Google Recaptcha doesn’t help much against tools like XRumer. here is how they spam you with XRumer:
XRumer promo video - YouTube
As you see recaptcha is broken.
A normal antispam solution is required. i.e.
- check for the main honeypot services like projecthoneypot, botscout, stopforumspam, etc.
- bot protection like badbehaviour, dedos, etc.
- block TOR, proxies.
- blacklist email addresses and domains.
- blacklist IPs and ranges.
The first two solution work optimal if its widely available and cs-cart owners can feedback spammers to blacklists.
Therefore it needs to be a publicly available addon.
To me its baffling that there are no anti-spam addons for cs-cart.
Felt a bit sick watching the video...
Hopefully CSC, Simtec or other addon dve will step up to the mark with something to fix this spam issue.
ATM Ive had to block whole countries from being able to access our servers, including some Russian IPA's .
Exactly - hopefully CS Cart wil soon release a solution with the next upgrade.
Good luck CS Cart team!
We are experiencing this issue with the spam as well.
As far as we see, you are still using old captcha. You should upgrade to version 4.4.2 where reCaptcha was added or use a third-party add-on with the same functionality in your current version.
We are experiencing this issue with the spam as well.
I have the latest and greatest ReCaptcha setup (using 4.6.2) and still get spam messages all through out the website. The latest one made the list is the following. I opened another thread before and explained how I am tackling with spam. I blocked IP subnets who are the reason for these spam messages and it got this situation under control. It reduced it from 10-15 spam comments every day to one spam per month or so.
Message: This message is posted here using XRumer + XEvil 4.0 XEvil 4.0 is a revolutionary application that can bypass almost any anti-botnet protection. Captcha Recognition Google (ReCaptcha-1, ReCaptcha-2), Facebook, Yandex, VKontakte, Captcha Com and over 8.4 million other types! You read this - it means it works! ;) Details on the official website of XEvil.Net, there is a free demo version
Well we all saw that coming!
I can only repeat ... CSC needs a far more sophisticated anti-spam mechanism than just reCapture.
I 100% agree.
I have the latest and greatest ReCaptcha setup (using 4.6.2) and still get spam messages all through out the website. The latest one made the list is the following. I opened another thread before and explained how I am tackling with spam. I blocked IP subnets who are the reason for these spam messages and it got this situation under control. It reduced it from 10-15 spam comments every day to one spam per month or so.
Message: This message is posted here using XRumer + XEvil 4.0 XEvil 4.0 is a revolutionary application that can bypass almost any anti-botnet protection. Captcha Recognition Google (ReCaptcha-1, ReCaptcha-2), Facebook, Yandex, VKontakte, Captcha Com and over 8.4 million other types! You read this - it means it works! ;) Details on the official website of XEvil.Net, there is a free demo version
Can you please create a ticket in HD and provide us with
- access to your website
- example of the spam emails you got, including the page they were posted from.
If you already described this problem somewhere on the forum, please provide a link.
I disabled New User Profiles emails from being sent and it looks to have helped. It took a few days but I haven't received any new account for over a week (from 30+ a day). I'm straight retail so it's not really necessary for my business, customers already receive enough notification emails with each order so it hasn't negatively affected me.
Unfortunately, it's too late, I'm moving to another platform. The lack of interest from CS-Cart regarding this security issue and no options of Afterpay or Zippay (I get asked 5+ times a week about it) coming any time soon has made me jump ship. A bit sad too, quite liked CS-Cart and would have been happy to continue with it otherwise.
Hmm. with v2.1.4, I noticed that there is no setting for the Add-ons > Comments and reviews to turn off the Communication: Reviews and Replies for any of the pages. We get bots posting testimonials. The need for such a thing seems obvious, and a [Login to post] button or link. Just another refinement that is needed..
Even in v4 there is no such setting option!
Ive just deleted on 600 fake registrations, all with google as the company name ???
I disabled New User Profiles emails from being sent and it looks to have helped.
I cant see a setting for this, can you point me in the right direction.
I cant see a setting for this, can you point me in the right direction.
If you want to I can write a small script that will block specified emails (with wildcards) if you want to?
If you want to I can write a small script that will block specified emails (with wildcards) if you want to?
Thanks but not sure it will help because the screen shot I showed was just a small section. All the others are random, but between 5 and 10 of each
Thanks but not sure it will help because the screen shot I showed was just a small section. All the others are random, but between 5 and 10 of each
What about the IP addresses, is it just a range? Or are it multiple ranges?
I cant see a setting for this, can you point me in the right direction.
There is no setting, you will need to do it in the code. I had my assistant do it, it only took a few minutes but I'm not sure on the process, sorry.
If you want to make it easier to delete the fake accounts, in the settings make First and Last name required for new user profiles. The spam always has the same name used for both first and last so it's easy to spot and delete
What about the IP addresses, is it just a range? Or are it multiple ranges?
Good point, i didnt check before I deleted them though.
For the Reviews bots, I got an add -on so only those who have purchased the product can leave the review. Worked a treat, have had it for years and no issues with review bots since, just the New User Profiles.
Hi InspiredInsanity,
Can you share the Code changes or link us to the Add-on?
Unfortunately, it's too late, I'm moving to another platform. The lack of interest from CS-Cart regarding this security issue and no options .......... A bit sad too, quite liked CS-Cart and would have been happy to continue with it otherwise.
I too am frustrated with the lack of attention CSC gives to providing basic functionality.
By "basic functionality" I mean the many little things like this that added together make a very big difference in admin work-flow efficiency. Such a small code change could fix this, but each issue on its own seems to have no significance CSC architects. Minor issues (not minor to me) often just get side stepped with the opinion that no fix is needed just because only one or two people have reported the issue.
Out of interest, which platform did you switch to?