KenSO Posted March 23, 2021 Share Posted March 23, 2021 Hi All, I am getting lots of fake accounts and SPAM emails. I'm not too fussed about SPAM emails as I can deal with that easily using mail filters. What irks me is the fake accounts still coming through after installing addons and captcha. They simply don't work 100% and still need some manual management of this issue. Someone posted in an old thread that that were able to modify the create_account.php file to submit IP address to a newly added customers_ip_address" field in the customers table. Can anyone help with this please. I just need to know what file and where to add the additional value (IP address) when create_account.php is submitted. I can do the database bit myself. Any help with this issue is appreciated. I've not had to deal with such large amounts of fake accounts before now. Thanks Link to comment Share on other sites More sharing options...
sackling Posted March 23, 2021 Share Posted March 23, 2021 AFter adding a captcha I was able to fully get rid of fake accounts coming so my guess is that you don't have it setup correctly. Before that I was using a script to delete about 5-10 accounts created a day. Link to comment Share on other sites More sharing options...
KenSO Posted March 23, 2021 Author Share Posted March 23, 2021 We can all make assumptions easily but I've read lots of the threads and I'm not the only one who's had issues even after correctly installing stuff. No captcha will stop any of these 100% - simple fact. We all have to find solutions to our specific issues and that's what I'm trying to do. Link to comment Share on other sites More sharing options...
♥14steve14 Posted March 23, 2021 Share Posted March 23, 2021 There are addons to capture a persons IP address when creating an account but depending on your version they may need some work to get working correctly. Use google to search for one as the addons area search is very hit and miss. I have google recaptcha as security on my create account and contact us pages and still I get a few spam accounts so you wont stop them all. If you are using any version of Phoenix you may get better support at their new home at https://phoenixcart.org/forum/ REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
KenSO Posted March 23, 2021 Author Share Posted March 23, 2021 34 minutes ago, 14steve14 said: There are addons to capture a persons IP address when creating an account but depending on your version they may need some work to get working correctly. Use google to search for one as the addons area search is very hit and miss. I have google recaptcha as security on my create account and contact us pages and still I get a few spam accounts so you wont stop them all. If you are using any version of Phoenix you may get better support at their new home at https://phoenixcart.org/forum/ Thanks @14steve14 Yes, none of the addons will 100% stop these fake accounts and SPAM. People talk as if installing an addon is a silver bullet. I have all these and still get some fakes and SPAM hence my wanting to cpature IP addreses and block them. Now, if I knew what phoenix file does the inserts into the customers table after submitting form, then I can easily modify this. But getting this simple information does not seem to be so simple. If it were, all I'll need to is add that IP address value for it to be inserted in the database. And addon is not needed for this - just modification of the file doing the insert. Link to comment Share on other sites More sharing options...
♥14steve14 Posted March 23, 2021 Share Posted March 23, 2021 Do it how ever you like, but like I said there are free and paid for addons that will do what you want so it is possible. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
sackling Posted March 23, 2021 Share Posted March 23, 2021 Sorry, I didn't mean to be annoying I guess I was just relaying my experience which in fact did lead to the recaptcha being a silver bullet. I didn't use an addon I added it to create account pages myself and I am using the V2 checkbox with the security preference slider set to the middle. I doubt that helps you considering what you said but to record the IP I would just use something like this: https://stackoverflow.com/questions/6837655/log-user-ip-address-date-and-time And add a field to the customer table to record the IP Link to comment Share on other sites More sharing options...
