code (which you can't always read properly) rather than just clicking a simple button could potentially cause them to not sign up which = less $$$ ultimately.

But I hear what you're saying, just think for the sake of $20 I would rather have a better customer experience.

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by Robonz » Wed Dec 25, 2019 10:18 am

I just fixed mine a really simple way. So far I have had zero bogus registrations in a week and I was getting 5 a day.

I noticed the bogus codes are typically random letters. In my country all area codes are 4 digit numeric so I did this to the register.php file. I did not modify the resulting error message so they would not have a solution. Anyone in my country would just enter the correct post code and not even notice.

// only accept 4 character number for area codes for registration
if ((utf8_strlen(trim($this->request->post['postcode'])) < 4 || utf8_strlen(trim($this->request->post['postcode'])) > 4 || !is_numeric($this->request->post['postcode']))) {
$this->error['postcode'] = $this->language->get('error_postcode');
}

Newbie

Posts

Joined
Mon Feb 27, 2017 2:24 pm
Who is online

Users browsing this forum: No registered users and 26 guests