cables24h

At the end.............. You go figure it all have to do with it. That you are doing THAT ( so what you do). There is much room open for many others to tackle that. To goal is to prevent. To monitor ( what means storing form $_POSTS................ mwaaaaaaaaaaa , i think that is a most unwanted subject of the cause). At the end............ if it is HoneyPot, a GUARDIAN SYSTEM, or google reCaptchaV2 or google reCaptchaV3 ( you tried v3?). osCommerce users simply do not like to be spammed. If put that first and can agree on that. That would might be a step forward for the whole community.

You figured it.......... good someone sees it.

Sorry................ i cannot . Let me trow up an idea and let YOU and the rest either give it a go... or reject it by good argumentation. We use in oscommerce for all links: - tep_href_link What if use for the above listed pages: - tep_gen_href_link ( where _gen means: Generated link) So if DIRECTLY goto contact_us.php and there is no KEY provided that matches. You already know it is a bot. Give it a thought. I not say it go cover all problems. Now i really stop.

Let me go back to what i was actual saying... get rid of a static page like: - create_account.php - contact_us.php - tell_a_friend.php - product_reviews_write.php These are the pages targeted by bots. These are the least interesting pages to show up in search engines. And when eliminate these, it "perhaps" prevent most of the BOTS. For sure , any protection could benefit your store. But i think it is better to look at the root of the problem. By given advice, i step out of this conversation.

I not want to be a game breaker here. But for the address part, google seemed to took care of it as well. Google: Autocomplete Address Form I just want to point out that most of the problems are covered in so much ways and by so much people and company who offer solutions. I perhaps stirred the pot a little here. But i think in the end it the discussion was worth it. I definitely noticed that what i mentioned gave some second thoughts. Nothing of what i Sayed was to hurt anyone in one way or the other, or try to let them look bad. I think with what i told, opened doors to other views. There is a real difference in running a shop or a forum or a blog. I understand , the quicker the process, no burdens in registration etc, could make the purchase of an item quicker. But it is good to talk about it, and even more........... to listen what the other say or try to understand I excuse to anyone who felt or thought i was or that i am a disturbing factor.

No need to Noodle. What is say is right. Your DB MIGHT be flood. Who cares if it is a legit user or not. He never buy anything. Remove them from DB, no need of them. Even the "legit ones"............. they not buy. Useless. Drop them. A serious problem is the "contact_us.php" for a SHOP OWNER. That is kind of pages should be somehow be protected. Anyway.............. for me it does not matter. There are authentication systems available. It is UP to the shop-owner if want to implement them or not. for me it is all a bias........... a CRAP. There is nothing against it. No reCaptcha No HoneyPot Just an attempt. And all fall back to trustworthy customers/clients. Kind of an old grocery shop in the old day's. Stupid to think the internet can cover criminals.

Is it not here where it all starts from? As soon when fill the form, osCommerce instantly log you IN. Right? you can put anything you want in the registation and it it is accepted. WORSE........... you are instantly logged.......... right? Do not blame me here as the MESSENGER. Funny stuff here is................... In the end you only require: Email: "put your email here" Password: "put you password here" As an addition: Password confirmation: "Re-type your password here" That is ALL what THIS form SAY. All the rest is CRAP, oscommerce NOT need it................. yeah it does..................... when checkout. Why it not ASK WHEN............. yet osCommerce prefer the "pre-fill" the forms given on registration. Let us open the discussion for it. It give so much room/space for so much. - registation procedure - spam/honypot/reCpatcha options. This is SERIOUS TALKS. As a shop owner ........... you DO NOT NEED all the stuff inserted when a shop-user register. You ONLY need it when that person makes a REAL purchase. You SHOULD NOT CARE for the ones who register. CARE FOR THE ONE WHO BUY!!!!!!!!!!!!!!!!!!!! They put $$$$$$$$$$$$ income. The hell who flood your DB................. easy to remove them based on criteria. The obvious here is you let spammers access your domain. the good guys have access to whatever you allow them to. Why allow someone who NEVER bought anything from you, gain access to anything that refers to a posting.. - reviews? That is first check mark. For the "contact_us" section.................. i think that is something you have to live with it as a shop-owner. Funny thing is............. Nothing of it affect your customer........ just you. Nothing came in your mind................ that it is kind of part of the deal and you have to handle it? I just try to figure............... sure if can prevent. Just seems there is no absolution in it. it is a fight with no ending. to much effort into something not important. Just let it go.............. No POT can stop it. Better to login with just an E-mail and Password to osCommerce. All the rest is detail. And as a shop-owner............. it all comes down to a live purchase. That is what matter to a shop-owner.

