Post by straightlight » Thu Mar 22, 2018 10:07 pm

Then, the issue is not with Authorize.net AIM but with something else on your site. Check your extensions.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 10:28 pm

I will private message you the extensions enabled.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by imagineds » Thu Mar 22, 2018 11:04 pm

So, then if one of those extensions uses a remote API then what do I do?
And if none of them do, then what?

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 11:17 pm

If one of them do, report it here and I will see what I can do to provide the instructions based on their login page. If none of them do, you'd need to provide the most recent access logs from your webserver so to see where the CSRF attacker originates from as well as knowing the route being used to auto-create accounts on your store.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 11:48 pm

I was able to get Google reCaptcha to work on the site. Had to make an adjustment on the server. So I will just see if that does the trick.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 11:49 pm

Had to make an adjustment on the server
What adjustment? This is simply vague information ...

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ameliaa » Fri Mar 23, 2018 10:44 am

Is this mod really working? I installed on both my sites. Sill receiving registration spam (lots of it), even affiliate spam.

OC Version: 2.0.1.1 and 2.0.3.1
URLs:
https://bit.ly/2pxDAtx
https://bit.ly/2pxgpP6

New member

Posts

Joined
Fri Jan 29, 2010 6:31 pm

Post by straightlight » Fri Mar 23, 2018 6:33 pm

ameliaa wrote:
Fri Mar 23, 2018 10:44 am
Is this mod really working? I installed on both my sites. Sill receiving registration spam (lots of it), even affiliate spam.

OC Version: 2.0.1.1 and 2.0.3.1
URLs:
https://bit.ly/2pxDAtx
https://bit.ly/2pxgpP6
As questioned on the above to other users, are you using any social logins extensions or remote logins to your site?

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by holiday.holiday1 » Sun Mar 25, 2018 5:39 am

I have a 1.5.4 store, have applied the mod with appropriate changes for 1.5.4, and see the changes have taken effect to the vqcache files for both catalog and admin. But, the __csrf modifications to the <form> markup are only taking effect on the admin side.
Thanks for the help and mod.


Posts

Joined
Sat Mar 24, 2018 4:34 am

Post by simone.pignatti » Mon Mar 26, 2018 8:37 pm

Hi guys, I've just uploaded v2.0 files in my 1.5.2.1 installation. Nothing happened, it seems it doesn't work at all.
Any advice?
If you like to check my web shop you can visit www (dot) batterfly (dot) com
Thank you.


Posts

Joined
Mon Mar 26, 2018 8:30 pm

Post by straightlight » Mon Mar 26, 2018 10:30 pm

What are your path and line configurations in your XML file since you are using an unsupported version?

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by simone.pignatti » Mon Mar 26, 2018 10:31 pm

straightlight wrote:
Mon Mar 26, 2018 10:30 pm
What are your path and line configurations in your XML file since you are using an unsupported version?
I didn't change anything. What do you suggest to edit?


Posts

Joined
Mon Mar 26, 2018 8:30 pm

Post by straightlight » Mon Mar 26, 2018 10:39 pm

You need to edit the XML file for the lines to be looked up. Although, since v1.5x releases are pretty old, I don't provide much support for it. However, it does not indicate nor mean that the extension does not work.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ryke-opencart » Tue Mar 27, 2018 3:42 am

Thanks for any help you can give. I'm trying to stop a flock of "bad robots" attacking my website. Found your extension and thought i had found my fix. Installed the 2.0 version on my opencart 1.5.5.1 and not working. Had seen a post of someone using and you saying would work on a 1.5 xx or something. Just figured it would work on mine. Checked the header in the source code on my Chrome browser and no <form could be found that replies to CSRF. There was no info or readme file or anything on installing or using. I hope i can even get to work on my opencart version. Any help would be appreciated. Thanks.

Newbie

Posts

Joined
Tue Mar 27, 2018 3:31 am

Post by straightlight » Wed Mar 28, 2018 8:30 pm

I have posted an update message on the CSRF page from the Marketplace. v1.5x releases has also been a success to work with this extension. Ensure to configure your XML file with the relative search lines as well as adding the ZDLib output compression set to On in your php.ini or in your .user.ini file and all should be fine. The ZDLib switch is mentioned on the documentation tab from the Marketplace.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by sfbh » Thu Mar 29, 2018 2:44 am

[Edit] Post removed by author.
Last edited by sfbh on Fri Mar 30, 2018 1:24 am, edited 2 times in total.

Newbie

Posts

Joined
Sun Apr 16, 2017 4:51 am

Post by straightlight » Thu Mar 29, 2018 3:10 am

in /admin/controller/common/header.php and /catalog/controller/common/header.php (I do not have VQmod installed. I plan to remove the manual entries and convert to an OCmod once it is working)
The package I provided already provide this solution. No need to manually apply the queries since it should automatically propagate through the entire store by using the XML file and the csrf_helper file as long as the lookup lines in the XML (search) is looking for the right location and without conflict.

Note: Do NOT publish the csrf token value on the forum nor on any public websites for security purposes. I would strongly suggest to remove it from your previous post.

The CSRF token is working properly as per your post above. Install the re-captcha module as well and see if the SPAMs and floods keeps increasing on your store afterwards.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by wildfire67 » Thu Mar 29, 2018 5:32 am

Can I pay you to install this for me? I found no instructions in the crsf20 file.

Regards

John

Thanks!

Wildfire67


User avatar
Newbie

Posts

Joined
Thu Feb 23, 2012 11:57 am

Post by sfbh » Thu Mar 29, 2018 10:26 am

[Edit] Post removed by author.
Last edited by sfbh on Fri Mar 30, 2018 1:25 am, edited 1 time in total.

Newbie

Posts

Joined
Sun Apr 16, 2017 4:51 am

Post by straightlight » Thu Mar 29, 2018 6:05 pm

VQMod must be used with this extension, it is not an OCMod extension are clearly demonstrated from the package delivered on the Marketplace. As for the manual entry, this would be insufficient since the extension is using a propagated method with regular expression from XML in order to protect users against flooders.

Take note that this extension does not protect users against SPAMs but against floods that are caused by spammers. Using re-captcha with CSRF together is the best way to go to get rid of the spammers.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: dev15 and 15 guests