Hi all!
Not sure if this is the right area for this question or not....
Lately in the past couple days my Ocart has been innundated with bogus new customers... they all follow the same rough format so I can detect them as bogus, I've blocked IP's, added an "admin must approve", etc... The IP addresses are all clearly through TOR or similar type thing, many within the 185.202.101.0/24 subnets... I've blocked most IP's...
any thoughts as to how to prevent these bogus new customers from being created? They're created at all times day and night, so it's doubtful it's a manual creation.
Is there any way to limit the phone number to 10 digits, or perhaps force only valid zipcodes for the area?
thanks!
Mike B
Not sure if this is the right area for this question or not....
Lately in the past couple days my Ocart has been innundated with bogus new customers... they all follow the same rough format so I can detect them as bogus, I've blocked IP's, added an "admin must approve", etc... The IP addresses are all clearly through TOR or similar type thing, many within the 185.202.101.0/24 subnets... I've blocked most IP's...
any thoughts as to how to prevent these bogus new customers from being created? They're created at all times day and night, so it's doubtful it's a manual creation.
Is there any way to limit the phone number to 10 digits, or perhaps force only valid zipcodes for the area?
thanks!
Mike B
Please have a look through the General Support forums for your version.
This has been asked and answered several times now.
This has been asked and answered several times now.
I think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....
Mike B
Mike B
Can you let me know too? I'm also on 1.5.6.4 using Journal themeexibar wrote: ↑Thu Feb 15, 2018 5:27 amI think the solution to this issue is adding a Captchca to thbe new user registration page... or a similar "answer this really easy question..." type thing... I'll dig deeper and maybe see what there is available for Captcha's on version 1.5.6 for me....
Mike B
Thanks
There is an issue in Register page as it ignores captcha. Just try registering, even with Captcha not entered, you will be able to log in. I made the following adhoc changes to restrict the bogus customer. Now one cannot register without entering Captcha. Still, I think, we should improve the solution like, the original code does not validates the captcha, if already exists in session. For spammers, this will be boon and defeat the reason for adding captcha in first place.
1. Add the following line in Index function (around line 50) in catalog\controller\account\register.php
if (isset($this->error['captcha'])) {
$data['error_captcha'] = $this->error['captcha'];
} else {
$data['error_captcha'] = '';
}
2. Changed validate function in catalog\controller\extension\captcha\google.php to
public function validate() {
// Check if Captcha is entered or not
if (!isset($this->request->post['g-recaptcha-response']) or empty($this->request->post['g-recaptcha-response'])) {
return $this->language->get('error_captcha');
} elseif (empty($this->session->data['gcapcha'])) {
$this->load->language('extension/captcha/google');
$recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']);
$recaptcha = json_decode($recaptcha, true);
if ($recaptcha['success']) {
$this->session->data['gcapcha'] = true;
} else {
return $this->language->get('error_captcha');
}
}
}
1. Add the following line in Index function (around line 50) in catalog\controller\account\register.php
if (isset($this->error['captcha'])) {
$data['error_captcha'] = $this->error['captcha'];
} else {
$data['error_captcha'] = '';
}
2. Changed validate function in catalog\controller\extension\captcha\google.php to
public function validate() {
// Check if Captcha is entered or not
if (!isset($this->request->post['g-recaptcha-response']) or empty($this->request->post['g-recaptcha-response'])) {
return $this->language->get('error_captcha');
} elseif (empty($this->session->data['gcapcha'])) {
$this->load->language('extension/captcha/google');
$recaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($this->config->get('captcha_google_secret')) . '&response=' . $this->request->post['g-recaptcha-response'] . '&remoteip=' . $this->request->server['REMOTE_ADDR']);
$recaptcha = json_decode($recaptcha, true);
if ($recaptcha['success']) {
$this->session->data['gcapcha'] = true;
} else {
return $this->language->get('error_captcha');
}
}
}
I downloaded a captcha vQmod from the ocart extentions pages for ocart 1.5.6. It didnt' work so I modified it and now it works like a champ, no more bot registrations!
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.
Mike B
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.
Mike B
I purchased the ClearThinking extension - http://www.opencartx.com/account-registration-captcha
Works much better than the solution above as the user doesn’t have to type anything, just click on the Google Recaptcha box.
Works great, spam eliminated.
Works much better than the solution above as the user doesn’t have to type anything, just click on the Google Recaptcha box.
Works great, spam eliminated.
yah, there are a bunch of pay modules for it... but I'm kinda frugal and don't want to pay for it when it can be coded for free :-)
the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)
The "click" type "I am not a robot" captcha type is really nice though. but for my purposes, the number captcha works a treat and prevents the bots from registering just the same... so I'm happy :-)
the pay modules might be easier to use, etc... but I don't mind working things out to achieve the results :-)
The "click" type "I am not a robot" captcha type is really nice though. but for my purposes, the number captcha works a treat and prevents the bots from registering just the same... so I'm happy :-)
Last edited by exibar on Fri Feb 16, 2018 1:59 am, edited 1 time in total.
Depends how you look at it, a user having to manually type a Captcha code (which you can't always read properly) rather than just clicking a simple button could potentially cause them to not sign up which = less $$$ ultimately.
But I hear what you're saying, just think for the sake of $20 I would rather have a better customer experience.
I just fixed mine a really simple way. So far I have had zero bogus registrations in a week and I was getting 5 a day.
I noticed the bogus codes are typically random letters. In my country all area codes are 4 digit numeric so I did this to the register.php file. I did not modify the resulting error message so they would not have a solution. Anyone in my country would just enter the correct post code and not even notice.
// only accept 4 character number for area codes for registration
if ((utf8_strlen(trim($this->request->post['postcode'])) < 4 || utf8_strlen(trim($this->request->post['postcode'])) > 4 || !is_numeric($this->request->post['postcode']))) {
$this->error['postcode'] = $this->language->get('error_postcode');
}
I noticed the bogus codes are typically random letters. In my country all area codes are 4 digit numeric so I did this to the register.php file. I did not modify the resulting error message so they would not have a solution. Anyone in my country would just enter the correct post code and not even notice.
// only accept 4 character number for area codes for registration
if ((utf8_strlen(trim($this->request->post['postcode'])) < 4 || utf8_strlen(trim($this->request->post['postcode'])) > 4 || !is_numeric($this->request->post['postcode']))) {
$this->error['postcode'] = $this->language->get('error_postcode');
}
Who is online
Users browsing this forum: No registered users and 91 guests