Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. burt

    HoneyPot Captcha

    Sure it can. Easy as 123.
  3. Today
  4. JcMagpie

    HoneyPot Captcha

    Then you have not applied it correctly. 1) It will stop 99% of all fake accounts made by bot's ( nothing can stop human factory fake accounts) 2) Have installed on about 20 sites that were getting fake account problem has stoped on all sites. So yes it does work. 3) Your customers complain about you keeping them safe ( stupid cutomers no?) Also you can change recpatcha so customer is not required to do anything ( invisable cpatcha) simply pick the one you are happy to work with.
  5. ecartz

    HoneyPot Captcha

    You could compare a few things though. In this example: the country is Australia. I don't believe that Australia has a state named Alabama (the US does have a state by that name). I suspect that the postal code is not valid for Australia. There are probably rules that an Australian could explain. Wikipedia suggests that in Australia, all post codes are three or four digits. In the United States, all zip codes are either five numbers or five numbers followed by a hyphen followed by four more numbers. So for a US zip code, you could check that the first five characters are numbers and the sixth character was a hyphen followed by digits in seven through ten. I'm guessing that an Australian could provide similar rules there. Perhaps add a postal code format regular expression to the countries table. It could be '{.*}' by default but something like '{\A\d{5}(?:-\d{4})\z}' for the US and '{\d{3,4}}' for Australia (none tested). Given how lazy spammers are, just filling in about ten formats should cover most of what they'll attempt: Afghanistan, Albania, Algeria, Andorra, Antigua and Barbuda, Argentina, Australia, Canada, United Kingdom, and United States. Perhaps later you might add Brazil, China, India, and Japan. Like in the US, single country stores are probably common in those places. And single country stores can more easily give the format used in their country.
  6. BrockleyJohn

    HoneyPot Captcha

    v3 does, though, and real people almost never see it. If you can live with having a logo somewhere on each page (not necessarily the floating in-your-face one) it's definitely worth considering.
  7. Xeretha

    adding to specials and whats new boxes

    I had a similar problem in the plugin. It was necessary to change the line and I did not understand which one and how.
  8. Nothing is working. The problem derives, I believe, from the mixture of bootstrap components. I think it is going to be more time efficient and ultimately more reliable to join you all in Bootstrap 4. Yuck. Thanks for your help.
  9. Jack_mcs

    HoneyPot Captcha

    @tonymazzRegarding the account details you posted, unfortunately, there isn't anything shown there that would allow the code to identify it as a fake account. While a person can look at it and see that it is fake, from a coding point of view, it is legitimate since it has valid entries for an account. I suppose a check could be added to see if the street address contained number and letters, or if just letters (which can happen) that it be at least two words. But that might be chasing a never ending list of possibilities. Another check could be to see if the state and country match. Those details are in the database so it would not be difficult to check them. I will plan on adding this as an option. Another check could be the post code. According to Wikipedia, the postal code of all countries that use one has at least one number in it. I will plan on adding this as an option. You don't mention if you are using the IP List option. If not, you should be. And make sure to set up a cron job for it or the list won't be useful. If you can identify some common letters that are not normally used, you can include those in the bad words option. For example, the suburb has an entry ending in "vxqd". I can't imagine word from any country using that. The entries in the fields are probably just randomly created so adding words like this may not help, or only a little, unless you are seeing them used over and over. As for sending emails, be sure you have the options set to block email addresses and url's in the forms. Depending on your version of oscommerce, there might be a setting to limit how often emails can be sent. By raising that number to something higher, like 30 minutes, it might make it difficult for the spammers to send out large numbers of emails. That's all I can offer on this sort of problem. If you, anyone, can see something else that should be checked, please post it here.
  10. Add role="button" after href="#" will make the click to do nothing.
  11. Yesterday
  12. cables24h

    HoneyPot Captcha

    No need to Noodle. What is say is right. Your DB MIGHT be flood. Who cares if it is a legit user or not. He never buy anything. Remove them from DB, no need of them. Even the "legit ones"............. they not buy. Useless. Drop them. A serious problem is the "contact_us.php" for a SHOP OWNER. That is kind of pages should be somehow be protected.
  13. tonymazz

    HoneyPot Captcha

    My screenshot was from the admin side. We automatically send random generated passwords to the client via welcome email and try to collect minimal info at the time of checkout. I thought about the email confirmation email, however over 75% of our clients want to just check out. Any delay in the checkout process can result in a lost sale. So that would not work. I agree with you on this. Should any visitor even be creating an account without an actual purchase to start with? An option in admin could toggle that as an option for those that would. In our case we are not interested in people signing up for a subscription or discounts as some commerce sites do. Perhaps, on the confirmation page the client is offered the opportunity to create an account at the end of the checkout confirmation (admin can set default). So, create_account would not be offered as a standalone, automatic account creation would only occur after a bonafide purchase. And of course the admin would need to be able to create an account from admin side. I will noodle this more.
  14. MITCH70

