Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HoneyPot Captcha


Jack_mcs

Recommended Posts

@KenSOMy guess is that it was installed in a newer version of oscommerce. He will need to wait for the next version of Honey Pot or purchase the Pro version, which is up-to-date for all versions. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 1 month later...

Greetings,

 

Phoenix 1.0.8.0 @PHP 7.1 and 7.4

 

Found more issues.

 

[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: DE in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: MZ in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: MZ in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: DE in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: KN in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: DE in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
[01-Jul-2021 00:06:35 Europe/Lisbon] PHP Notice:  Undefined index: DE in /xxx/xxx/xxx/xxx/administracao/includes/functions/honeypot.php on line 232
 

 

Link to comment
Share on other sites

  • 1 month later...

Hello,

I have installed Honey Pot Captch V 1.12 in phoenix 7.15. It works fine, but I still receive emails with urls in it (if I copy it to the online contact us, it is correctly rejected with an error):

Quote

Name: Josephapacy
Telefon: 89131974861
Email: [email protected]
Anfrage: Если ищешь классный сайт про авто заходи сюда https://aboutmycar.ru/

 The log tracker shows the following:

Quote

178.168.201.145 08-19-2021: Denied due to captcha.This IP has 1 violations.

How is this possible ?

best regards amaische

Link to comment
Share on other sites

3 hours ago, amaische said:

I still receive emails with urls in it

Just to be sure, are the emails coming from the contact us page? The subject line will have "enquiry..." unless you have changed it.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Then the only reason I can think of that happening is that the version of your shop can't handle the code in the latest Honey Pot. In earlier versions of Phoenix it was necessary to add the code for Honey Pot. I think your version is new enough not to need that but I've no way to tell from here. You could try making the manual changes as described in the previous versions or in this one for CE shops.

Or, you could try installing the previous version of Honey Pot just to see if that helps. If you do that, be sure to uninstall the module in your admin first and then install it again after the file changes. 

And I suggest you verify you are using php 7.4. I don't think it would cause this but it is worth changing if not.

I've installed HP into a number of versions of Phoenix, both before and after yours, and no one has ever mentioned having this problem (since V 1.11) so I have to think it is something in your installation or your server. But that is something I can determine in a support thread like this.

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 4 months later...

Greetings,

found more issues:

PHP Notice:  Undefined index: security_question in /includes/functions/honeypot.php on line 203

probably caused by:

PHP Deprecated:  The tep_session_is_registered function has been deprecated. in /includes/functions/sessions.php

 

any help apreciated coz this is causing an huge log file.

Link to comment
Share on other sites

@Owl SauronThanks for reporting the problem. A new version will be released soon. I don't recall seeing this failure while testing but I will check it before uploading it.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

A new version has been uploaded with these changes:

FREE Version:

  •  Added file locking to write .htaccess code.
  •  Changed the account verify hook to ignore missing a phone number.
  •  Changed the check for good IP's to prevent adding customers completely. Previously only create account was checked.
  •  Changed various items to prevent php notices.
  •  Corrected a few minor coding mistakes (text and logic).
  •  Moved language text in admin files to the language file.
  •  Reduced the file size limit for the log.
  •  Replaced list of valid post codes in admin with the ones from the shop side.

PRO Version:

  •  Added code to check View Counters good IP list. Pro version only. Requires View Counter.
  •  Added an option to check for numbers in the suburb field. Pro version only.
  •  Added flag indicator on the Maintenance page. Pro version only. Requires View Counter.
  •  Added code to check if the IP belongs to an existing customer before blocking. Pro version only. Requires View Counter.
  •  Added code to check if an IP is being blocked in the Maintenance section. Pro version only. Requires View Counter.
  •  Added code to block the IP shown in the maintenance section. Requires the View Counter addon to be installed.
  •  Added code to identify the country of the IP shown in the maintenance section. Requires the View Counter addon to be installed.

NOTES:

If you already have the last version of Honey Pot installed, it is not necessary to uninstall it to apply this update. Otherwise you should remove the module and then install it again after uploading the files.

