@InspiredInsanity
Seems as though bot programmers may have worked out how easy reCapture is to crack... using googles own Voice recognition api.
@Bill G.
I wish CSCART would take a more sophisticated approach to this rather than relying on the (horrible) Google reCapture.
The HoneyPot is just one strategy.
Would you be prepared to share your code for the Honeypot mod?
As I understand its just a case of disabling the form lodgement if the honeypot text field is non-blank.
Maybe also automatically add the IPA of the offender to a list that can easily be approved to be "blocked" by the Admin>Store Access page?
The Honeypot modification was just installed a little while ago. Now we will see if it stops the bot/s from creating the fake accounts. I will know by the end of today because fake accounts are being created day and night EVERY DAY! Regarding sharing the code, I have no idea what the Simtech developer did so there is nothing for me to share, moreover, politely speaking, even if I did know exactly what the code was I would not give it away, because...all of us want to live comfortable lifestyles including the guys/gals at Simtech as well as the other coders who do work for all of us here in this forum and elsewhere. Let's have some integrity and and support them (Simtech and the other coders). Would YOU want someone giving away YOUR work, no, of course not unless it was intentionally created to "give away". I'm not being sarcastic, I'm just being honest and straightforward. Back to the "Honeypot", if it works as we are hoping it does I'll let you all know. We really need to give it a week or so to be sure the bots don't find some way to defeat it and get around it. But I'll give an update tomorrow morning. FYI, it cost us $500 USD for Simtech to create the code and install it. It it works it will be well-worth the investment.
... moreover, politely speaking, even if I did know exactly what the code was I would not give it away, because...all of us want to live comfortable lifestyles including the guys/gals at Simtech as well as the other coders ... Let's have some integrity and and support them (Simtech and the other coders). Would YOU want someone giving away YOUR work, no, of course not unless it was intentionally created to "give away". I'm not being sarcastic, I'm just being honest and straightforward.....
Actually, I never suggested giving it away. I assumed that you had paid for the mod, thus own the rights to it, thus its up to you what you do with it. But I see you paid US500, OMG thats quite a lot! no wonder you are upset!
The honeypot code will be very very simple, its not going to be a major addon project. Unless Ive oversimplified things, its a simple case of adding a text field off-page using CSS and then disabling the Submit-form function if the field is filled.
Its just that sharing mods to help fellow csc owners is one of the purposes of this forum, but did not figure on it costing so much.
My preference would be for CSCart to incorporate more sophisticated bot management within the cart.
Anyhoo ...
I would not be surprised if bot programmers could simply code to detect the off-page or -z position via css of the HP to avoid filling the field... As far as Ive read, honeypot is just one of a number of strategies, but its a good start.
I was thinking of asking Simtech about the cost of implementing the HP on our 2.1.4 store, and our v4 store, but not at that price!
Perhaps a "Bot Management" addon would be a salable item for a third-party addon creator?
Actually, I never suggested giving it away. I assumed that you had paid for the mod, thus own the rights to it, thus its up to you what you do with it. But I see you paid US500, OMG thats quite a lot! no wonder you are upset!
The honeypot code will be very very simple, its not going to be a major addon project. Unless Ive oversimplified things, its a simple case of adding a text field off-page using CSS and then disabling the Submit-form function if the field is filled.
Its just that sharing mods to help fellow csc owners is one of the purposes of this forum, but did not figure on it costing so much.
My preference would be for CSCart to incorporate more sophisticated bot management within the cart.
Anyhoo ...
I would not be surprised if bot programmers could simply code to detect the off-page or -z position via css of the HP to avoid filling the field... As far as Ive read, honeypot is just one of a number of strategies, but its a good start.
I was thinking of asking Simtech about the cost of implementing the HP on our 2.1.4 store, and our v4 store, but not at that price!
Perhaps a "Bot Management" addon would be a salable item for a third-party addon creator?
