Post by wychegnome » Wed Sep 30, 2020 5:21 pm

I am getting a spate of customer registrations from what are either intending spammers or time wasters. All seem to be from a very limited range of IP addresses.
Earlier versions of Open Cart had a facility to ban by IP address but I cannot find the facility on version 3.0.3.2
Could someone kindly point in the right direction to where this facility can be accessed or, alternatively, to an add-in that does provide the facility.
Thanks, John

New member

Posts

Joined
Mon Jan 05, 2015 12:01 am

Post by paulfeakins » Wed Sep 30, 2020 5:42 pm

wychegnome wrote:
Wed Sep 30, 2020 5:21 pm
Could someone kindly point in the right direction to where this facility can be accessed or, alternatively, to an add-in that does provide the facility.
Thanks, John
It would be your web host who can do this.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by letxobnav » Wed Sep 30, 2020 5:43 pm

If you start banning ip addresses you will be doing that the rest of your life.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by IP_CAM » Wed Sep 30, 2020 6:51 pm

If you start banning ip addresses you will be doing that the rest of your life.
Well, that's correct, but sometimes, it's the only way, to keep the Boozo-Brains out. :laugh: :crazy:
I so far have ~ 2'580 IP Ranges and Single Addresses locked out by .htaccess,

Code: Select all

 Deny from 213.217.0.224 (single IP)
 Deny from 223.215.10.* (IP Block) 
still, it's a daily Job, to check, who tried to access my Sites by use of 'screwy' Links. :D

And the Rest, I forward to Las Vegas: (a few samples)

Code: Select all

RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|UNION|select|SELECT|insert|INSERT|drop|DROP|update|UPDATE|md5|MD5|benchmark) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd|passwd|eval|$_POST) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteCond %{HTTP_REFERER} ^http://.*aspiegel\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*pizza-tycoon\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*best-seo-offer\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buy-cheap-online\.info/ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(ahrefs|semrushbot|semrush|mj12bot|dotbot|ccbot|petalbot).*$ [NC]
RewriteRule ^(.*)$ https:/www.lasvegas.com/$1 [R=301,L]
Still, despite of my actual 2649-liner ROOT .htaccess file, in
addition to the 3721-liner Shop .htaccess files, it seems to have
no negative impact on overall Site Load Performance, just to mention this too. ;)
Ernie

I am no longer active at the Forum. Please do NOT send me Personal Mails,
they will no longer be replied to.
My Github OC Site: https://github.com/IP-CAM
4'160 + FREE OC Extensions, on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by wrick0 » Wed Sep 30, 2020 8:52 pm

Make sure you have enabled the recaptcha for the registration form, make sure you have installed modsecurity and ip banning on your server it will handle those sql injection/hack attempts automaticly...

Active Member

Posts

Joined
Fri Jan 18, 2019 10:00 pm
Location - 127.0.0.1 @ The Netherlands

Post by wychegnome » Thu Oct 01, 2020 3:53 pm

Thank you for the various replies, especially the capcha one. I had forgotten (old age!) that the system has a capcha option. Enabled it last night on the registration page. So far, no rogue registrations.
John

New member

Posts

Joined
Mon Jan 05, 2015 12:01 am

Post by paulfeakins » Thu Oct 01, 2020 6:30 pm

wychegnome wrote:
Thu Oct 01, 2020 3:53 pm
Thank you for the various replies, especially the capcha one. I had forgotten (old age!) that the system has a capcha option. Enabled it last night on the registration page. So far, no rogue registrations.
John
Give this a go: https://www.opencart.com/index.php?rout ... n_id=36312

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by JNeuhoff » Thu Oct 01, 2020 10:47 pm

wychegnome wrote:
Thu Oct 01, 2020 3:53 pm
Thank you for the various replies, especially the capcha one. I had forgotten (old age!) that the system has a capcha option. Enabled it last night on the registration page. So far, no rogue registrations.
John
The standard OpenCart captcha won't be much of a protection anymore as most spambots will be able to overcome it.

You may want to take a look at our SpamBot Buster which uses an invisible honeypot trap and checks for required touch/keyboard/mouse events in order to distinguish between genuine human visitors and automated spambots when trying to submit a registration, or using the contact page.

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by wychegnome » Fri Oct 02, 2020 4:44 pm

Thank you for the suggestion of the SpamBot system, it could be the answer. Before I take the plunge is the price quoted a one off purchase or for a licence for a specific period such as the 12 months? I ask because an alternative ban system appears to be a licence period rather than an outright purchase.
Thanks, John

New member

Posts

Joined
Mon Jan 05, 2015 12:01 am

Post by JNeuhoff » Fri Oct 02, 2020 4:51 pm

wychegnome wrote:
Fri Oct 02, 2020 4:44 pm
Thank you for the suggestion of the SpamBot system, it could be the answer. Before I take the plunge is the price quoted a one off purchase or for a licence for a specific period such as the 12 months? I ask because an alternative ban system appears to be a licence period rather than an outright purchase.
Thanks, John
We provide updates beyond the 12 months period, the latter is imposed by OpenCart, not us. See also this.

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by wychegnome » Fri Oct 02, 2020 6:04 pm

Thank you for assurance about on-going support, much appreciated.
Sorry to be so pedantic about the pricing but the web site concerned is funded by a charity. It is important to know before purchase whether this is a 'one off' outright purchase or whether it it will require additional payments at intervals later.
Thanks, John

New member

Posts

Joined
Mon Jan 05, 2015 12:01 am

Post by JNeuhoff » Fri Oct 02, 2020 6:59 pm

There are no additional later payments, it's a one-time license fee, not a subscription.

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by wychegnome » Sun Oct 11, 2020 7:11 pm

Thank you for the various advices.
Implementing the basic (built in) capcha and then reinforcing it with the spambot system has stopped the rot.
Thank you, John

New member

Posts

Joined
Mon Jan 05, 2015 12:01 am
Who is online

Users browsing this forum: sdd and 23 guests