The Pro version now interacts with View Counter's Pro version to better manage blocking IP's.  The two versions together greatly increases the protection offered and prevents false positives, that can occur in the free versions. Contact me for a package price for the Pro versions.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

Greetings,

 

Found new issues on this new version:

PHP Warning:  Use of undefined constant MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB - assumed 'MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB' (this will throw an Error in a future version of PHP) in /includes/functions/honeypot.php on line 70


PHP Notice:  Undefined index: security_question in /includes/functions/honeypot.php on line 210

PHP Notice:  Undefined variable: ip in /includes/functions/honeypot.php on line 608

 

Phoenix 1.0.8.0

PHP7.4

Link to comment
Share on other sites

1 hour ago, Owl Sauron said:

MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB

That is part of the Pro version so it is not defined. To fix it, in includes/functions/honeypot.php, change

    if (MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB == 'True') {

to

    if (defined('MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB') && MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB == 'True') {

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

On 2/1/2022 at 2:32 PM, Jack_mcs said:

That is part of the Pro version so it is not defined. To fix it, in includes/functions/honeypot.php, change


    if (MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB == 'True') {

to


    if (defined('MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB') && MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB == 'True') {

 

Nop.. didn´t fixed it:

PHP Warning:  Use of undefined constant MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB - assumed 'MODULE_HEADER_TAGS_HONEYPOT_BLOCK_NUMBERS_IN_SUBURB' (this will throw an Error in a future version of PHP) in /includes/functions/honeypot.php on line 70

and the other 2 are still pending fixing

Link to comment
Share on other sites

@Owl SauronIf you did not uninstall the module before uploading the new files, please try that now. You may have to restore the original files to be sure not to corrupt the database. If the errors are still there please post all of your settings here.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 4 months later...

A new version has been uploaded with these changes:

FREE Version:

  • Added an option to enable tracking to provide a way to find why the code did not catch a violation.
  • Changed code in the Maintenance section to create the table if needed.
  • Changed the default setting for the Check account option to True.
  • Changed the time to submit default setting to 4.
  • Changed the code that renamed the log file to a backup to delete the file instead.
  • Fixed a typo that prevented some fake accounts from being blocked.
  • Reduced the log file size to 30,000, which would be, roughly, about 300 entries.

PRO Version:

  • Added an option to hide customers with orders in the Check Accounts page.    
  • Added a function to check for customers if View Counter is not installed. Limited since the View Counter customer table is present.
  • Added an option to control which countries may create an account and submit emails.

Be sure to uninstall and install the module to apply the database changes.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 months later...

 A new version has been uploaded with the following changes:

FREE Version

  • Added the clear_ip_manually.sql file (in Extras) to allow clearing of an IP that blocks you from admin.
  • Added the ability to clear all blocked IP's from the maintenance section.
  • Changed the maintenance page to highlight known hackers.
  • Changed code on the contact us page to disable it when that page is not selected in the settings.
  • Changed the database file for older shops to run without having to manually edit the database.
  • Fixed bugs and layout issues with the Maintenance page in the free version.
  • Moved the check for the hidden field to occur no matter if the email allow options are enabled or not.

PRO Version:

  • Added an option to allow Honey Pot to work on the checkout confirmation page.
  • Added an option in the Maintenance section to delete all verified hackers in one click.
  • Added code to record the customers IP in the customers account when it is created and to show the IP in the customers account.

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

HoneyPot_V_1.15

In the file includes/honeypot/modules/honeypot_display.php

This code gives me an error at the end is missing  '

      $str .= '<div class="form-group row">
                       <label for="captchaAnswer" class="control-label col-sm-3">' . $heading . '</label>
                       <div class="col-sm-1"' .$style_width . '> 
                         <img src="captcha.php" id="security_question" alt="Captcha Image" style="vertical-align:top;">                 
                       </div>
                       <div class="' . $class_col . '">' .
                         tep_draw_input_field("security_answer", NULL, "required aria-required=\"true\" id=\"captchaAnswer\"") .
                       </div>
                     </div>';   

replace

        $str .= '<div class="form-group row">
                       <label for="captchaAnswer" class="control-label col-sm-3">' . $heading . '</label>
                       <div class="col-sm-1"' .$style_width . '> 
                         <img src="captcha.php" id="security_question" alt="Captcha Image" style="vertical-align:top;">                 
                       </div>
                       <div class="' . $class_col . '">' .
                         tep_draw_input_field("security_answer", NULL, "required aria-required=\"true\" id=\"captchaAnswer\"") .
                       '</div>
                     </div>';

 

I get the same error the image is not created.

https://srmarihuano.es/create_account.php

Link to comment
Share on other sites

4 hours ago, patrocine said:

This code gives me an error at the end is missing  '

Thanks for posting this. I was not aware of it.

Regarding the image, the page is failing to load correctly because the code is trying to load css from a non-secure link. It may not be the cause of the captcha problem but you need to fix the obvious first.

Also, even though captcha isn't working at the moment the other parts of Honey Pot should be so I suggest you still enable the other settings which should help.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 1 year later...

