Post by insurekenya » Sun Mar 01, 2020 9:13 pm

Enable Approve New Customers to avoid spams

https://example.com/admin/index.php?rou ... omer_group

Newbie

Posts

Joined
Thu Mar 28, 2019 5:00 am

Post by JNeuhoff » Mon Mar 02, 2020 12:55 am

Enable Approve New Customers to avoid spams
That doesn't prevent fake account registrations from spambots, though these fake customers won't be able to do much if there are to be approved by the site admin.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by IP_CAM » Mon Mar 02, 2020 6:38 am

My Conclusion to this, when it comes to get an adequate Test Result, by not only testing
single Site Pages, famous MaxD has a Testsite, where several Pages are tested at once,
and despite of my 67.985KB Site ROOT .htaccess file by now, plus the 6.271KB OC Shop
.htaccess file, it has no measurable impact on overall OpenCart Performance, if everything
else works as is should and could.
https://speed.devs.mx/

But it at least keeps me free of many intruders, trying to give me a hard time. And 'specific'
hacker-routines are also beeing listed, and then rerouted/redirected by the fine 301-redirect Mod,
to send those fellows to Las-Vegas, or some other nice Place, glad, to be linked for free ! One day, I
probably get a free Ticket in return to some nice Vegas Hotel and some Show .... :laugh:

It's long, since I visited it yearly, to attend the Consumer-Electronics Show, but that's many Moon's
since, and I'm sure, a lot of it changed ... :-\
Ernie
---
It's a long way from here to Vancouver ....
Image

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by insurekenya » Tue Mar 03, 2020 12:37 am

Thank you sir, for your replies, finally, I have been able to STOP all the spam customers and spam enquiries through activating Extension Google ReCAPTCHA reCAPTCHA V2 which at times I find more user-friendly since it only requires just a TICK and you are good to move to next step.

Attachments

Google RECAPTCHA.png

Google RECAPTCHA.png (264.77 KiB) Viewed 836 times


Newbie

Posts

Joined
Thu Mar 28, 2019 5:00 am

Post by ndim_pro » Tue May 26, 2020 6:41 pm

I have tried both Basic Captcha and Google Recaptcha but i still get a lot of spam client registrations. What else is there to stop this annoying thing?

User avatar
New member

Posts

Joined
Fri Nov 04, 2016 4:49 pm
Location - Thessaloniki, Greece

Post by JNeuhoff » Tue May 26, 2020 8:00 pm

ndim_pro wrote:
Tue May 26, 2020 6:41 pm
I have tried both Basic Captcha and Google Recaptcha but i still get a lot of spam client registrations. What else is there to stop this annoying thing?
The Spambot Buster tool should help. It detects and rejects spambots automatically via a built-in invisible honeypot trap and analysis of touch/mouse/keyboard events. No captchas needed.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by IP_CAM » Tue May 26, 2020 9:39 pm

[quote=sw!tch post_id=772241 time=1576972806 user_id=42096]
[quote=letxobnav post_id=772238 time=1576967711 user_id=201756]
well, htaccess always slows down.
---
Well, you just about forced me, to come here once again ... :laugh:
36'467 KB versus 75'666 KB .htaccess File Size:

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by letxobnav » Tue May 26, 2020 10:51 pm

Not sure why this is an obsession for you but as I explained long ago.

1) your tests and subsequent conclusions are flawed.
2) it is a solid assumption that a large portion of the ips/ranges you block have already changed hands, you are even blocking me and I am no longer malicious (was I ever?). And the worse part about that is that you have no way of knowing who you block anymore and why.
3) most spammers/hackers no longer use fixed ip addresses from obscure locations but rapid changing ips from reputable cloud services in reputable locations.

