Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Philip79

Members
  • Posts

    79
  • Joined

  • Last visited

About Philip79

  • Birthday 10/25/1953

Profile Information

Recent Profile Visitors

7,243 profile views

Philip79's Achievements

  1. Follow-up on the cron job \admin\honeypot.php is not executing at all. This includes executing it from a browser. I even added an echo statement at the beginning of the code as an indicator that it was at least getting that far and I get nothing displayed. Could this be a security issue. Since it isn't displaying any of the echo statements it cannot be a PHP version issue. Thanks for your assistance.
  2. Honetpot is doing a good job so far. These are example sof the messages received: 37.120.136.172 06-05-2020: A new account was created by Georgesut GeorgesutFF.This IP has 1 violations. 185.238.104.91 06-04-2020: A new account was created by Vishivkacyhog VishivkacyhogML.This IP has 1 violations. The user names that create are usually in the above format. Now that Honeypot is installed, I do not have to execute a SQL script to identify new users accounts multiple times a day and since the messages contain the IP address I just add them to the iplist.txt file. If the IP address is for a ISP that is in Russia or the eastern European counties, I have been blocking the whole group of IP addresses associated with the one IP address as they are usually blacklisted on the CleanTalk web site. As the list of IP addresses grows in the iplist.txt file hopefully there will be fewer and fewer. The daily list of bogus created accounts is down from 10-20/day to 4 or less/day. So between the IP blocker in CPanel and the iplist.txt file, thinghs should get better. Quick question on the cron job. My hosting service set-up the cron job but I am not getting a message as expected. Was there something specific that I needed to do to cause that message to be sent when the iplist.txt file updated?
  3. Since putting the contribution into production I have received a total of four messages advising that new user accounts were created that had a violation. What information would you like me to send to you about the accounts to help prevent their future creation by the Russian bots? Thanks.
  4. In \admin\honeypot_maintenance.php there does not appear to be a way to enter an IP address as suggested by the text that is displayed: Honey Pot Maintenance Enter an IP and click submit. If the IP is in the Honey Pot tracking table, it will be removed. Please advise how this functionality is to be used? Thanks.
  5. FYI I did not find a setting for the Exclude First Account that is documented in the Usage.txt file. Was that option removed? Thanks.
  6. Thanks Jack. I used a different value for the sort order. I will be re-publishing all of the changes later today.
  7. However should there not be an entry in the configuration_group table?
  8. I executed each insert command in phphMyAdmin and I changed the configuration_group_id to a value of 17 as 16 was alreday in use. That should have caused the \admin\configuration.php to read the configuration table and display the new entries.
  9. Great! However I found no indication of Honeypot under Admin->Configuration so there is still something missing for that configuration screen to display.
  10. Thanks Jack. That instruction was not included in the contribution. Any other entries in the \admin\includes\languages\english (espanol, or german)? FYI the Usage.txt says to set the options in Administration, Modules, Header Tags.
  11. Jack I installed all of the changed files that include: catalog\contact_us.php, \create_account.php, \tell_a_friend.php, catalog\admin\includes\column_left.php, & catalog\admin\includes\functions\general.php, as well as all of the new files in the various folders, and all of the database changes to the configuration table. However the catalog\admin\includes\column_left.php contained entries for four other programs that are not part of this contribution. Once I deleted them I was able to at least display the Honeypot box. However the heading is displayed as " BOX_HEADING_HONEYPOT" instead of a test string that may be coming from the catalog\admin\includes\languages\english\honetpot.php file. There is no entry in Administration, Modules, Header Tags. This appears to be a separate contribution so there is no way to define the various parameters for the honeypot module. The various folders & files that are contained within the various header tags folders did not exist in my implementation of osC previously so I added them. I look forward to any suggestions you have as at this point this does not implement in osC 2.2. Thank you.
  12. Jack thank you for the information and the suggestion of your other contribution. You are very helpful.
  13. Quick question about the iplist.txt file. As I identified three weeks ago my site has been attacked by bots, mostly from Russia but also other eastern European hosting service providers, and I have collected their IP addresses from the osCommerce Who's Online functionality. I have been checking the IP addresses against the site cleantalk.org. It is easy when I find the bot creating a new account on my site and then adding the range of IP addresses to my blocked IP addressed list via CPanel. When checking against the current iplist from the link to the file that it is provided in the \catalog\admin\honeypot.php file, I do not find many of the these spam IP addresses in the file. My intent was to remove all of the blocked IP addresses and rely upon the iplist.txt file but I am concerned that there too many IP addresses that are not present in the iplist.txt file that I have identified. I appreciate any suggestions or comments that you may offer. Thank you.
  14. Quick question on where the two files: captcha.php & verdana.ttf to be moved to which folder? Are they at the catalog root level? Thanks.
  15. Jack thanks for the information. I appreciate your reply. I have already created the companion language files for the spanish, french, and german folders. Sometimes contributors do not include the code to support multiple languages, hence my question. I'm working with hosting service on the cron job. Until I get that working I will probably manually download the list using the pat in the code to update that file. My site is under constant attack by Russian bot(s). Discovered that they had created hundreds of dummy accounts since last July. I have to check repeatedly during the day for new accounts and temporarily updating my blocked IP address ranges. Mostly from Russia, Moldova, and Ukraine.
×
×
  • Create New...