A new version has been uploaded with these changes:

FREE Version:

  • Added code to the Honey Pot pages in admin to create the database, if needed.
  • Added pre-defined pages to the shop side for those sites where the pages are not recorded in admin.
  • Added an option to automatically block known hackers.
  • Added debug tracking code to allow seeing why an IP was, or was not, blocked.
  • Added the honeypot_access table to properly monitor last access times.
  • Added the honeypot_sessions table to track customers instead of using the session ID since that can fail if Cloudflare is used.
  • Added code to skip recording IPv6 IP's.
  • Changed the IP List cron script to work with changes at myip.ms.
  • Corrected code mistake when checking existing customers.

PRO Version:

  • Added an option to block, or not block, customers based on if they have an account and/or orders.
  • Added code to the fake account page to search for specific customers.
  • Added code to the fake Account page in admin to check for non-numeric phone numbers.

 

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 1 month later...

Hi Jack,

I just got Honey Pot V1.13 installed for my MS2. When I set the "Show Captcha" to "Numbers" or "Image" for testing, on the contact_us page, I found the captcha did not show up above the input field, that would mean there is no numbers or image to verify by input any number into the field below the captcha. Also, even I set the "Show Captch" to "None", the spamming emails still come like crazy.  I have no idea what I have done wrong. Can you help with that?

Thanks.

Link to comment
Share on other sites

12 hours ago, Evinrude9.5 said:

I just got Honey Pot V1.13 installed for my MS2.

The latest version is 1.16. You can download it from here.

Captcha may not work for MS2. It depends on the php version being used and what is compiled in it. I suggest leaving it off until the addon is working and then trying it.

The new version uses calls to mysqli. If your php version doesn't have that compiled into it, you will either need your host to do that or replace all instances of mysqli with mysql in the Honey Pot files. You can see if it is enabled in admin->Tools->Server Info by searching for mysqli.

After making the above changes, set the allow email addresses in the settings to false. Then go to your contact us page and try to send an email with an email address in it. If it fails, the Honey Pot should be working. If the email is sent, enable the debug option in the settings and try it again. Then look at the Honey Pot debug log file in the includes directory to see if it indicates a problem. If it doesn't make sense to you, please post it here and I will take a look at it.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Hi Jack, Thanks for your lightning response. My shop is an old MS2, but the server has been changed to PHP 5.6.40 and the database is using mysql 5.7.44. After installation of V1.13, there is no php notice or errors popping up. I thought the captcha did not show up may be caused by verdana.ttf or my server contains no fonts for captcha.php to withdraw something like that.... I will dig in deeper to see if anything could be found. Thanks again anyways and happy new year!

Link to comment
Share on other sites

12 minutes ago, Evinrude9.5 said:

my server contains no fonts for captcha.php to withdraw something like that

The code uses its own font file so it doesn't matter what is included in your server. But don't waste your time trying to get it to work with version 1.13. Even if you do, there are bugs and options missing in that version that will prevent it from working correctly. 

So you should try version 1.16 first. I forgot to mention to be sure to remove the Honey Pot settings in the database before installing the update. You can do that with the included database script. And I don't suggest spending a lot of time on captcha. It is usually not needed to stop spam emails and fake accounts.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

MysqlI Support enabled
Client API library version 5.7.44
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Client API header version 5.7.40
MYSQLI_SOCKET /var/lib/mysql/mysql.sock
Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off
mysqli.rollback_on_cached_plink Off

Off

Link to comment
Share on other sites

5 hours ago, Jack_mcs said:

The code uses its own font file so it doesn't matter what is included in your server. But don't waste your time trying to get it to work with version 1.13. Even if you do, there are bugs and options missing in that version that will prevent it from working correctly. 

So you should try version 1.16 first. I forgot to mention to be sure to remove the Honey Pot settings in the database before installing the update. You can do that with the included database script. And I don't suggest spending a lot of time on captcha. It is usually not needed to stop spam emails and fake accounts.

Hi Jack,

I have installed V1.16. the captcha was still not showing, but as you said that was not important, so I leave it alone for now. however, when I tested the create_account page, the following error was showing:

1146 - Table 'esee8231_shtml.honeypot_sessions' doesn't exist

delete from honeypot_sessions where session_id = 'h965o1pojdrcf15utbsurs3c64'

i did check the table in my database and the script of "honeypot_database_changes.php" and did not find a table of honeypot_sessions was inserted.

Can you find me a shortcut to get through that?

Thanks.
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...