So you are basically needlesly slowing down your site, unaware of who you are blocking and why to give yourself a false sense of security, congratulations.
But by all means, keep blocking ips if that makes you feel secure, in the end you will have blocked everyone and then, and only then, you will be certified 100% secure.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by IP_CAM » Wed May 27, 2020 8:45 am

[quote]... your tests and subsequent conclusions are flawed.[/quote]

Well, I don't know, what other Test I could make, Google, GTMetrix, e.t.c. is
all I have, and California is far away from where I live, to make me believe,
to have one of the speediest OC Sites, even on the other Site of the planet. :laugh:
At least, as long as nobody else can show me something 'later', acting better ...
---
But I honestly don't need the whole World, to access my Sites. And it only
depends on the amount of 'smelly' Access Attempts, to either only block
a few single IP Numbers, or then entire Blocks and even Ranges. It's called
'filtering the Crowd', and I'm doing this for the past 20 Years, to then keep
the same kind of Nut's out of my EveryAuction-Sites, and with a 'real'
Hacker's help. ;) So, don't worry, I'm (still) aware of what I'm doing,
when it comes to such.

It just makes no Fun, to get bombarded, or better, only at the Beginning,
because it might help, to find some holes or misses. But then, beeing hit
by hundreds of daily hits, in every way and form imaginable, is sure no fun
anymore, and it made me lock out about a million or more IP's, to get rid of
all that garbage. Your Service Provider is probably one of them, if you cannot
access my Sites. But you won't miss anything, it's only old Version Crab... :laugh:
---
Conclusion: I would highly recommend OC Users, to lock out Regions, not
beeing targeted for Sales. It makes absolutely no sense, to waste Server
Power, for nothing in return, except for possibly some hacking attempts.
And the most simple way, to do this, is the use of an .htaccess file. One just
has to make sure, not to keep valid Customers from accessing the Site. And
that takes a little time+knowledge, to find out, like most else of some or high
importance in real life too ... ;)

And it's a daily Job, like in any Business, to check, if all the doors are locked,
before one leaves the place at night. And by use of a smart free 1.5.6 tool, one
can get 'smelly IP's locked out for a 'defined' period, to then check on 'em the
next day, in order to decide on possibly locking an IP out for good. It's one of
those many great+free Goodies, to make me stay, with what I use on Version.
---
One may like it or not, it's not my problem. To me, this all is just a Hobby, and
that makes a lot of things very different, from most anyone else's point of view.
I am fully aware of that.

But what would OC be today, if no Fan's ever existed ?! It's a pitty, to realize,
that most of them I knew are no longer around. And again, quite similar to, what
we experienced already, about 20 Years ago. But Fan's don't come for free forever,
they need to be taken Care of. And the real Big Ones spend Millions, to keep the
Crowd alive and well, by make 'em feel like beeing part of something 'important'.

And here, it's the Contrary, because, everybody is everybody's potential Competitor
too. And those, frequently sharing free Knowledge, belong to the 'least' liked of them
all, they're likely more taxed as potential Business-Killers than just nice fellows.
Still, I learned a lot, and that's, what I tried to be greatful for, as much as I could.

It might also be one of the reasons, why my Test-Sites get bugged so much... :laugh:

Good Luck ! That's it. 73/55 QRT ;)
Ernie
---
download/file.php?mode=view&id=39098

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by crosland » Tue Jul 27, 2021 4:51 pm

I used to suffer spam registration but it dried up completely after enabling the Google captcha.

In the last few weeks the bots seem to have cracked the captcha and I started getting regular spam registration and contact form e-mails again.

I found the names that the spammers use follow very particular pattern. It was very easy to add a few lines of PHP to the validate() methods in catalog\controller\account\register.php and catalog\controller\information\contact.php to filter these. Whilst there, I also blocked all attempts with a .ru tld in the e-mail as I do not have any russian customers, nor any using .ru e-mails.

The spam dried up overnight :)

Active Member

Posts

Joined
Fri Sep 13, 2019 9:04 pm

Post by JNeuhoff » Tue Jul 27, 2021 4:59 pm

Most captchas are easily overcome by modern spambots these days. We use an invisible honeypot trap field, and automatically check for expected key/mouse/touch events, to distinguish between genuine human users and spambots, this approach is far more effective.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member
Online

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: Google [Bot], Semrush [Bot] and 99 guests