Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Flood Of Spam/fake Registrations - Should We Be Concerened? Rate Topic   - - - - -

 
  • Bill G.
  • Member
  • Members
  • Join Date: 06-Feb 08
  • 54 posts

Posted 05 April 2017 - 02:16 PM #21

@InspiredInsanity

Seems as though bot programmers may have worked out how easy reCapture is to crack... using googles own Voice recognition api.

 

@Bill G.

I wish CSCART would take a more sophisticated approach to this rather than relying on the (horrible) Google reCapture.

The HoneyPot is just one strategy.

Would you be prepared to share your code for the Honeypot mod?

As I understand its just a case of disabling the form lodgement if the honeypot text field is non-blank.

Maybe also automatically add the IPA of the offender to a list that can easily be approved to be "blocked" by the Admin>Store Access page?

The Honeypot modification was just installed a little while ago. Now we will see if it stops the bot/s from creating the fake accounts. I will know by the end of today because fake accounts are being created day and night EVERY DAY! Regarding sharing the code, I have no idea what the Simtech developer did so there is nothing for me to share, moreover, politely speaking, even if I did know exactly what the code was I would not give it away, because...all of us want to live comfortable lifestyles including the guys/gals at Simtech as well as the other coders who do work for all of us here in this forum and elsewhere. Let's have some integrity and and support them (Simtech and the other coders). Would YOU want someone giving away YOUR work, no, of course not unless it was intentionally created to "give away". I'm not being sarcastic, I'm just being honest and straightforward. Back to the "Honeypot", if it works as we are hoping it does I'll let you all know. We really need to give it a week or so to be sure the bots don't find some way to defeat it and get around it. But I'll give an update tomorrow morning. FYI, it cost us $500 USD for Simtech to create the code and install it. It it works it will be well-worth the investment.



 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 542 posts

Posted 06 April 2017 - 02:51 AM #22

 

... moreover, politely speaking, even if I did know exactly what the code was I would not give it away, because...all of us want to live comfortable lifestyles including the guys/gals at Simtech as well as the other coders  ... Let's have some integrity and and support them (Simtech and the other coders). Would YOU want someone giving away YOUR work, no, of course not unless it was intentionally created to "give away". I'm not being sarcastic, I'm just being honest and straightforward.....

Actually, I never suggested giving it away. I assumed that you had paid for the mod, thus own the rights to it, thus its up to you what you do with it. But I see you paid US500, OMG thats quite a lot! no wonder you are upset!

The honeypot code will be very very simple, its not going to be a major addon project. Unless Ive oversimplified things, its a simple case of adding a text field off-page using CSS and then disabling the Submit-form function if the field is filled.

Its just that sharing mods to help fellow csc owners is one of the purposes of this forum, but did not figure on it costing so much.

My preference would be for CSCart to incorporate more sophisticated bot management within the cart.

 

Anyhoo ...

I would not be surprised if bot programmers could simply code to detect the off-page or -z position via css of the HP to avoid filling the field... As far as Ive read, honeypot is just one of a number of strategies, but its a good start.

I was thinking of asking Simtech about the cost of implementing the HP on our 2.1.4 store, and our v4 store, but not at that price!

Perhaps a "Bot Management" addon would be a salable item for a third-party addon creator?



 
  • Bill G.
  • Member
  • Members
  • Join Date: 06-Feb 08
  • 54 posts

Posted 06 April 2017 - 02:31 PM #23

Actually, I never suggested giving it away. I assumed that you had paid for the mod, thus own the rights to it, thus its up to you what you do with it. But I see you paid US500, OMG thats quite a lot! no wonder you are upset!

The honeypot code will be very very simple, its not going to be a major addon project. Unless Ive oversimplified things, its a simple case of adding a text field off-page using CSS and then disabling the Submit-form function if the field is filled.

Its just that sharing mods to help fellow csc owners is one of the purposes of this forum, but did not figure on it costing so much.

My preference would be for CSCart to incorporate more sophisticated bot management within the cart.

 

Anyhoo ...

I would not be surprised if bot programmers could simply code to detect the off-page or -z position via css of the HP to avoid filling the field... As far as Ive read, honeypot is just one of a number of strategies, but its a good start.

I was thinking of asking Simtech about the cost of implementing the HP on our 2.1.4 store, and our v4 store, but not at that price!

Perhaps a "Bot Management" addon would be a salable item for a third-party addon creator?

 

Hi Remoteone, I wasn't upset at all, not in the slightest, I was just making an honest friendly statement. Now to the issue: The mod was implemented yesterday. It also logs the ip address of the bot and identifies that at least one of the SEVERAL honeypot fields had been filled in. What I have learned is the bots sometimes will skip a field or two attempting to avoid honeypot traps, thus the reason for incorporating several honeypot fields on the form. So far the modification has been working great! Since Simtech implemented the code yesterday I can see that there have been MANY MANY attempts to create fake accounts and log in. I can also see that the bots are attempting to create fake accounts and then sign-in! So far the mod is working great. I'll keep you posted as to it's effectiveness.



 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 542 posts

Posted 06 April 2017 - 10:37 PM #24

Thanks for posting the info and results. , I didnt think of having multiple honeypots. Brilliant!

Lets hope CSC incorporate this strategy into v4 and remove the reliance on the unreliable Google reCapture..

Alternatively a third party addon perhaps.?