Post by jhonburke » Wed Mar 06, 2019 1:21 pm

Dear Master,

I get a lot of spam registrants on my website every day.
is there a way to stop this ?

Newbie

Posts

Joined
Thu Jan 24, 2019 11:51 am

Post by wrick0 » Wed Mar 06, 2019 4:22 pm

add captcha to register page?

Active Member

Posts

Joined
Fri Jan 18, 2019 10:00 pm
Location - 127.0.0.1 @ The Netherlands

Post by paulfeakins » Wed Mar 06, 2019 5:46 pm

As described here, the built-in CAPTCHA has been broken by bots.

The Google one is a mission to set up and is horrible for users.

Luckily we built an invisible CAPTCHA that is so far 100% spam proof and requires no action from the user:
https://www.opencart.com/index.php?rout ... n_id=36312

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by dracoteam » Fri Dec 20, 2019 6:33 pm

Hello

Can somebody tell me what´s the benefit of create dozen of false customers every day in my site? I receive daily also false emails like HJYtfdsgtsadT. Why?
Regards

Newbie

Posts

Joined
Sat Oct 20, 2012 4:37 pm

Post by paulfeakins » Fri Dec 20, 2019 6:39 pm

dracoteam wrote:
Fri Dec 20, 2019 6:33 pm
Can somebody tell me what´s the benefit of create dozen of false customers every day in my site? I receive daily also false emails like HJYtfdsgtsadT. Why?
We've been trying to work this out, but so far we can't seem to think of their reason.

Perhaps it's Russian hackers after too much vodka? :crazy: :laugh:

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by thekrotek » Fri Dec 20, 2019 7:20 pm

Probably they're testing your checkout for any kind of security faults. Check your order list, display missing orders and see, if there're any from fake customers.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by dracoteam » Sat Dec 21, 2019 1:07 pm

Thanks for your help.
No orders yet, just new customers and emails with no sense.
I hope they change vodka to orange juice soon :)

Newbie

Posts

Joined
Sat Oct 20, 2012 4:37 pm

Post by IP_CAM » Sat Dec 21, 2019 2:30 pm

Well, I have a christmas gift for you, if you care, to keep off a whole range
of intruders for good. It's out of my .htaccess file, and it also locks out
a bunch of PROXY Users also. But better make sure, not to accidentally lock
out your 'legal' Site Visitors, or yourself... :laugh:
Merry christmas ! :D
Ernie

PS. I have it now removed again, it hopefully served it's purpose ...
Last edited by IP_CAM on Sun Dec 22, 2019 4:54 am, edited 1 time in total.

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by letxobnav » Sat Dec 21, 2019 4:12 pm

Blocking anything ip related is futile.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by IP_CAM » Sat Dec 21, 2019 10:16 pm

Well, it's just one more step, to keep a Site from getting visited by unwanted Guests.
Like a Lock on a Door, it might not keep one, from breaking in through a Window. :laugh:
Most unwanted visitors are no professional Hackers, and for them, it does it's Job well. In
combination with other htaccess filters, and that's all I need, to keep my sites alive and well,
and my access and error logs quite clean, for the past two decades at least .. ;)

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by thekrotek » Sat Dec 21, 2019 10:54 pm

Ban by IP is a lock for which everybody in the world besides a few people has a key.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by letxobnav » Sat Dec 21, 2019 11:13 pm

Most unwanted visitors are no professional Hackers, and for them, it does it's Job well.
Sure, I can block virtually every ip address and then claim that it keeps bad guys out.

Problem is that ip addresses change hands, whole ip blocks are sold and bought across countries daily, with the ip4 shortages those transactions are increasing rapidly, what is an ip of a bad person today is the ip of a good one tomorrow and visa versa.

How are you going to maintain that blind list of ranges?
You even block the university of california now and you probably don't know because blocking via htaccess gives no feedback as to who you are blocking.

if you must insist on blocking "the cheap, no professional Hackers/spammers", block requests over HTTP/1.0 protocol.
Professional hackers/spammer simply rent a server at amazon/microsoft/Rackspace/... cloud services for a few hours.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by IP_CAM » Sun Dec 22, 2019 2:43 am

Well, my Sites are not that much of importance to real Hackers, so I don't have
to create a Fort Knox out of them. I just hate, to be bugged. It depends on the
situation, at first, I block single IPs, and if multiple Subnumbers are listed, entire
Blocks. It works great, and it does not slow down anything, contrary to some
other solutions. But as I said, it's just one of the options, to keep those out,
trying to make me feel bad, by looking for holes, publicly known in OC Installs.
And I also use a top notch Hoster, the probably most decisive Factor of them all.

