Post by lopazrich402 » Fri Dec 18, 2020 5:52 pm

So I have a super old opencart 1.5.6 install with probably over 1,500 products for my father. the site is pretty much nonfunctional due to PHP updates on my host; you can't add anything to your cart or check out, but it serves us perfectly for SEO purposes and can't really do without the site at the moment. We're pretty much stuck with it for now.

For the past several months I've been getting strange "New Customer" emails from the site. Again the site is nonfunctional and you can't even go in there and register an account if you wanted to.

These emails are coming in more and more frequently, several times a day, and everything is just jibberish but it does contain what seems to be a valid email address and phone #. Again I know this can't be possible. Here's a screenshot of one of the emails.

Newbie

Posts

Joined
Fri Dec 18, 2020 5:41 pm

Post by JNeuhoff » Fri Dec 18, 2020 6:39 pm

Your website is being targeted by spambots doing fake account registrations. For newer OC versions there are anti-spambot tools like our SpamBot Buster. But yours is quite an old OC version. You may want to search the OpenCart marketplace for a suitable anti-spambot extension, or find a professional developer on the commercial forum section who could port a suitable anti-spambot or captcha tool back to your OC version as a custom job.

BTW.: The standard OC captcha tool which is supposed to prevent spambots from doing fake account registrations is pretty useless, most modern spambots easily overcome it!

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by IP_CAM » Fri Dec 18, 2020 7:35 pm

the site is pretty much nonfunctional due to PHP updates on my host
What exact OC Version do you use?
But whatever you reply to this, FIRST, replace the content of your
system/library/encryption.php file with this one, to make PHP v.7.4.x work:

Code: Select all

<?php
final class Encryption {
	
	private $cipher = 'aes-256-ctr';
	private $digest = 'sha256';
	private $key;
	
	public function __construct($key) {
		$this->key = $key;
	}

	public function encrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$iv        = openssl_random_pseudo_bytes($iv_length);
		return base64_encode($iv . openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv));
	}
	
	public function decrypt($value) {
		$key       = openssl_digest($this->key, $this->digest, true);
		$iv_length = openssl_cipher_iv_length($this->cipher);
		$value     = base64_decode($value);
		$iv        = substr($value, 0, $iv_length);
		$value     = substr($value, $iv_length);
		return openssl_decrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
	}
}
?>

I am no longer active at the Forum. Please do NOT send me Personal Mails,
they will no longer be replied to.
My Github OC Site: https://github.com/IP-CAM
4'300 + FREE OC Extensions, on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by datasmog » Sat Jan 09, 2021 8:28 pm

Thanks IP_CAM. I came here looking for a solution to make V1.5x work with up dated PHP.
And this is it, brilliant.

Newbie

Posts

Joined
Fri Oct 30, 2009 2:10 am

Post by IP_CAM » Sat Jan 09, 2021 9:22 pm

Good for you ! ;)
And to make it even better, check the image, and change all
those 'Routines', by adding that (INT), where it needs to done,
(for what unknown to me reason ever), in the Admin + Frontside
'controller' sections, where EXACTLY that routine exists. ;)
It has something to do with security, I assume, but not beeing
Coder, I really don't know ... :laugh:
Ernie
PS. A few other PHP v.7.4.x capable encryption.php Files also exist,
possibly matching some OC Versions better, just to have it mentioned too:
viewtopic.php?f=181&t=199924&p=804581#p804581
---
Image

I am no longer active at the Forum. Please do NOT send me Personal Mails,
they will no longer be replied to.
My Github OC Site: https://github.com/IP-CAM
4'300 + FREE OC Extensions, on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by xxvirusxx » Sat Jan 09, 2021 9:49 pm

If you replace int with beer you will not see the warnings :laugh:

My converted modules | Buy me a beer | Opencart upgrade service


User avatar
Expert Member

Posts

Joined
Tue Jul 17, 2012 10:35 pm
Location - România

Post by Johnathan » Sat Jan 09, 2021 11:49 pm

If it's the normal account registration form that bots are using, I have an Account Registration Captcha extension that still works on OpenCart 1.5.6. That would let you place a captcha on the registration process, so that someone has to fill it out to register a valid account.

Feel free to take a look at the screenshots and demo site, and if you're interested let me know at www.getclearthinking.com/contact if you have any further questions.

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am

Who is online

Users browsing this forum: Google [Bot] and 31 guests