Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Flood Of Spam/fake Registrations - Should We Be Concerened? Rate Topic   - - - - -

 
  • Bill G.
  • Member
  • Members
  • Join Date: 06-Feb 08
  • 54 posts

Posted 05 April 2017 - 02:16 PM #21

@InspiredInsanity

Seems as though bot programmers may have worked out how easy reCapture is to crack... using googles own Voice recognition api.

 

@Bill G.

I wish CSCART would take a more sophisticated approach to this rather than relying on the (horrible) Google reCapture.

The HoneyPot is just one strategy.

Would you be prepared to share your code for the Honeypot mod?

As I understand its just a case of disabling the form lodgement if the honeypot text field is non-blank.

Maybe also automatically add the IPA of the offender to a list that can easily be approved to be "blocked" by the Admin>Store Access page?

The Honeypot modification was just installed a little while ago. Now we will see if it stops the bot/s from creating the fake accounts. I will know by the end of today because fake accounts are being created day and night EVERY DAY! Regarding sharing the code, I have no idea what the Simtech developer did so there is nothing for me to share, moreover, politely speaking, even if I did know exactly what the code was I would not give it away, because...all of us want to live comfortable lifestyles including the guys/gals at Simtech as well as the other coders who do work for all of us here in this forum and elsewhere. Let's have some integrity and and support them (Simtech and the other coders). Would YOU want someone giving away YOUR work, no, of course not unless it was intentionally created to "give away". I'm not being sarcastic, I'm just being honest and straightforward. Back to the "Honeypot", if it works as we are hoping it does I'll let you all know. We really need to give it a week or so to be sure the bots don't find some way to defeat it and get around it. But I'll give an update tomorrow morning. FYI, it cost us $500 USD for Simtech to create the code and install it. It it works it will be well-worth the investment.



 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 603 posts

Posted 06 April 2017 - 02:51 AM #22

 

... moreover, politely speaking, even if I did know exactly what the code was I would not give it away, because...all of us want to live comfortable lifestyles including the guys/gals at Simtech as well as the other coders  ... Let's have some integrity and and support them (Simtech and the other coders). Would YOU want someone giving away YOUR work, no, of course not unless it was intentionally created to "give away". I'm not being sarcastic, I'm just being honest and straightforward.....

Actually, I never suggested giving it away. I assumed that you had paid for the mod, thus own the rights to it, thus its up to you what you do with it. But I see you paid US500, OMG thats quite a lot! no wonder you are upset!

The honeypot code will be very very simple, its not going to be a major addon project. Unless Ive oversimplified things, its a simple case of adding a text field off-page using CSS and then disabling the Submit-form function if the field is filled.

Its just that sharing mods to help fellow csc owners is one of the purposes of this forum, but did not figure on it costing so much.

My preference would be for CSCart to incorporate more sophisticated bot management within the cart.

 

Anyhoo ...

I would not be surprised if bot programmers could simply code to detect the off-page or -z position via css of the HP to avoid filling the field... As far as Ive read, honeypot is just one of a number of strategies, but its a good start.

I was thinking of asking Simtech about the cost of implementing the HP on our 2.1.4 store, and our v4 store, but not at that price!

Perhaps a "Bot Management" addon would be a salable item for a third-party addon creator?



 
  • Bill G.
  • Member
  • Members
  • Join Date: 06-Feb 08
  • 54 posts

Posted 06 April 2017 - 02:31 PM #23

Actually, I never suggested giving it away. I assumed that you had paid for the mod, thus own the rights to it, thus its up to you what you do with it. But I see you paid US500, OMG thats quite a lot! no wonder you are upset!

The honeypot code will be very very simple, its not going to be a major addon project. Unless Ive oversimplified things, its a simple case of adding a text field off-page using CSS and then disabling the Submit-form function if the field is filled.

Its just that sharing mods to help fellow csc owners is one of the purposes of this forum, but did not figure on it costing so much.

My preference would be for CSCart to incorporate more sophisticated bot management within the cart.

 

Anyhoo ...

I would not be surprised if bot programmers could simply code to detect the off-page or -z position via css of the HP to avoid filling the field... As far as Ive read, honeypot is just one of a number of strategies, but its a good start.

I was thinking of asking Simtech about the cost of implementing the HP on our 2.1.4 store, and our v4 store, but not at that price!

Perhaps a "Bot Management" addon would be a salable item for a third-party addon creator?

