Jump to content

Philip79

Members
  • Content count

    79
  • Joined

  • Last visited

Everything posted by Philip79

  1. Philip79

    HoneyPot Captcha

    Follow-up on the cron job \admin\honeypot.php is not executing at all. This includes executing it from a browser. I even added an echo statement at the beginning of the code as an indicator that it was at least getting that far and I get nothing displayed. Could this be a security issue. Since it isn't displaying any of the echo statements it cannot be a PHP version issue. Thanks for your assistance.
  2. Philip79

    HoneyPot Captcha

    Honetpot is doing a good job so far. These are example sof the messages received: 37.120.136.172 06-05-2020: A new account was created by Georgesut GeorgesutFF.This IP has 1 violations. 185.238.104.91 06-04-2020: A new account was created by Vishivkacyhog VishivkacyhogML.This IP has 1 violations. The user names that create are usually in the above format. Now that Honeypot is installed, I do not have to execute a SQL script to identify new users accounts multiple times a day and since the messages contain the IP address I just add them to the iplist.txt file. If the IP address is for a ISP that is in Russia or the eastern European counties, I have been blocking the whole group of IP addresses associated with the one IP address as they are usually blacklisted on the CleanTalk web site. As the list of IP addresses grows in the iplist.txt file hopefully there will be fewer and fewer. The daily list of bogus created accounts is down from 10-20/day to 4 or less/day. So between the IP blocker in CPanel and the iplist.txt file, thinghs should get better. Quick question on the cron job. My hosting service set-up the cron job but I am not getting a message as expected. Was there something specific that I needed to do to cause that message to be sent when the iplist.txt file updated?
  3. Philip79

    HoneyPot Captcha

    Since putting the contribution into production I have received a total of four messages advising that new user accounts were created that had a violation. What information would you like me to send to you about the accounts to help prevent their future creation by the Russian bots? Thanks.
  4. Philip79

    HoneyPot Captcha

    In \admin\honeypot_maintenance.php there does not appear to be a way to enter an IP address as suggested by the text that is displayed: Honey Pot Maintenance Enter an IP and click submit. If the IP is in the Honey Pot tracking table, it will be removed. Please advise how this functionality is to be used? Thanks.
  5. Philip79

    HoneyPot Captcha

    FYI I did not find a setting for the Exclude First Account that is documented in the Usage.txt file. Was that option removed? Thanks.
  6. Philip79

    HoneyPot Captcha

    Thanks Jack. I used a different value for the sort order. I will be re-publishing all of the changes later today.
  7. Philip79

    HoneyPot Captcha

    However should there not be an entry in the configuration_group table?
  8. Philip79

    HoneyPot Captcha

    I executed each insert command in phphMyAdmin and I changed the configuration_group_id to a value of 17 as 16 was alreday in use. That should have caused the \admin\configuration.php to read the configuration table and display the new entries.
  9. Philip79

    HoneyPot Captcha

    Great! However I found no indication of Honeypot under Admin->Configuration so there is still something missing for that configuration screen to display.
  10. Philip79

    HoneyPot Captcha

    Thanks Jack. That instruction was not included in the contribution. Any other entries in the \admin\includes\languages\english (espanol, or german)? FYI the Usage.txt says to set the options in Administration, Modules, Header Tags.
  11. Philip79

    HoneyPot Captcha

    Jack I installed all of the changed files that include: catalog\contact_us.php, \create_account.php, \tell_a_friend.php, catalog\admin\includes\column_left.php, & catalog\admin\includes\functions\general.php, as well as all of the new files in the various folders, and all of the database changes to the configuration table. However the catalog\admin\includes\column_left.php contained entries for four other programs that are not part of this contribution. Once I deleted them I was able to at least display the Honeypot box. However the heading is displayed as " BOX_HEADING_HONEYPOT" instead of a test string that may be coming from the catalog\admin\includes\languages\english\honetpot.php file. There is no entry in Administration, Modules, Header Tags. This appears to be a separate contribution so there is no way to define the various parameters for the honeypot module. The various folders & files that are contained within the various header tags folders did not exist in my implementation of osC previously so I added them. I look forward to any suggestions you have as at this point this does not implement in osC 2.2. Thank you.
  12. Philip79

    HoneyPot Captcha

    Jack thank you for the information and the suggestion of your other contribution. You are very helpful.
  13. Philip79

    HoneyPot Captcha

    Quick question about the iplist.txt file. As I identified three weeks ago my site has been attacked by bots, mostly from Russia but also other eastern European hosting service providers, and I have collected their IP addresses from the osCommerce Who's Online functionality. I have been checking the IP addresses against the site cleantalk.org. It is easy when I find the bot creating a new account on my site and then adding the range of IP addresses to my blocked IP addressed list via CPanel. When checking against the current iplist from the link to the file that it is provided in the \catalog\admin\honeypot.php file, I do not find many of the these spam IP addresses in the file. My intent was to remove all of the blocked IP addresses and rely upon the iplist.txt file but I am concerned that there too many IP addresses that are not present in the iplist.txt file that I have identified. I appreciate any suggestions or comments that you may offer. Thank you.
  14. Philip79

    HoneyPot Captcha

    Quick question on where the two files: captcha.php & verdana.ttf to be moved to which folder? Are they at the catalog root level? Thanks.
  15. Philip79

    HoneyPot Captcha

    Jack thanks for the information. I appreciate your reply. I have already created the companion language files for the spanish, french, and german folders. Sometimes contributors do not include the code to support multiple languages, hence my question. I'm working with hosting service on the cron job. Until I get that working I will probably manually download the list using the pat in the code to update that file. My site is under constant attack by Russian bot(s). Discovered that they had created hundreds of dummy accounts since last July. I have to check repeatedly during the day for new accounts and temporarily updating my blocked IP address ranges. Mostly from Russia, Moldova, and Ukraine.
  16. Philip79