    [CONTRIBUTION] Sloppy Words Cleaner

    @raiwa Changed in swc_hooks.php if (isset($postcode)) $postcode = $this->RemoveShouting($postcode); to if (isset($postcode)) $postcode = strtoupper($postcode); and works correctly now.
  15. cables24h

    HoneyPot Captcha

    Is it not here where it all starts from? As soon when fill the form, osCommerce instantly log you IN. Right? you can put anything you want in the registation and it it is accepted. WORSE........... you are instantly logged.......... right? Do not blame me here as the MESSENGER.
  16. cables24h

    HoneyPot Captcha

    Stupid argumentation You not VERIFY anything. The address of the user is not verified. for THAT NO legitimacy is conserved during the register process. ( this could be blamed to osCommerce itself or to module makers who chosen to cover this kind of failure) Not a legit resource to start with.
  17. Sorry it's not clear what you're trying to do. a link to your site so that we can see what you're trying to do ?
  18. Thanks. With href="javascript:void(0)" the pulldown doesn't function. Neither with it removed.
  19. cables24h

    HoneyPot Captcha

    Here there is a compromise. Now it is the job to put it in oscommerce with a click and GO. reCaptcha is there. HoneyPot is there. How can put in in osCommerce without change a single line of core code? What is need to allow BOTH kind of protection into osCommerce and keep EACH as an individual module, still............ somehow..... ( not osCommerces problem), work together. All the others seem to manage THAT. Just NOT osCommerce.................. how is that?
  20. you can also try replacing href="#" with href="javascript:void(0)", or remove the href all together.
  21. MITCH70

    [CONTRIBUTION] Sloppy Words Cleaner

    @raiwa Noticed that the postcode not working correctly. For example must be 4545BE and swc changed it to 4545Be. All letters must stay capital. Could you check.
  22. If you specify href="#" then that is where you will go when clicked. You need to put the correct URL into href.
  23. Thank you. Raiwa posted the code reference, which shows how to properly construct these elements. I appreciate that. However, I believe the dropdowns are properly constructed. They have been working properly for years within the presentation layer that we have had running on top of osCommerce 2.2. The basic usage of 'href="#"' within anchor tags is being prevented. It happens if I use it in a simple anchor in plain HTML text. The problem is not at the level of the bootstrap, but how the null hashtag destination is interpreted. It is supposed to be interpreted as nothing, yet serve as a clickable element which can be styled as a dropdown or for other purposes. It's essential within bootstrap to be able to do this. Somehow the hashtag is being appended as a relative link, appended to the parent URL of the page it is within. I have never been this stuck on a bug honestly. Any suggestions would be greatly appreciated.
  24. @wetzel Did you look at the answer that @raiwa posted above? Mind you, his answer is for Bootstrap v3, where as Phoenix uses Bootstrap v4. M
  25. Alright. I have Phoenix running. I have a lot of work ahead of me, but for now I've installed my presentation layer onto the home page. The problem continues. For a typical dropdown such as this, instead of behaving properly, clicking sends me to 'mydomain.com#' <li class="dropdown"> <a href="#" class="dropdown-toggle btn btn-danger" data-toggle="dropdown" style="color:#fff;">Syllabus<strong class="caret"></strong></a> Any suggestions would be most helpful.
  26. cables24h

    forgot password implementation?

    Over 20 years users/dev's experience. Where is the old-gray-bearded community who joined together, offer oscommerce users a 100% tight business model? OVER 20 YEARS EXPERIENCE. OVER 20 YEARS EXPERIENCE ACTIVE FORUM. In the mean time see big "globalist" company rise, yet NOTHING DONE in HERE. It is not my choice to be a sheep. Is it really all for them self? Perhaps not the right topic to talk about that here. But perhaps it can be ported with a good topic argument. The power is with the people, never forget that. If we blockchain oscommerce................... nothing can get around it anymore. None of the e-commerce scripts have that goal. I should not have say this in the open, but it is the live case.
  27. cables24h

    forgot password implementation?

    You have a GOOD server and beside it, i am sure of it. Your hosting company MAINTAIN a good e-mail - server. That is the whole point. A good Hosting company what includes spamming abuse , does not have a problem with oscommerce emails. That's first. I would not rule out abuse of it. But generally... i think there's nothing to worry. Just have good hosting as first priority for your webshop.
  1. Load more activity
×