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by letxobnav » Sun Dec 22, 2019 6:35 am

well, htaccess always slows down.
If you want to block all known tor exit nodes (like you have many in your list) you are looking at approx. 1500 entries alone.
So you may have to ask yourself, how often am I visited by these ip's and what is the risk if they do vs. maintaining these lists and the slowdown they cause.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by ADD Creative » Sun Dec 22, 2019 7:12 am

dracoteam wrote:
Fri Dec 20, 2019 6:33 pm
Hello

Can somebody tell me what´s the benefit of create dozen of false customers every day in my site? I receive daily also false emails like HJYtfdsgtsadT. Why?
Regards
The following link on suggest, the reason is to to use your site and other sites to send lots registration emails to a victim, in the hope this will overwhelm them and distract them from some other malicious activity.
https://webmasters.stackexchange.com/a/115694

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by sw!tch » Sun Dec 22, 2019 8:00 am

letxobnav wrote:
Sun Dec 22, 2019 6:35 am
well, htaccess always slows down.
If you want to block all known tor exit nodes (like you have many in your list) you are looking at approx. 1500 entries alone.
So you may have to ask yourself, how often am I visited by these ip's and what is the risk if they do vs. maintaining these lists and the slowdown they cause.
letxobnav is correct, a ton of IP's in .htaccess and depending on your traffic might put huge strain on your server resources. If you wanted to block a ton of IP's, it might be better to block from a firewall level or even better offset those resources to a dedicated hardware firewall.

Full Stack Web Developer :: Send a PM for Custom Work.
Backup and learn how to recover before you make any changes!


Active Member

Posts

Joined
Sat Apr 28, 2012 2:32 pm

Post by IP_CAM » Sun Dec 22, 2019 10:14 am

Well, I full agree on that, Professionals have/use other ways.
But I'm not talking about and to Online_Pro's here, but to those,
likely working on a near_to_zero Budget, and trying, to possibly
keep some Regions, Countries, whatever, largely off from accessing
a Shopsite, with most common and simple free tools.
---
My SITE ROOT .htaccess file contains ~1472 Lines, including ~690 IP Denials
and my SHOP .htaccess file contains ~247 Lines, all just valid for the Shop.
--
I made some tests, with and without the ROOT .HTACCESS File, it might slow
down performance from 99 % Mobile to sometimes 97%, but other Values are
more or less the same.
It also depends on the Server, to deliever, what one is expecting, and pays for.
Just like in real Life too ... :D
---
download/file.php?mode=view&id=38176

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by letxobnav » Sun Dec 22, 2019 4:49 pm

We are not talking about slowdown on a single page-speed test.

anyway, my methods to block contact spammers, I do not use Captcha for this as I also hate to click on traffic-lights, cars and shop-signs just to send a mail.
I do for registration as that is more formal anyway.

1) block http/1.0 requests ( I do this for all requests not just contact with a page stating to update their browser).
Most cheap spammers are not identified by ip but by using the cheap proxies.
2) block requests with no accept language header ( I do this for all requests not just contact except for known/accepted bots, just 404 them)
Virtually all browsers and virtually no bot (except some chinese) set this. If it is not set and it is not an accepted bot, you do not want it.
3) use a form id post/session variable to prevent post submission bypassing the contact form.
Just a simple random id set and check with the session.
4) enforce contact form enquiry field key-strokes, submit button is disabled until a minimum number of characters are typed (not pasted), makes human spam-farm's life miserable as their game is speed so they don't type but paste the entire enquiry and hit submit.
5) validate enquiry field on known spammer keywords like:
:// (no spam is complete without the odd hyperlink)
results
online
marketing
advertizing
advertising
blast
deal
opportunity
cashback
thousand
million
brand
click
unsubscribe
! (spammers love to use exclamation marks and I hate them anyway)

These keywords you would have to adjust to fit your line of business, i.e. what kind of keywords do spammers use which would rarely be used by your potential customers but :// and ! are a dead giveaway it's a spammer (or very annoying customer).

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by flog » Mon Dec 23, 2019 5:11 pm

Hi
Since I purchased this extension, I have not had any spam whatsoever (except spam fritters for lunch) a top-quality module recommended very easy to install as well

https://www.opencart.com/index.php?rout ... n_id=36312

:P

New member

Posts

Joined
Wed Jan 16, 2019 9:35 pm

Post by paulfeakins » Mon Dec 23, 2019 5:21 pm

flog wrote:
Mon Dec 23, 2019 5:11 pm
Since I purchased this extension, I have not had any spam whatsoever (except spam fritters for lunch) a top-quality module recommended very easy to install as well

https://www.opencart.com/index.php?rout ... n_id=36312

:P
I'm very glad to hear it indeed :)

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom
Who is online

Users browsing this forum: Google [Bot], ravikumar22, Semrush [Bot] and 80 guests