Jump to content
Latest News: (loading..)

ericksaint

Members
  • Content count

    12
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. ericksaint

    View Counter

    I haven't installed the newest, just saw it available this morning. I'll try to get it updated over the weekend. It just did it again. Any switch in the settings to temporarily turn this particular function off? Edit: I just set the "bad bot" switch to email only not both. Hopefully that will stop the site from getting knocked down all day. Until I can get this update installed.
  2. ericksaint

    View Counter

    So this had happened once before a while back, and I chalked it up as a fluke, now it's happened twice in the last 24 hours. When I recieve the email that says specifically about the url being altered, the site breaks. I end up with a server 500 error because the add on tries to add the ip to the htaccess, but it never adds the actual number, it just adds "deny from" at the bottom of the list. It's an easy quick fix because I know when I get that email I need to go in and check/fix the htaccess file. Was this covered in this thread and I missed it? Is this the fix included above about adding the check in the newest version? "The IP 87.238.193.48 attempted to alter the url in a way that is consistent with hacking attempts.******* This IP should be banned *******.Click this url, http://www.projecthoneypot.org/ip_87.238.193.48, to find out more information about this IP."
  3. ericksaint

    Protecting image directory

    The error went away after I applied this fix, from the VC support thread, in the "Unserialize" portion of the file. The osC version is 2.3.4, sorry I'm not sure what "oho" means.
  4. ericksaint

    View Counter

    I installed this add on and have fixed a few bugs from other posts in this thread. Mostly seems to be running fine now. Any ideas why I wouldn't be seeing a single trace of admin activity from my own IP? I am obviously logged into admin but it's not showing any of my clicks around the admin panel in the monitor when I have "Show: Admin" selected. I didn't see any place to ad specific admin IP, thought it picked it up when that IP logs in to the admin panel. There is also an htpassword protection on that admin link as well, if that matters.
  5. ericksaint

    Protecting image directory

    I have not blocked anything specific at this point, like above, in .htaccess. It gave a couple warnings about the increased traffic over about 3 days, from what I'm told, then ended up with the block. I just watch over the "code" part of the site for a friend. I don't get emails from his host. I just have access to the host server side interface and admin panels so I can help try to fix things when they go awry. I'm the "friend that knows about computers" if you will.
  6. ericksaint

    Protecting image directory

    I actually did install View Counter last night after posting this. I just went into the monitor to see what was happening over the night time hours. When I click on the "next page" button at the bottom right I get the following. The only change I made to the settings was to show 50 lines per page instead of the default. I'm pretty sure the name and email in the error are fake, trying to track it down now. Fatal error: Uncaught exception 'Exception' with message 'invalid data, remaining: :"navigationHistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:14:"contact_us.php";s:4:"mode";s:6:"NONSSL";s:3:"get";a:1:{s:6:"action";s:4:"send";}s:4:"post";a:6:{s:6:"formid";s:32:"92046e082f1021b3d5689f048baa0ff4";s:4:"name";s:12:"VincentJeant";s:5:"email";s:18:"akkucz9494@mail.ru";s:7:"enquiry";s:113:"????????? ???????????? ?????? ????? <a href=http://495realty.ru/>495realty.ru</a>";s:20:"g-recaptcha-response";s:0:"";s:6:"submit";s:0:"";}}}s:8:"snapshot";a:0:{}}' in /home/XXXXXXXXXXXX/includes/functions/view_counter.php:1727 Stack trace: #0 /home/XXXXXXXXXXXX/includes/functions/view_counter.php(1325): UnserializeSession('sessiontoken|s:...') #1 /home/XXXXXXXXXXXX/view_counter.php(679): ShowCart('84fcdf65122c221...', 459, '') #2 {main} thrown in /home/XXXXXXXXXXXX/includes/functions/view_counter.php on line 1727
  7. ericksaint

    Protecting image directory

    Recently the site I watch over for a friend had a sudden traffic spike that led to his host shutting down his site for being over traffic. Never had a traffic problem once before in 10 years. Logs look like it's bots are just constantly downloading the entire image directory. Is there any way to protect this folder so the images can't be downloaded, but they can still be accessed when people click on the item in the store? I've tried blocking IP's through the server, but they just come back with other IP's.
  8. ericksaint