Stupid argumentation You not VERIFY anything. The address of the user is not verified. for THAT NO legitimacy is conserved during the register process. ( this could be blamed to osCommerce itself or to module makers who chosen to cover this kind of failure) Not a legit resource to start with.

Here there is a compromise. Now it is the job to put it in oscommerce with a click and GO. reCaptcha is there. HoneyPot is there. How can put in in osCommerce without change a single line of core code? What is need to allow BOTH kind of protection into osCommerce and keep EACH as an individual module, still............ somehow..... ( not osCommerces problem), work together. All the others seem to manage THAT. Just NOT osCommerce.................. how is that?

So much lost souls (here). Completely out of reality. I wait for the first person saying using the internet affect global warming. It might not be said here............. i not doubt it is mentioned somewhere else. It might just go take some ............. To who i talking? The mixture of just some peep who own a shop.......... a mixture of someone who is just likes coding? ( for sure talented in some way) But their is a real lack of thinking going on here............ Their are billion worth company's DOING what is been discussed here. I think should now your position in it. my 5cents for today. ( hey........... i do not have to bring good news)

The internet is not SWEDEN ( it is a lost continent already btw)

Why people who using the code, post it is override? How is that happen? The technique is known by the bots. So are the pages where they fire on. There is the real prob, it is an invitation. Keep in mind.......... i RESPECT the effort. But when a company like google that have millions to spend............. Let it go in your mind. I not say ,one cannot be unique. Let i go be honest, i spend years with these kind of user cases. At the end it is how wide you want to open your website. If a shop/website focus purely on registration, it is the only page to focus on. If a shop "open" a page like "contact_us.php" or "tell_a_friend.php" , or any form that open doors for spam, it should be taken in considiration a potential security risk. It is MUCH MUCH easier to GRANT access to these type of forms when the user is actually is registered. Like i say.......... it is an open invitation. Do they register? Do they use the contact forms? "Bing", "Google". "etc".......... Seriously? Your own server???????????? You kidding me? The WHOLE thing here is about WHO you ALLOW to POST. That's it, nothing more, nothing less. Whatever security you put. If the one is not listed, he's able to post. If you mark them, their changes for a second time is reduced. That's the whole concept. Still i not got answer: What is the complain? Do they complain about your security measures? So............ you want to secure. If you secure ( for them and you), you get complaining. You could say to them it is for both interests.........no? The whole world already figure that "the Internet" is not a save Haven. What kind of conservative minds still believe that? Naive. Not for a reason the "BIG" guys use 2 or even 3- way authentication systems. - first IP - second DEVICE, bound in some cases - 3th , fingerprint, facial recognition. These are the ultimate security measures, and wow.................. now there's a HoneyPot ( this is old age security, it just not going to work). Again............. i RESPECT the effort. Just let it go. But i like the trust worthy peep. Even the ones who code for these. But at the end it is all BS. Sorry to be that harsh. 99% of oscommerce "FAKE" user registrations can be eliminated just by a simple "account registration confirmation email". osCommerce currently INSTANT activates your account , once register.. Could that not solve many of the problems? Just thinking .............. Let me know!

Put a list what they complain about. I am curious. No i not. You just register who logs. It is a stupid concept. It is already proven they go around of it. They detect it. Why not join blacklist program with this honeypot? For me it is a crap......... sorry. I respect the effort. But you see hackers/script kiddy's still able to go around of it. That is why i say......... it not work. It is not that you are under attack, but when. I yield here................ i might someday come up with something. But for now.............. better ask why someone choose your website to "spam". I think there it starts and where it should end. The aswer is simple........... The option is given. How a bot going to know: https://somesite.com/pageid=rtuui9eutuie987598759500w3409q208i3oeuwjudjfiuieufuiijufijrij4f That is to register? Never going to happen. Your page for google not care. To them you can give the correct url (SEF) and it will be listed as it. The bot KNOW where to look for. - register(.php,NET) - login(.php.NET, *whatever extension) It is all blablabla............. it is just a script what looks for stuff. Common................. do i really need to explain all this? If 3 times crawled a website on server side and NOT know what BOT it is.................. it should already be blacklisted. HECK........... first time should be enough. I rest my case here. I might go for a GUARDIAN First i block country i never would sell to anyway. Then i check a blacklist of ip's what is shared worldwide. And then i might go protect my forms.

Perhaps should list why you are attacked. If something in your website reference to something like "osCommerce". You are simply on the list of the attacker. That's all. Static pages "login.php"/"register.php"/"contact_us.php"/"account.php" these are first to attack.

one question to the dev's and users. Does google's reCaptchaV2 or even reCaptchaV3 not prevent current registration issue's, or contact_us? Use it, does not prevent you from storing milancious [ sorry for not phrase the word correctly] users/ip's. Honeypot concepts are outdated and widely covered in reCaptcha. What is the extra? I just wonder.