Post by Radioguy » Mon Dec 11, 2017 8:11 pm

Hello all,

I am a long time Opencart user. Thanks for all the great work.
After the recent upgrade to 3.0 we started experiencing Customer registration Spam. Mostly Russian addresses.
I get about 50 every day. There doesn't seem to be anything else going on, just the registration. We tried Captcha and RE-Captcha and doesn't even slow them down. The IP's are all different. I searched the forums here and can't seem to find anything recent. I would be grateful if someone has a solution to this. I am afraid something sinister may happen and frankly its annoying deleting all of those registrations every few days.

Thank you in advance for any help.

Newbie

Posts

Joined
Mon Feb 20, 2012 9:25 pm

Post by straightlight » Mon Dec 11, 2017 8:20 pm

While Captcha and Re-Captcha is being used for decoration purposes on any platform, simply use the CSRF Form Protection extension to enforce HTML form protections on your site: https://www.opencart.com/index.php?rout ... on_id=4773 . You can be ensured this will definitely stop the spamming on your site.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by divanova » Thu Feb 08, 2018 2:46 pm

Hi Radioguy,
I have the same problem. Recently my website got flooded with fake registrations. The customers names are one and the same (James Kelvin), but the IPs are all different. Did you find any solution?
Thanks!

Newbie

Posts

Joined
Mon Feb 06, 2017 8:42 pm

Post by straightlight » Fri Feb 09, 2018 6:10 am

A solution is posted ... right above ...

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by frank79 » Sun Feb 25, 2018 7:25 pm

Hi Radioguy,
The problem you reported is not related to Opencart 3, it affects Oc 1.5, Oc, 2, wordpress and joomla sites and the issue is exactly as you described in all the platforms.
There are new spambots capable of solving traditional alphanumeric captchas so I wrote an Opencart plugin 5 years ago to block also this kind of spam, link here:

https://www.opencart.com/index.php?rout ... n_id=13097

Smart Antispam Shield is completely invisible to users and it provides several levels of protections (client side and server side).

I released an update just three days ago and according to some webmasters that installed it, the basic protection is already enough to block spam.
Hope it helps!
Last edited by frank79 on Tue May 01, 2018 6:19 pm, edited 3 times in total.

Our new Opencart Extension:
AI Assistant - automatic product and category text generator


User avatar
New member

Posts

Joined
Thu Apr 26, 2012 12:01 am

Post by straightlight » Sun Feb 25, 2018 7:48 pm

Latest release of CSRF Protection Form has been released. Tested by a forum user and confirmed the latest release no longer floods registration. No packages required, totally FREE! - no discounts necessary either: https://www.opencart.com/index.php?rout ... on_id=4773

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by exit15 » Fri Apr 13, 2018 6:10 am

Is there something in this thread that is not blatant promotion of commercial extensions? And someone just raised a price from $20 to $49 and then offered a "discount" of $15. Ingenious!!

Anyway - thanks Straightlight. Can i make this work for 1.5.6.4??

New member

Posts

Joined
Sun Mar 03, 2013 2:05 am


Post by straightlight » Fri Apr 13, 2018 9:09 am

It has been proven to work with v1.5x releases as well. Although, due to the old ways of using the site compression level compared to the more recent releases of Opencart, no promises can be delivered at this point. At least, it doesn't affect anything when the process fails to output on the view source. If you do not wish to pay the $15.00 fee for the re-captcha module, I would then suggest to try the recaptcha module from the core in your admin - > extensions - > extensions - > captcha page.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by DIHI » Sun Apr 15, 2018 5:28 pm

straightlight wrote:
Fri Apr 13, 2018 9:09 am
It has been proven to work with v1.5x releases as well. Although, due to the old ways of using the site compression level compared to the more recent releases of Opencart, no promises can be delivered at this point. At least, it doesn't affect anything when the process fails to output on the view source. If you do not wish to pay the $15.00 fee for the re-captcha module, I would then suggest to try the recaptcha module from the core in your admin - > extensions - > extensions - > captcha page.
I am having the same problem as the people above, flooded with spam registration daily, the recaptcha you mention within the admin panel, it is there and I can select where I want it to be activated but in the drop down box where you select which captcha to use there is nothing, literall, as all it says is

--- None ---

Any ideas?

New member

Posts

Joined
Sun Nov 30, 2014 12:44 am

Post by straightlight » Sun Apr 15, 2018 10:27 pm

Inquiry mentioned as the same problem but no OC version posted and without screenshot.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by eWarrior » Fri Apr 27, 2018 9:40 am

Straightlight,

I can see references to some code added for v1.5.6.4. However, the current download is clearly for v2.3.0.2 and above.

Would you still have the previous version available, or is there any chance you could outline the required changes for older versions of OpenCart?

New member

Posts

Joined
Wed Aug 29, 2012 4:27 pm

Post by IP_CAM » Fri Apr 27, 2018 11:44 am

Well, this Thing was available once for 1.5.x, as I believe to recall,
or then, I tried it with a v.2.x, a good while ago, I forget, but I've never
got it to function, for what reason ever...
But as it comes by now, it won't work in 1.5.6.x.
---
Anyway, for v.1.5.6.x, one Solution would be, to let Registrants make to
first confirm their e-Mail, by sending them a confirmation mail with a link,
wich needs to be clicked, before the Admin then manually activates them.
This way, they can at least do no harm, and since they don't confirm their
registration anyway, the Admin can see easy, who was trying to get in, and
eventually block/reroute IP-ranges and/or eMail Providers, related wich such ... :D
Ernie
---
https://www.opencart.com/index.php?rout ... rification
---

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by eWarrior » Sat Apr 28, 2018 8:01 am

Ernie,

My issue is actually with contact form spam, mostly from Russia. We are bombarded with at least 10 every day. I really need a solution to fix this.

