Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Thank you for your reply, and I don't mean to be critical in any way, but in visiting oscommerce.com, it does say "Download the latest version to install on your own web server." where 2.3.4.1 download is located. I assumed, apparently wrongly, that this meant 2.3.4.1 is actually the latest version! Before I back out of 2.3.4.1 and redo the last week's work, please let me know what has happened here? If I stay with 2.3.4.1 does that mean that the community will not provide advice? It might be best for me to solve this problem and keep moving forward because I see a path to the end of this job.
  3. cables24h

    HoneyPot Captcha

    I might go for a GUARDIAN First i block country i never would sell to anyway. Then i check a blacklist of ip's what is shared worldwide. And then i might go protect my forms.
  4. Heatherbell

    Problem with <a href="#" in bootstrap dropdowns

    2.3.4.1 is out of date - I would recommend that you move to CE Phoenix 1.0.3.0
  5. cables24h

    HoneyPot Captcha

    How a bot going to know: https://somesite.com/pageid=rtuui9eutuie987598759500w3409q208i3oeuwjudjfiuieufuiijufijrij4f That is to register? Never going to happen. Your page for google not care. To them you can give the correct url (SEF) and it will be listed as it. The bot KNOW where to look for. - register(.php,NET) - login(.php.NET, *whatever extension) It is all blablabla............. it is just a script what looks for stuff. Common................. do i really need to explain all this? If 3 times crawled a website on server side and NOT know what BOT it is.................. it should already be blacklisted. HECK........... first time should be enough. I rest my case here.
  6. Hello. I have a heavily modified old 2.2 engine I'm moving into 2.3.4.1. A few years ago I rebuilt the 2.2 site into a bootstrap framework. Things are going okay building it out into 2.3.4.1., except . . . I am stuck on trying to get statements like the following to behave properly. <li class="dropdown"> <a href="#" class="dropdown-toggle btn btn-danger" data-toggle="dropdown" style="color:#fff;">Syllabus<strong class="caret"></strong></a> Instead of functioning as a null anchor tag for the design element, it is adding the root URL in the rollover and onclick, so that instead of functioning as a dropdown it just redirects to www.domain.com/#. This does not seem to have anything to do with relative URLs, base URL, or anything like that. I am convinced there is a javascript event handler set up somewhere that is doing this, but I cannot find it, how essential it is, or how to fix it. Any ideas would be most helpful.
  7. cables24h

    HoneyPot Captcha

    I yield here................ i might someday come up with something. But for now.............. better ask why someone choose your website to "spam". I think there it starts and where it should end. The aswer is simple........... The option is given.
  8. cables24h

    HoneyPot Captcha

    But you see hackers/script kiddy's still able to go around of it. That is why i say......... it not work. It is not that you are under attack, but when.
  9. cables24h

    HoneyPot Captcha

    Why not join blacklist program with this honeypot? For me it is a crap......... sorry. I respect the effort.
  10. cables24h

    HoneyPot Captcha

    No i not. You just register who logs. It is a stupid concept. It is already proven they go around of it. They detect it.
  11. cables24h

    HoneyPot Captcha

    Put a list what they complain about. I am curious.
  12. Jack_mcs

    HoneyPot Captcha

    You are confusing Honeypot concepts with this addon. They are very different.
  13. Jack_mcs

    HoneyPot Captcha

    OK. When you have the details I mentioned please post them here and I will take a look.
  14. cables24h

    HoneyPot Captcha

    Perhaps should list why you are attacked. If something in your website reference to something like "osCommerce". You are simply on the list of the attacker. That's all. Static pages "login.php"/"register.php"/"contact_us.php"/"account.php" these are first to attack.
  15. tonymazz

    HoneyPot Captcha

    I have tried reCaptcha and have had many real customers complain about it. With my own reCaptcha experiences, I must admit it is difficult to determine a storefront or traffic sign etc. It can be a real 'turn off' when registering at a site to make a purchase. I prefer to make our signup experience as hurdle and trouble free as possible. ReCaptcha2 did not prevent these signups, btw.
  16. cables24h