 

Hi Remoteone, I wasn't upset at all, not in the slightest, I was just making an honest friendly statement. Now to the issue: The mod was implemented yesterday. It also logs the ip address of the bot and identifies that at least one of the SEVERAL honeypot fields had been filled in. What I have learned is the bots sometimes will skip a field or two attempting to avoid honeypot traps, thus the reason for incorporating several honeypot fields on the form. So far the modification has been working great! Since Simtech implemented the code yesterday I can see that there have been MANY MANY attempts to create fake accounts and log in. I can also see that the bots are attempting to create fake accounts and then sign-in! So far the mod is working great. I'll keep you posted as to it's effectiveness.



 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 603 posts

Posted 06 April 2017 - 10:37 PM #24

Thanks for posting the info and results. , I didnt think of having multiple honeypots. Brilliant!

Lets hope CSC incorporate this strategy into v4 and remove the reliance on the unreliable Google reCapture..

Alternatively a third party addon perhaps.?



 
  • sholand
  • Senior Member
  • Members
  • Join Date: 16-Jan 07
  • 138 posts

Posted 30 May 2017 - 07:40 PM #25

I am having this User spam problem as well on my 2.2.4 setup.  Can't upgrade to latest version on cs cart.

 

I can't find any ReCaptcha that works for V2.  

 

Any suggestions?



 
  • johnbol1
  • Never Re
  • Members
  • Join Date: 23-Feb 10
  • 4,018 posts

Posted 30 May 2017 - 07:46 PM #26

I am having this User spam problem as well on my 2.2.4 setup.  Can't upgrade to latest version on cs cart.

 

I can't find any ReCaptcha that works for V2.  

 

Any suggestions?

Go to the security settings and make your captcha settings more difficult


Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 756 posts

Posted 30 May 2017 - 08:14 PM #27

Between a rock and a hard place.

 

Many of our customers are of a certain age when reCaptcha 2.0 is getting too difficult so we just switched back to the old basic one and take the fake registers for granted.


two V4.6.2 and one  V4.2.4 - hedonist working on Sundays


 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 603 posts

Posted 31 May 2017 - 12:40 AM #28

Yes, many of our customers are of "grey nomad" status, and like myself, find the Goggle reCaptcha very unstable to use.

I myself gave up on purchasing something online recently because the reCaptcha just kept going on and on and on.. I went to another site and purchased there, more expensive, but at least I could get through the checkout process!. Im not the only tech savy online seller and buyer with thick glasses!

I wish cscart would provide the honeytrap and other methods built-in rather than forcing the use of this.

Surely this is just a temporary solution until the issue is properly addressed!

Remove buyer objection... remove goggle recaptcha!

 

Id like to hear back from Bill.G as to how the honeypot mod is working out?



 
  • flasher
  • Senior Member
  • Members
  • Join Date: 26-Sep 05
  • 333 posts

Posted 31 May 2017 - 04:46 AM #29

I have had the same damn issue and maybe they get info off this forum but it makes no sense at all why a persons with no life has to do this which will result in absolutely nothing. So what I did was on capcha I went from 5 digits to 8 it took them a little longer to get threw but still getting threw then I went 9 digits and only one every week now, For customers it is a longer process but they will get used to it and no complaints. Then after a month I was just seeing if it was still an issue and with an hour here they come again like for what? The 9 digit works mixed. 


Version 1.3.5 & Latest Version

 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 14,269 posts

Posted 31 May 2017 - 06:55 AM #30

 

 

Many of our customers are of a certain age when reCaptcha 2.0 is getting too difficult so we just switched back to the old basic one and take the fake registers for granted.

 

Note that you can change difficulty in the reCaptcha settings:

 

http://prntscr.com/fe45j1


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration

Certified CS-Cart RU Developer | Сертифицированный разработчик на CS-Cart Русская Версия

 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 756 posts

Posted 31 May 2017 - 08:24 PM #31

Note that you can change difficulty in the reCaptcha settings:

 

http://prntscr.com/fe45j1

 

I set the settings to even the lowest settings and still got calls from customers who "could not login" 


two V4.6.2 and one  V4.2.4 - hedonist working on Sundays


 
  • remoteone
  • Member
  • Members
  • Join Date: 06-Oct 09
  • 603 posts

Posted 01 June 2017 - 12:57 AM #32

 

Note that you can change difficulty in the reCaptcha settings:

Great,  will try the lowest security setting, and I see there is now an Invisible version available.