I am getting a spate of customer registrations from what are either intending spammers or time wasters. All seem to be from a very limited range of IP addresses.
Earlier versions of Open Cart had a facility to ban by IP address but I cannot find the facility on version 3.0.3.2
Could someone kindly point in the right direction to where this facility can be accessed or, alternatively, to an add-in that does provide the facility.
Thanks, John
It would be your web host who can do this.wychegnome wrote: ↑Wed Sep 30, 2020 5:21 pmCould someone kindly point in the right direction to where this facility can be accessed or, alternatively, to an add-in that does provide the facility.
Thanks, John
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
If you start banning ip addresses you will be doing that the rest of your life.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Well, that's correct, but sometimes, it's the only way, to keep the Boozo-Brains out.If you start banning ip addresses you will be doing that the rest of your life.
I so far have ~ 2'580 IP Ranges and Single Addresses locked out by .htaccess,
Code: Select all
Deny from 213.217.0.224 (single IP)
Deny from 223.215.10.* (IP Block) 
And the Rest, I forward to Las Vegas: (a few samples)
Code: Select all
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|UNION|select|SELECT|insert|INSERT|drop|DROP|update|UPDATE|md5|MD5|benchmark) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd|passwd|eval|$_POST) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteCond %{HTTP_REFERER} ^http://.*aspiegel\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*pizza-tycoon\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*best-seo-offer\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buy-cheap-online\.info/ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(ahrefs|semrushbot|semrush|mj12bot|dotbot|ccbot|petalbot).*$ [NC]
RewriteRule ^(.*)$ https:/www.lasvegas.com/$1 [R=301,L]addition to the 3721-liner Shop .htaccess files, it seems to have
no negative impact on overall Site Load Performance, just to mention this too.
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Make sure you have enabled the recaptcha for the registration form, make sure you have installed modsecurity and ip banning on your server it will handle those sql injection/hack attempts automaticly...
Thank you for the various replies, especially the capcha one. I had forgotten (old age!) that the system has a capcha option. Enabled it last night on the registration page. So far, no rogue registrations.
John
John
Give this a go: https://www.opencart.com/index.php?rout ... n_id=36312wychegnome wrote: ↑Thu Oct 01, 2020 3:53 pmThank you for the various replies, especially the capcha one. I had forgotten (old age!) that the system has a capcha option. Enabled it last night on the registration page. So far, no rogue registrations.
John
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
The standard OpenCart captcha won't be much of a protection anymore as most spambots will be able to overcome it.wychegnome wrote: ↑Thu Oct 01, 2020 3:53 pmThank you for the various replies, especially the capcha one. I had forgotten (old age!) that the system has a capcha option. Enabled it last night on the registration page. So far, no rogue registrations.
John
You may want to take a look at our SpamBot Buster which uses an invisible honeypot trap and checks for required touch/keyboard/mouse events in order to distinguish between genuine human visitors and automated spambots when trying to submit a registration, or using the contact page.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Thank you for the suggestion of the SpamBot system, it could be the answer. Before I take the plunge is the price quoted a one off purchase or for a licence for a specific period such as the 12 months? I ask because an alternative ban system appears to be a licence period rather than an outright purchase.
Thanks, John
Thanks, John
We provide updates beyond the 12 months period, the latter is imposed by OpenCart, not us. See also this.wychegnome wrote: ↑Fri Oct 02, 2020 4:44 pmThank you for the suggestion of the SpamBot system, it could be the answer. Before I take the plunge is the price quoted a one off purchase or for a licence for a specific period such as the 12 months? I ask because an alternative ban system appears to be a licence period rather than an outright purchase.
Thanks, John
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Thank you for assurance about on-going support, much appreciated.
Sorry to be so pedantic about the pricing but the web site concerned is funded by a charity. It is important to know before purchase whether this is a 'one off' outright purchase or whether it it will require additional payments at intervals later.
Thanks, John
Sorry to be so pedantic about the pricing but the web site concerned is funded by a charity. It is important to know before purchase whether this is a 'one off' outright purchase or whether it it will require additional payments at intervals later.
Thanks, John
There are no additional later payments, it's a one-time license fee, not a subscription.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Thank you for the various advices.
Implementing the basic (built in) capcha and then reinforcing it with the spambot system has stopped the rot.
Thank you, John
Implementing the basic (built in) capcha and then reinforcing it with the spambot system has stopped the rot.
Thank you, John
Who is online
Users browsing this forum: David081988wise and 107 guests