KenSO Posted March 23, 2021 Author Share Posted March 23, 2021 6 minutes ago, sackling said: Sorry, I didn't mean to be annoying I guess I was just relaying my experience which in fact did lead to the recaptcha being a silver bullet. I didn't use an addon I added it to create account pages myself and I am using the V2 checkbox with the security preference slider set to the middle. I doubt that helps you considering what you said but to record the IP I would just use something like this: https://stackoverflow.com/questions/6837655/log-user-ip-address-date-and-time And add a field to the customer table to record the IP Thanks @sackling It's fine, you weren't annoying in the least. I was just saying there's a default assumption that one has not installed something correctly when this is not the case in many instances. Grabbing an IP address is small work, that's not my problem. The problem is I can't identify what file(s) does the insert of what the form collects into the database. If I knew what it was and where, I could easily modify that. I capture IP addresses for same reason on my other sites and have this intergrated into the code. But to do that, I had to at least know what files I needed to be tweaking. This is nit the case with phoenix. I'd be interested in your hack to get that v2 checkbox working with your create account page just out of interest. I believe addons are good but not always necessary or ideal when being used acroos a variety of releases and versions. Link to comment Share on other sites More sharing options...
sackling Posted March 23, 2021 Share Posted March 23, 2021 It's been a at least 6 months since I did it but I think this is all of it on create_account.php Near the top of the page within the first process action: if(isset($HTTP_POST_VARS['g-recaptcha-response'])){ $captcha=$HTTP_POST_VARS['g-recaptcha-response']; } $secretKey = "MYSECRETKEY"; // post request to server $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha); $response = file_get_contents($url); $responseKeys = json_decode($response,true); if ($error == false && $responseKeys["success"]) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, Bottom of Create account page: <div class="g-recaptcha" data-sitekey="mysitekey"></div> <div class="buttonSet"> <span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'person', null, 'loginform'); ?></span> </div> </div> </form> </div> Link to comment Share on other sites More sharing options...
KenSO Posted March 23, 2021 Author Share Posted March 23, 2021 21 minutes ago, sackling said: It's been a at least 6 months since I did it but I think this is all of it on create_account.php Near the top of the page within the first process action: if(isset($HTTP_POST_VARS['g-recaptcha-response'])){ $captcha=$HTTP_POST_VARS['g-recaptcha-response']; } $secretKey = "MYSECRETKEY"; // post request to server $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha); $response = file_get_contents($url); $responseKeys = json_decode($response,true); if ($error == false && $responseKeys["success"]) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, Bottom of Create account page: <div class="g-recaptcha" data-sitekey="mysitekey"></div> <div class="buttonSet"> <span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'person', null, 'loginform'); ?></span> </div> </div> </form> </div> Thanks @sackling The second part of code dump at the top seems to be broken: if ($error == false && $responseKeys["success"]) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, It's not closed properly, perhaps there's some bit at the end missing? The bit that goes down the bottom is fine. Link to comment Share on other sites More sharing options...
sackling Posted March 23, 2021 Share Posted March 23, 2021 Yea I cut off the rest of the code you should be able to find that part of your code or something similar to it and just add the f ($error == false && $responseKeys["success"]) Link to comment Share on other sites More sharing options...
KenSO Posted March 23, 2021 Author Share Posted March 23, 2021 26 minutes ago, sackling said: Yea I cut off the rest of the code you should be able to find that part of your code or something similar to it and just add the f ($error == false && $responseKeys["success"]) It's only the bits of your captcha intergration I was hoping to see. I can't fit parts together without seeing your create_account page so I see if it's same as mine. Please can you attach a copy without your captcha keys? Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 24, 2021 Share Posted March 24, 2021 19 hours ago, KenSO said: I have all these and still get some fakes If you truly have installed the Honey Pot addon, then you should post your settings and one of the fake accounts in its support thread. There's no reason to do what you are doing with the IP code unless the accounts being created are not fake ones, meaning created with invalid data. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
