Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HoneyPot Captcha


Jack_mcs

Recommended Posts

@Philip79

Without knowing anything about this add-on, if there is a file in /includes/languages/english/xxxx.php, than it stands to reason that if your shop supports multiple languages, you would add a similar file in /includes/languages/<your other language>/xxxx.php

M

Link to comment
Share on other sites

Thank you for that message but that is not always true.  I'm already in the process of performing the translations for that file and the catalog\includes\languages\english\modules\header_tags\ht_honeypot.php file as well.

Link to comment
Share on other sites

4 hours ago, Philip79 said:

Are the text constants contained in the honeypot.php file displayed to the user or only to the administrator?

None of the defines with "violation" in them are shown to the customers. The others are. As @ArtcoIncmentioned, you need to create a copy of the english files for whatever language you have.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Jack thanks for the information.  I appreciate your reply.  I have already created the companion language files for the spanish, french, and german folders.  Sometimes contributors do not include the code to support multiple languages, hence my question.  I'm working with hosting service on the cron job.  Until I get that working I will probably manually download the list using the pat in the code to update that file.  My site is under constant attack by Russian bot(s).  Discovered that they had created hundreds of dummy accounts since last July.  I have to check repeatedly during the day for new accounts and temporarily updating my blocked IP address ranges.  Mostly from Russia, Moldova, and Ukraine.

Link to comment
Share on other sites

@Philip79I think Honey Pot will stop all of those but if any get through, please post the detail here so I can see how they were missed.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Quick question about the iplist.txt file.  As I identified three weeks ago my site has been attacked by bots, mostly from Russia but also other eastern European hosting service providers, and I have collected their IP addresses from the osCommerce Who's Online functionality.  I have been checking the IP addresses against the site cleantalk.org.  It is easy when I find the bot creating a new account on my site and then adding the range of IP addresses to my blocked IP addressed list via CPanel.  When checking against the current iplist from the link to the file that it is provided in the \catalog\admin\honeypot.php file, I do not find many of the these spam IP addresses in the file.  My intent was to remove all of the blocked IP addresses and rely upon the iplist.txt file but I am concerned that there too many IP addresses that are not present in the iplist.txt file that I have identified.  I appreciate any suggestions or comments that you may offer.  Thank you.

Link to comment
Share on other sites

@Philip79The IP's in the iplist file are obtained from myip.ms. They have a free list of known bad IP's. But they only supply recent ones so you have to run the cron job in HP to keep the iplist updated. I've no way to judge how the list compares to cleantalk. It might be that their list of IP's is far more inclusive but theirs is a paid service so it is not included in HP. You can manually add the IP's to the iplist file if you want. The cron job adds to the list so entries in it won't be deleted.

But, to be clear, HP is meant to stop fake accounts from being created and to stop spam emails sent from the shop. When you say your site has been attacked, if you mean the IP's are doing something else, like scraping data, then I suggest you install View Counter since blocking attacks is its main purpose.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

Jack I installed all of the changed files that include:  catalog\contact_us.php, \create_account.php, \tell_a_friend.php, catalog\admin\includes\column_left.php, & catalog\admin\includes\functions\general.php, as well as all of the new files in the various folders, and all of the database changes to the configuration table.  However the catalog\admin\includes\column_left.php contained entries for four other programs that are not part of this contribution.  Once I deleted them I was able to at least display the Honeypot box.  However the heading is displayed as " BOX_HEADING_HONEYPOT" instead of a test string that may be coming from the catalog\admin\includes\languages\english\honetpot.php file.  There is  no entry in Administration, Modules, Header Tags.  This appears to be a separate contribution so there is no way to define the various parameters for the honeypot module.  The various folders & files that are contained within the various header tags folders did not exist in my implementation of osC previously so I added them.  I look forward to any suggestions you have as at this point this does not implement in osC 2.2. Thank you.

Link to comment
Share on other sites

The BOX_HEADING_HONEYPOT is defined in the admin's english.php file, or whichever language you are using. You don't mention changing that so I'm guessing that is the problem. As for the settings, they are in admin->Configuration->Honey Pot.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thanks Jack.  That instruction was not included in the contribution.  Any other entries in the \admin\includes\languages\english (espanol, or german)?  FYI the Usage.txt says to set the options in Administration, Modules, Header Tags.

Link to comment
Share on other sites

@Philip79I just checked and the instructions for an MS2 shop don't mention that location. I will change the text in the usage file in the next version to mention it there..

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

3 hours ago, Philip79 said:

However I found no indication of Honeypot under Admin->Configuration so there is still something missing for that configuration screen to display.

Did you run the database install script? If you did, did you change the ID as mentioned in the instructions?

Edited by Jack_mcs

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I executed each insert command in phphMyAdmin and I changed the configuration_group_id to a value of 17 as 16 was alreday in use.  That should have caused the \admin\configuration.php to read the configuration table and display the new entries.

Link to comment
Share on other sites

If you are not seeing them in admin->Configuration, then you will need to look at the configuration_group and configuration tables in the database to see what went wrong.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Yes, there should be.  I can see I never included that part. Run this command to add it after changing the group ID to whichever number you are using. I do apologize for the problems this caused you.

INSERT INTO `configuration_group` (`configuration_group_id`, `configuration_group_title`, `configuration_group_description`, `sort_order`, `visible`) VALUES ('16', 'Honey Pot', 'Settings for Honey Pot', '20', '1')

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

In \admin\honeypot_maintenance.php there does not appear to be a way to enter an IP address as suggested by the text that is displayed:

Honey Pot Maintenance pixel_trans.gif

Enter an IP and click submit. If the IP is in the Honey Pot tracking table, it will be removed.

 

Please advise how this functionality is to be used?  Thanks.

 

Link to comment
Share on other sites

7 hours ago, Philip79 said:

FYI I did not find a setting for the Exclude First Account that is documented in the Usage.txt file.  Was that option removed?

It's in option in the Pro version not in the free one. See here.

Edited by Jack_mcs

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

6 hours ago, Philip79 said:

In \admin\honeypot_maintenance.php there does not appear to be a way to enter an IP address

You should see a delete box and a submit button below that text.  If you don't, do you see the log entries below it? If you don't see anything after that text, then there is a fatal error on the page and you would need to look at the error log to see what it is.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...