That doesn't prevent fake account registrations from spambots, though these fake customers won't be able to do much if there are to be approved by the site admin.Enable Approve New Customers to avoid spams
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
single Site Pages, famous MaxD has a Testsite, where several Pages are tested at once,
and despite of my 67.985KB Site ROOT .htaccess file by now, plus the 6.271KB OC Shop
.htaccess file, it has no measurable impact on overall OpenCart Performance, if everything
else works as is should and could.
https://speed.devs.mx/
But it at least keeps me free of many intruders, trying to give me a hard time. And 'specific'
hacker-routines are also beeing listed, and then rerouted/redirected by the fine 301-redirect Mod,
to send those fellows to Las-Vegas, or some other nice Place, glad, to be linked for free ! One day, I
probably get a free Ticket in return to some nice Vegas Hotel and some Show ....
It's long, since I visited it yearly, to attend the Consumer-Electronics Show, but that's many Moon's
since, and I'm sure, a lot of it changed ...
Ernie
---
It's a long way from here to Vancouver ....
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Attachments
Google RECAPTCHA.png (264.77 KiB) Viewed 847 times
The Spambot Buster tool should help. It detects and rejects spambots automatically via a built-in invisible honeypot trap and analysis of touch/mouse/keyboard events. No captchas needed.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
[quote=letxobnav post_id=772238 time=1576967711 user_id=201756]
well, htaccess always slows down.
---
Well, you just about forced me, to come here once again ...
36'467 KB versus 75'666 KB .htaccess File Size:
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
1) your tests and subsequent conclusions are flawed.
2) it is a solid assumption that a large portion of the ips/ranges you block have already changed hands, you are even blocking me and I am no longer malicious (was I ever?). And the worse part about that is that you have no way of knowing who you block anymore and why.
3) most spammers/hackers no longer use fixed ip addresses from obscure locations but rapid changing ips from reputable cloud services in reputable locations.
So you are basically needlesly slowing down your site, unaware of who you are blocking and why to give yourself a false sense of security, congratulations.
But by all means, keep blocking ips if that makes you feel secure, in the end you will have blocked everyone and then, and only then, you will be certified 100% secure.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Well, I don't know, what other Test I could make, Google, GTMetrix, e.t.c. is
all I have, and California is far away from where I live, to make me believe,
to have one of the speediest OC Sites, even on the other Site of the planet.
At least, as long as nobody else can show me something 'later', acting better ...
---
But I honestly don't need the whole World, to access my Sites. And it only
depends on the amount of 'smelly' Access Attempts, to either only block
a few single IP Numbers, or then entire Blocks and even Ranges. It's called
'filtering the Crowd', and I'm doing this for the past 20 Years, to then keep
the same kind of Nut's out of my EveryAuction-Sites, and with a 'real'
Hacker's help. So, don't worry, I'm (still) aware of what I'm doing,
when it comes to such.
It just makes no Fun, to get bombarded, or better, only at the Beginning,
because it might help, to find some holes or misses. But then, beeing hit
by hundreds of daily hits, in every way and form imaginable, is sure no fun
anymore, and it made me lock out about a million or more IP's, to get rid of
all that garbage. Your Service Provider is probably one of them, if you cannot
access my Sites. But you won't miss anything, it's only old Version Crab...
---
Conclusion: I would highly recommend OC Users, to lock out Regions, not
beeing targeted for Sales. It makes absolutely no sense, to waste Server
Power, for nothing in return, except for possibly some hacking attempts.
And the most simple way, to do this, is the use of an .htaccess file. One just
has to make sure, not to keep valid Customers from accessing the Site. And
that takes a little time+knowledge, to find out, like most else of some or high
importance in real life too ...
And it's a daily Job, like in any Business, to check, if all the doors are locked,
before one leaves the place at night. And by use of a smart free 1.5.6 tool, one
can get 'smelly IP's locked out for a 'defined' period, to then check on 'em the
next day, in order to decide on possibly locking an IP out for good. It's one of
those many great+free Goodies, to make me stay, with what I use on Version.
---
One may like it or not, it's not my problem. To me, this all is just a Hobby, and
that makes a lot of things very different, from most anyone else's point of view.
I am fully aware of that.
But what would OC be today, if no Fan's ever existed ?! It's a pitty, to realize,
that most of them I knew are no longer around. And again, quite similar to, what
we experienced already, about 20 Years ago. But Fan's don't come for free forever,
they need to be taken Care of. And the real Big Ones spend Millions, to keep the
Crowd alive and well, by make 'em feel like beeing part of something 'important'.
And here, it's the Contrary, because, everybody is everybody's potential Competitor
too. And those, frequently sharing free Knowledge, belong to the 'least' liked of them
all, they're likely more taxed as potential Business-Killers than just nice fellows.
Still, I learned a lot, and that's, what I tried to be greatful for, as much as I could.
It might also be one of the reasons, why my Test-Sites get bugged so much...
Good Luck ! That's it. 73/55 QRT
Ernie
---
download/file.php?mode=view&id=39098
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
In the last few weeks the bots seem to have cracked the captcha and I started getting regular spam registration and contact form e-mails again.
I found the names that the spammers use follow very particular pattern. It was very easy to add a few lines of PHP to the validate() methods in catalog\controller\account\register.php and catalog\controller\information\contact.php to filter these. Whilst there, I also blocked all attempts with a .ru tld in the e-mail as I do not have any russian customers, nor any using .ru e-mails.
The spam dried up overnight
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Users browsing this forum: edkny, nonnedelectari and 402 guests