    HoneyPot Captcha

    one question to the dev's and users. Does google's reCaptchaV2 or even reCaptchaV3 not prevent current registration issue's, or contact_us? Use it, does not prevent you from storing milancious [ sorry for not phrase the word correctly] users/ip's. Honeypot concepts are outdated and widely covered in reCaptcha. What is the extra? I just wonder.
  17. tonymazz

    HoneyPot Captcha

    Nothing to do with HP, i see the IP's in my whosOnline. I started blocking those offenders in htaccess but quickly discovered that they changed with each visit to the site.
  18. tonymazz

    HoneyPot Captcha

    Few more points: We have honeypot installed (Math Captcha = False) and create account is still happening. I am not seeing the Password Reset events as @mhsuffolk has outlined. Not yet, anyway. They are spending about 90 seconds on average with 4 clicks, last one resulting in create_account. I created a new create _account.php and renamed it site wide including in filenames.php; within the hour the bot or ? figured out the new page, which confirms it is not coming right in to the create_account.php page. It seems to come in on a product page and then go to 'create account' without adding anything to the cart
  19. Jack_mcs

    HoneyPot Captcha

    As mentioned in the instructions, please post the details of an account that was created along with your HP settings. Otherwise, I am just blindly guessing. I don't understand what you mean by this since the release version of HP doesn't have an option to block IP's. You have to do that manually.
  20. cables24h

    forgot password implementation?

    Simple answer ( you not going to like it), your server ( email server) sucks. If it comes into spam, your server might is blacklisted ( not a valid hosting company, or wrong HOSTNAME) if it is not send, your server or email-server might put a hold on your outgoing emails. There is something to say about how oscommerce sends out emails. It would be better to use a SMTP email client that allow oscommerce to allow 3th party email clients. i yield.
  21. Today
  22. tonymazz

    HoneyPot Captcha

    @Jack_mcs, @mhsuffolk & @MikepoWe are getting about 15 to 20 of these 'create account' per day. Assorted letters in both upper and lower case with random lengths. The email addresses are 98% legit, so that means that our system is sending Welcome Spam, nice. The phone number field is a string of numbers and appear to be legit looking. I have the fax field disabled. I have been watching these sign-ups for a common thread that could be used to block registration. They are picking the first country listed. Maybe that country could be a country that you dont ship to and then block that registration. I also noticed that the Post Code is always a string of random letters (upper and lower case), but no numbers. This could definitely be a source for blocking since I am unaware of any countries we ship to that are all letters. The ip's switch so blocking the IP is an exercise in futility. I have seen a different country for each sign-up.
  23. Hey guys, What's the better way to implement "forgot password" in Oscommerce? My customers complain that they don't get the reset email or it ends up in their spam folder. How do the big boys do it (like Amazon NewEgg)? Their reset password works 100% of the time
  24. Jack_mcs

    HoneyPot Captcha

    They should never get past this point, assuming you have the telephone and/or fax fields showing. The Honey Pot code checks for letters in those fields and will stop the creation if found. Also, be sure you have the option to create account check option enable or all other account checks will be ignored.
  25. Mikepo

    HoneyPot Captcha

    @mhsuffolk I'm seeing the same here on my shop. They must be switching off java in the browser, and selecting the first country in the list. My site should only accept UK postcodes, but with Java off they can enter any character string. I just block their IP. They are usually from a bad IP source! check on projecthoneypot.org. I don't use Honeypot Captcha, but have been considering it, and if your suggestion can be incorporated that would be good.
  26. mhsuffolk

    HoneyPot Captcha

    I am using the latest Honey pot on Frozen. I am now getting many fake accounts purportedly from Afghanistan which are following a set pattern of operations. The account is created by populating every field in create account with a string of random letters and presumably their email address. They log off and then go through the password reset procedure. They then use the contact us page to send another random string of letters. Often, but not always I then get a Mail delivery failed message from my host which is the password reset email bouncing back. The action recorder shows two entries for the reset, one with a tick and one with a cross just 1 second apart, then the contact us, which is either from the account just created or 0 in the brackets if the email bounced. Just a suggestion. Would it be possible use this behaviour to get Honeypot to look for this password resetting immediately after account creation and either blocking the IP or alerting the store owner?
  1. Load more activity
×