Jump to content


  • Content count

  • Joined

  • Last visited

Posts posted by ericksaint

  1. I haven't installed the newest, just saw it available this morning. I'll try to get it updated over the weekend. 

    It just did it again. Any switch in the settings to temporarily turn this particular function off? 

    Edit: I just set the "bad bot" switch to email only not both. Hopefully that will stop the site from getting knocked down all day. Until I can get this update installed. 

  2. So this had happened once before a while back, and I chalked it up as a fluke, now it's happened twice in the last 24 hours. When I recieve the email that says specifically about the url being altered, the site breaks. I end up with a server 500 error because the add on tries to add the ip to the htaccess, but it never adds the actual number, it just adds "deny from" at the bottom of the list. It's an easy quick fix because I know when I get that email I need to go in and check/fix the htaccess file. 

    Was this covered in this thread and I missed it? Is this the fix included above about adding the check in the newest version? 

    "The IP attempted to alter the url in a way that is consistent with hacking attempts.

    ******* This IP should be banned *******.

    Click this url, http://www.projecthoneypot.org/ip_87.238.193.48, to find out more information about this IP." 

  3. I installed this add on and have fixed a few bugs from other posts in this thread. Mostly seems to be running fine now. Any ideas why I wouldn't be seeing a single trace of admin activity from my own IP? I am obviously logged into admin but it's not showing any of my clicks around the admin panel in the monitor when I have "Show: Admin" selected. I didn't see any place to ad specific admin IP, thought it picked it up when that IP logs in to the admin panel. There is also an htpassword protection on that admin link as well, if that matters.

  4. Sorry, I'm not getting reply notification emails from this thread for some reason. I was able to get a recaptcha add on working and it has solved the immediate problem.

    The reason I was asking about the person creating an account is because to stop the fake accounts I literally broke the create account page by renaming it to create_account.BAK and turning off the new user module, and somehow he still created an account and placed an order. If I went to the page it gave a 404 error,  rightfully so because technically the page didn't exist, so not sure how he was able to create an account.

    I'll go trough the included files and do a compare when I have some more time to put towards the problem. Thanks for the help that you gave, it at least tells me where to look for a solution.

  5. I'm about to admit defeat. I admittedly don't know much about PHP, and just help a guy that knows nothing, by copy and pasting repairs and adding modules for him as needed.

    The module has been installed in header tags since I installed and got it working for the contact us page. Create account page is selected from the list in that module. I have tried adding the above script code in multiple places within the file,top of the code, bottom of the code, including above and below the changed line that adds the validateMyForm, inside the honeypot containers of the code added above buttonSet. 

    As soon as I change the file from .BAK back to .php the site starts getting hammered with fake accounts again. I can't turn it back on again for long enough to test it myself, if I refresh the admin page I see all the new accounts within minutes. I can see them hitting it in the server logs too while that file extension is changed, but it returns an error because the file doesn't exist. I have banned about 20 ranges of IP's but since there are literally millions of those it's unreasonable and I cant even stay on top of it.

    I might just have to try find a "I'm not a robot" module and get it installed, gotta be better than whats happening now. I wanted to try this because it seemed like a better solution,  but it has me defeated. And oddly enough, even with the new user module turned off, and the create account misnamed, some guy from Switzerland was able to create an account yesterday and place an order. How can that happen? Guest ordering is off. If you add something to the cart, the way it is now with new user turned off, it asks you to login. You don't need to have an account to checkout through paypal but I don't think  it can create an account that way. Is there some kind of back door, or something I don't have turned on/off.


  6. I swapped in the code above and the form works now, but when I swap in the "verify" code, I can still create test accounts. If i switch the display value to inline I can see the box with "some text" in it, but still lets me make accounts. :(

    <input type="text" name="honeypot" value="some text" id="honeypot" />


  7. Thanks! I'll give it a shot. They are definitely using a script there were a few hundreds added in minutes until I blocked the first offending IP, then they came back with another IP a few days later.

    I'm guessing I still need to keep the code above the "buttonSet" correct?

  8. I added this to contact_us and it seems to be working. I'm trying to add this to create_account and I'm missing something. 

    I tried changing ...

    <?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onsubmit="return check_form(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?>


    <?php //BEGIN HONEYPOT ?>
    <?php echo tep_draw_form('create_account', tep_href_link('create_account.php', 'action=send'), 'post', ' onsubmit="return validateMyForm();" class="form-horizontal"', true); ?>
    <?php //END HONEYPOT ?>

    What am I missing? Store version is 2.3.4. It's clearly not the same type of change as the contact form. I'm obviously not great with php, but just trying to help a friend that is getting hammered with thousands of new fake accounts a day. Currently I have the page set as a BAK file instead of php so they cant get it. I was able to ban a few cullprit IP's that I found in the log and slow it down, but there were still random fakes coming in until I changed the file extension.

    Any help would be greatly appreciated.

    Edited to add. I did put this code in place, but even after changing the line verify it was working or not, I was still able to create test accounts.

      <div class="buttonSet">
      <?php //BEGIN HONEYPOT ?>
      <div style="display:none;">
        <label>Keep this field blank</label>
        <input type="text" name="honeypot" id="honeypot" />
      <?php //END HONEYPOT ?>