KenSO Posted March 24, 2021 Author Share Posted March 24, 2021 37 minutes ago, Jack_mcs said: If you truly have installed the Honey Pot addon, then you should post your settings and one of the fake accounts in its support thread. There's no reason to do what you are doing with the IP code unless the accounts being created are not fake ones, meaning created with invalid data. I'm rather puzzled why it's so hard to just be told where/what file the insert is done so I can make modifications as I require for my own purposes. It's very strange indeed. If as you say "unless accounts being created are not fake ones, meaning with invalid data", what would you call a firstname like xatThamamaayTTttTAA and a lastname similar to that, as well as other bits such address etc? Anyway, I'll leave this issue as I'm getting the impression a simple question is not really that simple afterall. If I want to capture and block IP addresses for making accounts with entries like that, I don't think I'm wrong. In any case it's my shop. This addons you speak about is not a silver bullet and should not be seen as so. I am not knocking the addon or trying to bruise anyone's ego but for me, the addon simply does not work. I don't have to defend my efforts to find a resolution that's not tied to this addon. Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 24, 2021 Share Posted March 24, 2021 1 hour ago, KenSO said: 'm rather puzzled why it's so hard to just be told where/what file the insert is done so I can make modifications as I require for my own purposes. One reason is because the changes needed are not common across all versions of osocommerce. Maybe you mentioned your version but I'm not seeing it. Another is that it takes time for someone to show what is needed. And a third, in my case, is that it is not needed. 1 hour ago, KenSO said: what would you call a firstname like xatThamamaayTTttTAA and a lastname similar to that, as well as other bits such address etc? Yes, that is a fake account. And Honey Pot has code to deal with it. Also, the "other bits" can make a big difference in handling the code. You are obviously stuck on making this code change as well as not even trying Honey Pot. That's fine. But if you get tired of having to handle the fake accounts manually, which you will have to do if you make the code change you want, then you really should try installing it. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥14steve14 Posted March 24, 2021 Share Posted March 24, 2021 2 hours ago, KenSO said: I'm rather puzzled why it's so hard to just be told where/what file the insert is done so I can make modifications as I require for my own purposes. It's very strange indeed. If as you say "unless accounts being created are not fake ones, meaning with invalid data", what would you call a firstname like xatThamamaayTTttTAA and a lastname similar to that, as well as other bits such address etc? Anyway, I'll leave this issue as I'm getting the impression a simple question is not really that simple afterall. If I want to capture and block IP addresses for making accounts with entries like that, I don't think I'm wrong. In any case it's my shop. This addons you speak about is not a silver bullet and should not be seen as so. I am not knocking the addon or trying to bruise anyone's ego but for me, the addon simply does not work. I don't have to defend my efforts to find a resolution that's not tied to this addon. if the way you are thinking of doing this is the best way to do it in your eyes, I cant wait to see the addon you produce. If its that good and nothing currently available is any good, then yours will be the best. Release it when its done for the benefit of other community members. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
Hotclutch Posted March 26, 2021 Share Posted March 26, 2021 What Captcha options are there in the V4 for the protection of the contact and registration forms ? @osCommerce-Official Link to comment Share on other sites More sharing options...
osCommerce-Official Posted March 27, 2021 Share Posted March 27, 2021 16 hours ago, Hotclutch said: What Captcha options are there in the V4 for the protection of the contact and registration forms ? @osCommerce-Official It uses Google reCAPTCHA Link to comment Share on other sites More sharing options...
YePix Posted March 27, 2021 Share Posted March 27, 2021 vor 4 Stunden schrieb osCommerce-Official: It uses Google reCAPTCHA Google recapcha is not recommended. This joke query can be bypassed as easily as any other program. I therefore recommend using something that really checks whether it is a human or a robot. You can test it yourself. When the message appears whether you are human, wait 3 to 5 seconds and only then click the confirmation. every time you will succeed in reaching your goal without further testing. Captscha is garbage and not seriously useful. Link to comment Share on other sites More sharing options...
osCommerce-Official Posted March 27, 2021 Share Posted March 27, 2021 9 hours ago, YePix said: Google recapcha is not recommended. This joke query can be bypassed as easily as any other program. I therefore recommend using something that really checks whether it is a human or a robot. You can test it yourself. When the message appears whether you are human, wait 3 to 5 seconds and only then click the confirmation. every time you will succeed in reaching your goal without further testing. Captscha is garbage and not seriously useful. Peter, thanks for the suggestions. Will forward this to the dev team for consideration. Link to comment Share on other sites More sharing options...
Hotclutch Posted March 28, 2021 Share Posted March 28, 2021 It would be nice if there could be a setting in ACP, one which the webmaster can either disable / change from say 24hr to some other length of time. Then the software prevents the same IP from sending contact emails / registering within that timeframe. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.