    HoneyPot Captcha

    Sorry, I'm not getting reply notification emails from this thread for some reason. I was able to get a recaptcha add on working and it has solved the immediate problem. The reason I was asking about the person creating an account is because to stop the fake accounts I literally broke the create account page by renaming it to create_account.BAK and turning off the new user module, and somehow he still created an account and placed an order. If I went to the page it gave a 404 error, rightfully so because technically the page didn't exist, so not sure how he was able to create an account. I'll go trough the included files and do a compare when I have some more time to put towards the problem. Thanks for the help that you gave, it at least tells me where to look for a solution.
  9. ericksaint

    HoneyPot Captcha

    I'm about to admit defeat. I admittedly don't know much about PHP, and just help a guy that knows nothing, by copy and pasting repairs and adding modules for him as needed. The module has been installed in header tags since I installed and got it working for the contact us page. Create account page is selected from the list in that module. I have tried adding the above script code in multiple places within the file,top of the code, bottom of the code, including above and below the changed line that adds the validateMyForm, inside the honeypot containers of the code added above buttonSet. As soon as I change the file from .BAK back to .php the site starts getting hammered with fake accounts again. I can't turn it back on again for long enough to test it myself, if I refresh the admin page I see all the new accounts within minutes. I can see them hitting it in the server logs too while that file extension is changed, but it returns an error because the file doesn't exist. I have banned about 20 ranges of IP's but since there are literally millions of those it's unreasonable and I cant even stay on top of it. I might just have to try find a "I'm not a robot" module and get it installed, gotta be better than whats happening now. I wanted to try this because it seemed like a better solution, but it has me defeated. And oddly enough, even with the new user module turned off, and the create account misnamed, some guy from Switzerland was able to create an account yesterday and place an order. How can that happen? Guest ordering is off. If you add something to the cart, the way it is now with new user turned off, it asks you to login. You don't need to have an account to checkout through paypal but I don't think it can create an account that way. Is there some kind of back door, or something I don't have turned on/off.
  10. ericksaint

    HoneyPot Captcha

    I swapped in the code above and the form works now, but when I swap in the "verify" code, I can still create test accounts. If i switch the display value to inline I can see the box with "some text" in it, but still lets me make accounts. :( <input type="text" name="honeypot" value="some text" id="honeypot" />
  11. ericksaint

    HoneyPot Captcha

    Thanks! I'll give it a shot. They are definitely using a script there were a few hundreds added in minutes until I blocked the first offending IP, then they came back with another IP a few days later. I'm guessing I still need to keep the code above the "buttonSet" correct?
  12. ericksaint

    HoneyPot Captcha

    I added this to contact_us and it seems to be working. I'm trying to add this to create_account and I'm missing something. I tried changing ... <?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onsubmit="return check_form(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?> to... <?php //BEGIN HONEYPOT ?> <?php echo tep_draw_form('create_account', tep_href_link('create_account.php', 'action=send'), 'post', ' onsubmit="return validateMyForm();" class="form-horizontal"', true); ?> <?php //END HONEYPOT ?> What am I missing? Store version is 2.3.4. It's clearly not the same type of change as the contact form. I'm obviously not great with php, but just trying to help a friend that is getting hammered with thousands of new fake accounts a day. Currently I have the page set as a BAK file instead of php so they cant get it. I was able to ban a few cullprit IP's that I found in the log and slow it down, but there were still random fakes coming in until I changed the file extension. Any help would be greatly appreciated. Edited to add. I did put this code in place, but even after changing the line verify it was working or not, I was still able to create test accounts. FIND: <div class="buttonSet"> ADD ABOVE IT: <?php //BEGIN HONEYPOT ?> <div style="display:none;"> <label>Keep this field blank</label> <input type="text" name="honeypot" id="honeypot" /> </div> <?php //END HONEYPOT ?>
×