Search Abuse

Hello everyone,

For last few days our website was experiencing very heavy load. We checked visitor log and found that a thousands of searches being performed in the format like this.

			<div style="margin:0px;color:rgb(102,102,102);font-size:12px;"><a data-ipb='nomediaparse' href='/abc/?subcats=Y&pcode_from_q=Y&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&q=9780919302280&dispatch=products.search'>http://www.xxx,com/abc/?subcats=Y&pcode_from_q=Y&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&q=9780919302280&dispatch=products.search</a></div>

It appears that many bots/spiders and proxies are reaching search bar.

I have spoken to web hosting company who have suggested to add some kind of security such as captcha to the search bar.

I would highly appreciate if anyone can suggest how to achieve this or any other solution to stop bots/spider to abuse search function.

Thanks

YPG

try the following

- install and activate My change module
- create the app/addons/my_changes/controllers/frontend/products.pre.php file with the following content

if (!defined(‘BOOTSTRAP’)) { die(‘Access denied’); }

if ($mode == ‘search’) {
if (defined(‘CRAWLER’)) {
exit;
}
}

return;

- monitor your logs

(!) Not tested

try the following

- install and activate My change module
- create the app/addons/my_changes/controllers/frontend/products.pre.php file with the following content

if (!defined(‘BOOTSTRAP’)) { die(‘Access denied’); }

if ($mode == ‘search’) {
if (defined(‘CRAWLER’)) {
exit;
}
}

return;

- monitor your logs

(!) Not tested

Thanks for valuable code. Just applied, the server load appears to be down for the moment.

Will continue to monitor.

I wonder if we can apply goggle reCaptcha to search bar, as a result such crawlers would not be able to proceed.

YPG

Yes, it can be done with simple modification. But search bar with reCaptcha will look ugly

Yes, it can be done with simple modification. But search bar with reCaptcha will look ugly

The solution provided by you is working perfect. I think this code should be part of original cs-cart installation. There is no need for captcha as it would look very ugly.

I am glad to hear that our solution helped you

Unfortunately after few days they are back again today. I wonder it it is possible to allow product search only for customer who are logged in.

YPG

In this case use in the same file

In this case use in the same file

if (!defined(‘BOOTSTRAP’)) { die(‘Access denied’); }

if ($mode == ‘search’) {
if (defined(‘CRAWLER’)) {
exit;
}
if (empty($auth[‘user_id’])) {
return array(
CONTROLLER_STATUS_REDIRECT,
‘auth.login_form?return_url=’ . urlencode(Registry::get(‘config.current_url’))
);
}
}

return;

Applied the code but this loads 'Sorry, service is temporarily unavailable.' page for everyone once you perform search.

I have corrected my post. It should work now

I have corrected my post. It should work now

Thanks, it is working now. But there should be some other way out to stop this.

Try to display issue to the bug tracker. May be CS-Cart developers will add something to the code

Add CloudFlare.