I may look into Google reCAPTCHA, or perhaps even this extension: https://www.opencart.com/index.php?rout ... n_id=13097

My only concern is that the extension may not even work as intended. I don't mind paying a developer for a good product that works, but at this stage I am uncertain.

New member

Posts

Joined
Wed Aug 29, 2012 4:27 pm

Post by IP_CAM » Sat Apr 28, 2018 12:31 pm

The regular price is 49$, buy it now and SAVE 15$. The Promotion ends TODAY.
That's what always turns me off immediately, it's advertizing for Dummie's,
since it will still be on that Page shown by next Year... :-\
---
But other than that, I don't know, how this service operates, so I could not judge.
It's a daily fight, to keep 'em off, and it only works, if either a URL is rerouted first,
by going trough some kind of Filter like this Site here. And such usually also slows
down first Pageload too. Or then, a Blocking List in the .htaccess file is required,
to either lock out individual IP-Numbers or entire IP Ranges. Such a List can get quite
large, my biggest one contains 1810 Lines of things, but it's quite aged already ... :crazy:

But if one only 'serves' a certain World Region, one could widely lock out the rest of world.
But then, one still could use TOR, or Proxies, to visit you trough other 'channels', and you'll
still need to regularely update your .htaccess file entries. And pray, not to accidentally lock
out some of your Customers too, like it frequently happened to me...
---
The only problem is, any 'Security' outside of your own Server enable others, to also know,
what going on in your place. We're in the Information Business, and Information Age, and
everything has it's price, shown or hidden, always consider this to be a Fact. :)
Good Luck! ;)
Ernie
---
Sample Code:

Code: Select all

<Files *>
order allow,deny
allow from all
deny from 37.59.
deny from 46.229.31.30
deny from 63.243.
deny from 125.
deny from 163.172.121
deny from 180.76.
</Files>
---

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by ArtGallery » Mon Apr 30, 2018 5:50 pm

eWarrior wrote:
Sat Apr 28, 2018 8:01 am
Ernie,

My issue is actually with contact form spam, mostly from Russia. We are bombarded with at least 10 every day. I really need a solution to fix this.

I may look into Google reCAPTCHA, or perhaps even this extension: https://www.opencart.com/index.php?rout ... n_id=13097

My only concern is that the extension may not even work as intended. I don't mind paying a developer for a good product that works, but at this stage I am uncertain.
I have an older Magento 1.9x installation that gets a ton of account registration spam from Russia and China. None of the CAPTCHA solutions available for that version have worked. I had to set new accounts with an email confirmation to try to keep them from trying to abuse various email features on the site, but I still have to delete hundreds of spam registration attempts every month, plus I get a bunch of mail delivery failures from the spam account registrations. I was going to upgrade to the latest Magento which offers more spam solutions apparently, but after installing it I found I really disliked it in general.

With my first OpenCart installation for another venture, that was finished last week, I enabled the "I am not a robot" reCAPTCHA and so far there hasn't been a single spam account registration. Hopefully that isn't just because the site is new. If it does keep them at bay, I am going to redo the old Magento site and use OpenCart instead.

New member

Posts

Joined
Sat Apr 21, 2018 7:54 am

Post by straightlight » Tue May 01, 2018 2:49 am

Mystery. Only from this topic, the solution hasn't been posted among many others where the solutions have been posted many times already: viewtopic.php?f=202&t=203733#p721255

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by frank79 » Tue May 01, 2018 5:36 pm

Hi eWarrior,
I am the developer of the extension in your link, I can send you my extension for free (just pm me), and if it works like it did for the 230 sites where the extension is already installed, you can buy the license on Opencart.

Our new Opencart Extension:
AI Assistant - automatic product and category text generator


User avatar
New member

Posts

Joined
Thu Apr 26, 2012 12:01 am

Post by jfn99 » Sat Oct 06, 2018 1:55 pm

I'm also experiencing the same issue, multiple spam daily on OC 3 registration with reCaptcha. Which of these options really work? I've been getting lots of new spam registration with emails @maslicov.biz from multiple countries like Russia and Ukraine... Any one else had this problem and got it solved?
thanks

New member

Posts

Joined
Thu Feb 25, 2010 5:14 pm

Post by straightlight » Sat Oct 06, 2018 7:52 pm

The solution has already been posted here: viewtopic.php?f=202&t=200373#p722315

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by webs_bd » Fri May 10, 2019 4:46 pm

Just to double check please. For v 3.0.2.0 is it just a case of uploading these extension files or are there additional settings that need taken care of?

Big Decision
Website Production, Ecommerce & Digital Marketing in the UK
http://www.bigdecision.co.uk


New member

Posts

Joined
Sat Nov 09, 2013 8:29 pm
Who is online

Users browsing this forum: jagall, moreduff and 263 guests