Hi Remoteone, I wasn't upset at all, not in the slightest, I was just making an honest friendly statement. Now to the issue: The mod was implemented yesterday. It also logs the ip address of the bot and identifies that at least one of the SEVERAL honeypot fields had been filled in. What I have learned is the bots sometimes will skip a field or two attempting to avoid honeypot traps, thus the reason for incorporating several honeypot fields on the form. So far the modification has been working great! Since Simtech implemented the code yesterday I can see that there have been MANY MANY attempts to create fake accounts and log in. I can also see that the bots are attempting to create fake accounts and then sign-in! So far the mod is working great. I'll keep you posted as to it's effectiveness.
Thanks for posting the info and results. , I didnt think of having multiple honeypots. Brilliant!
Lets hope CSC incorporate this strategy into v4 and remove the reliance on the unreliable Google reCapture..
Alternatively a third party addon perhaps.?
I am having this User spam problem as well on my 2.2.4 setup. Can't upgrade to latest version on cs cart.
I can't find any ReCaptcha that works for V2.
Any suggestions?
I am having this User spam problem as well on my 2.2.4 setup. Can't upgrade to latest version on cs cart.
I can't find any ReCaptcha that works for V2.
Any suggestions?
Go to the security settings and make your captcha settings more difficult
Between a rock and a hard place.
Many of our customers are of a certain age when reCaptcha 2.0 is getting too difficult so we just switched back to the old basic one and take the fake registers for granted.
Yes, many of our customers are of "grey nomad" status, and like myself, find the Goggle reCaptcha very unstable to use.
I myself gave up on purchasing something online recently because the reCaptcha just kept going on and on and on.. I went to another site and purchased there, more expensive, but at least I could get through the checkout process!. Im not the only tech savy online seller and buyer with thick glasses!
I wish cscart would provide the honeytrap and other methods built-in rather than forcing the use of this.
Surely this is just a temporary solution until the issue is properly addressed!
Remove buyer objection... remove goggle recaptcha!
Id like to hear back from Bill.G as to how the honeypot mod is working out?
I have had the same damn issue and maybe they get info off this forum but it makes no sense at all why a persons with no life has to do this which will result in absolutely nothing. So what I did was on capcha I went from 5 digits to 8 it took them a little longer to get threw but still getting threw then I went 9 digits and only one every week now, For customers it is a longer process but they will get used to it and no complaints. Then after a month I was just seeing if it was still an issue and with an hour here they come again like for what? The 9 digit works mixed.
Many of our customers are of a certain age when reCaptcha 2.0 is getting too difficult so we just switched back to the old basic one and take the fake registers for granted.
Note that you can change difficulty in the reCaptcha settings:
http://prntscr.com/fe45j1
I set the settings to even the lowest settings and still got calls from customers who "could not login"
Note that you can change difficulty in the reCaptcha settings:
Great, will try the lowest security setting, and I see there is now an Invisible version available.
I am currently still using CS-CART 2.x.x and having the same problems. Any help would be appreciated. Thank you!
Go to the security settings and make your captcha settings more difficult
I did make the captcha settings more difficult. However, it doesn't seem to work.
I did make the captcha settings more difficult. However, it doesn't seem to work.
In this case we can offer you custom development work to integrate your store with Google reCaptcha
In this case we can offer you custom development work to integrate your store with Google reCaptcha
How much would that cost to create an add-on for CS-CART 2.x.x? I am sure there're many others who is on the same boat as mine. Looking for someone who is willing to slip the cost of development.
How much would that cost to create an add-on for CS-CART 2.x.x? I am sure there're many others who is on the same boat as mine. Looking for someone who is willing to slip the cost of development.
Please contact us to get a free quote
"I am seeing tons of spam .ru registrations as well."
Same here and I have spent hours going through my customer list - not fun.
Any ideas on why spammers are doing this?
We do not store cc info so other than a mailing list what can they get?
Dear all, I received a quote from eComLabs for Google captcha Add-On for cs-cart 2.x.x. Anyone here is interested in splitting the cost? Please PM me. Thank you!
Hi grabbags, Whilst I do wish to improve SBot detection and blocking for both our v4 and v2 stores, I dont feel that the Google recapture is the best way to go. I would be interested in a more intelegent and proactive solution as previously suggested.
Such as the Honeypot and automatic recording and blocking features. Hate the Goggle recapture as it can be a painful experience for some users.