    HoneyPot Captcha

    Thank you for that message but that is not always true. I'm already in the process of performing the translations for that file and the catalog\includes\languages\english\modules\header_tags\ht_honeypot.php file as well.
  17. Philip79

    HoneyPot Captcha

    Quick question on the file \catalog\includes\languages\english\honeypot.php. Are the text constants contained in the honeypot.php file displayed to the user or only to the administrator? If they are displayed to the user/customer does this contribution support multiple languages defined in the osCommerce shop? Thank you.
  18. I want to not allow customers to pay with a check or money order if they are outside of the USA. Most of my customers know not to choose that payment option but since I just had a customer in Europe choose that payment mthod and in spite of email messages indicating not to send their payment in Euros they did just that. So I found in another thread for the credit card module the following lines of code: if($_SESSION['customer_country_id']==223) { $this->enabled = true; } else { $this->enabled = false; } so that it would be inserted into the \includes\modules\payment/moneyorder.php program after the initial lines of code: class moneyorder { var $code, $title, $description, $enabled; // class constructor function moneyorder() { global $order; $this->code = 'moneyorder'; $this->title = MODULE_PAYMENT_MONEYORDER_TEXT_TITLE; $this->description = MODULE_PAYMENT_MONEYORDER_TEXT_DESCRIPTION; $this->sort_order = MODULE_PAYMENT_MONEYORDER_SORT_ORDER; $this->enabled = ((MODULE_PAYMENT_MONEYORDER_STATUS == 'True') ? true : false); So would this be appropriate so that only customers in the USA would have this payment method display after it was selected otherwise the money order screen does not diaplay and they would be returned to the payment method sleection screen? Thanks.
  19. I have discovered the answer to my question. Thanks.
  20. In the documentation for the new PayPal App it indicates that the new App is compatible with from version 2.2RC2a and that version appears to have been released in 2008. The zip file that my store was installed from is titled oscommerce-2.2ms2-060817.zip which appears to mean that it was released August 17, 2006. So is the release that I have installed prior to v2.2RC2a? Thanks.
  21. Philip79

    paypal_ipn.php,v 2.3.4.8 Error Messages

    Thanks for the link but that it for paypal standard not paypal_ipn. It turns out that the hosting provider did not change the DNS entry when they moved my site to the new server. So I have been making the changes to the new server and the customers are still pointing to the old server. I changed the directory permissions on the /ext/ directory to 644 from 770. So perhaps that will correct the problem? I have also asked for a complete refresh of the new server and for them to hold off on the DNS entry changes until everything is working properly on the new server that I have the ip address now.
  22. In the past couple of weeks I have started receiving error messages from the paypal_ipn module with the subject of "PayPal IPN Invalid Process" and the email messages contains only the folliwng message: $_POST: $_GET: I have had this module, version 2.3.4.8, installed and workign for several years without issue. However in the past couple of weeks my hosting service moved my web site to new servers. My settings within the IPN module are: Enable Encrypted Web Payments = false Working Directory = /tmp/ OpenSSL Location = /usr/bin/openssl (this location may have changed as a result of the move to the new server but since encrypted web payments is set to false this should not be affected, correct?) On the PayPal web side I found that the Instant Payment Notification Preference had been disabled. I do not know if that was enabled before or not. I decided to enable it as the refernce books that I have on osCommerce indicate that the path for the ipn module should be recorded there = (my web site)/ext/modules/payment/paypal_ipn/ipn.php Any suggestions on why I have been receiving there error messages? Thank you.
  23. Philip79

    paypal_ipn.php,v 2.3.4.8 Error Messages

    I beleive that I discovered the problem. When the hosting compnay moved my web site to another server and drive they changed the permissions. I checked in the Troubleshooting section of the documentation for the v2.3.4.7 paypal_ipn.php and the second bullet suggested attempting to open the /ext/modules/payments/paypal_ipn/ipn.php file. I received a file not found message. So I checked the permission to the ext directory and it was not set to 644. So I changed the permissions and received a blank screen as documented. However I just received another error email message: $_POST: $_GET: Again no values present in the message.
  24. Philip79

    paypal_ipn.php,v 2.3.4.8 Error Messages

    Harald, thanks for your reply. It is actually the standard 2.3.4.7 version with a change for the character set and the currency and a few lines added for the coupons add-on. Also a couple of lines added to check if the working directory exists before opening the file in the working directory, writing data to the data.txt file and closing it (see below): if (!file_exists(MODULE_PAYMENT_PAYPAL_IPN_EWP_WORKING_DIRECTORY)) { mkdir(MODULE_PAYMENT_PAYPAL_IPN_EWP_WORKING_DIRECTORY, 0755); } paypal_ipn.php does not include any output of $_POST: so is that coming from the ipn.php module based upon the code I have reviewed this is because of tep_not_null (line #320): if (tep_not_null(MODULE_PAYMENT_PAYPAL_IPN_DEBUG_EMAIL)) { $email_body = '$_POST:' . "\n\n"; foreach ($_POST as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } $email_body .= "\n" . '$_GET:' . "\n\n"; foreach ($_GET as $key => $value) { $email_body .= $key . '=' . $value . "\n"; } tep_mail('', MODULE_PAYMENT_PAYPAL_IPN_DEBUG_EMAIL, 'PayPal IPN Invalid Process', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } However I don't see any value in the email message. Perhaps this is due the character set I used and the new servers not supporting utf-8?
  25. Thanks for the replies. I did insert a new payment/tax zone as you suggested and I had fogotten about the Details to associate the country with the new zone. Works great and no customization. Thanks also for the information about the correct value for the country for future refernce.
×