Jack_mcs Posted March 5, 2018 Share Posted March 5, 2018 (edited) This addon prevents multiple emails from being sent through the forms on the site by adding a hidden challenge. Sending emails through the forms is a favorite thing to do by spammers. This has traditionally been handled by Googles Recaptcha code but that causes too much of a challenge in many cases and can easily frustrate your customers. This code doesn't present a challenge for the customer at all. The checking is done without the customer even knowing it. The code will work in any version of oscommerce but the instructions are just for the Community Edition and just for the contact us page (due to time constraints). Edited March 6, 2018 by Jack_mcs Remove extra link Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ArtcoInc Posted March 5, 2018 Share Posted March 5, 2018 (edited) @Jack_mcs Does this add-on require View Counter? Malcolm Wow, this is my 1000th post Edited March 5, 2018 by ArtcoInc Tsimi and clustersolutions 2 Quote Link to comment Share on other sites More sharing options...
♥Tsimi Posted March 6, 2018 Share Posted March 6, 2018 @ArtcoInc And what an important 1000 post it was. I would have expected something like "HURRAY! Post #1000!" ArtcoInc 1 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 6, 2018 Author Share Posted March 6, 2018 3 hours ago, ArtcoInc said: @Jack_mcs Does this add-on require View Counter? No, it doesn't. I must have clicked on something I shouldn't have when creating this thread. I have removed the mention of View Counter now. I apologize for the confusion Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Dan Cole Posted March 6, 2018 Share Posted March 6, 2018 This is pretty interesting idea Jack....good thinking. In installing it, I also noticed that the action recorder is implemented on the contact us page....that must also slow the bots down a lot. Dan Quote Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 6, 2018 Author Share Posted March 6, 2018 Thanks, but it isn't my code. The Honeypot code has been around for years. The action Recorder helps as does the code in email validate function (for newer versions of oscommerce) that limits how many email addresses can be entered at one time. I would have thought the latter was enough to stop spammers but it doesn't. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Dan Cole Posted March 6, 2018 Share Posted March 6, 2018 8 hours ago, Jack_mcs said: I would have thought the latter was enough to stop spammers but it doesn't. I was thinking the same thing but your module makes it easy to take things a step further. Thanks for taking the time to both develop and contribute it to the community. Dan Quote Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 10, 2018 Author Share Posted March 10, 2018 A new version has been uploaded with these changes: Added a tell-a-friend file to the changed files. Changed the module code to use a different function for the create account page. If you don't use this addon on either of those pages there's no reason to update. But if you don't and you enable it for the create account page, that page won't validate correctly. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
w2vy Posted March 15, 2018 Share Posted March 15, 2018 I am running v2.3.2 and added the changes to the contact_us page and it does not seem to reject the form if the honeypot is not empty. If I view source I do have the onsubmit="return validateMyForm();" and <div style="display:none;"> <label>Keep this field blank</label> <input type="text" name="honeypot" value="die bots" id="honeypot" /> </div> (before buttonSet) What could I be missing? I am not getting any errors from apache Tom Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 15, 2018 Author Share Posted March 15, 2018 You have to include the validateMyForm code. For newer 2.3.4 and Responsive versions of oscommerce that is done by installing the included module. For all others you have to manually add the code. w2vy 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 15, 2018 Author Share Posted March 15, 2018 A new version has been uploaded. Since any spam email I have ever seen contained an email address and/or a url, I added options to check for those on the contact us page and to reject the submission if found. It seems unlikely that a legitimate visitor would have those in their emails but there are options to control them if you don't want to use them. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
w2vy Posted March 16, 2018 Share Posted March 16, 2018 I wonder if changing the honeypot input to something email2 or something would encourage spammers to fill it in <input type="text" name="email2" id="honeypot" /> or <input type="text" name="email2" id="altemail" /> tom Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 17, 2018 Author Share Posted March 17, 2018 The Honeypot input box should not be visible on the page. If it is, then there is a mistake in your installation. The whole idea with the code is that legitimate people can't fill in that box but spammers use scripts that automatically fill in all boxes so they are stopped. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
w2vy Posted March 17, 2018 Share Posted March 17, 2018 Well, if you think about it from the automated spammer point of view... They don't LOOK at the page, the BOT can READ the HTML see excepts below <script type="text/javascript"> function validateMyForm() { // The field is empty, submit the form. if(!document.getElementById("honeypot").value) { return true; } // the field has a value it's a spam bot else { return false; } } </script> </div> <div style="display:none;"> <label>Keep this field blank</label> <input type="text" name="honeypot" id="honeypot" /> </div> Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 17, 2018 Author Share Posted March 17, 2018 I don't understand your point nor why you would want to encourage spammers to fill it in but you're free to change it as you see fit. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Dan Cole Posted March 17, 2018 Share Posted March 17, 2018 12 minutes ago, Jack_mcs said: I don't understand your point nor why you would want to encourage spammers to fill it in but you're free to change it as you see fit. I'm sure Tom will clarify but I think his point is that smarter bots, or perhaps AI bots, might be programmed to recognize traps like that, where the names were so obvious, and might skip the input. An interesting point and one that might become obvious over time ie. you'll know about it. Dan Quote Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
w2vy Posted March 17, 2018 Share Posted March 17, 2018 Oh Yes I think we WANT to encourage them to fill it in, so we know the 'client' was not using a web browser. But if we think of AI, the very directive that tells the browser not to display the input may tell the bot also to leave it blank. You have to think like a Bot and look at what the bot sees! Your HTML code It might be interesting to see how many requests it blocks. Tom Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 17, 2018 Author Share Posted March 17, 2018 OK, I understand your point now. I don't think the scripts would do that but it is certainly possible. It is probably worth changing the code just to eliminate that possibility. But if it's going to be done, the javascript should probably be moved to a separate file and loaded in so it doesn't display in the source. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
w2vy Posted March 17, 2018 Share Posted March 17, 2018 I am using an old release, I can move the javascript to another include file Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
w2vy Posted March 22, 2018 Share Posted March 22, 2018 I upgraded to the latest version with the email and url blocks, but when I try manually if works correctly, but I am getting spam with urls in it... tom Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 22, 2018 Author Share Posted March 22, 2018 The code only checks for urls with http or https. If those aren't included the email will get by. I may change that in a future release but it involves more than the javascript check I used. If that isn't the problem, try submitting the form yourself with a copy of the url that is getting through to see if you can duplicate the problem. If you can, please send me what fails so I can see what the problem is. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
w2vy Posted March 23, 2018 Share Posted March 23, 2018 (edited) Считается, что повышенный уровень глюкозы в крови является главной причиной развития диабета 2-го типа. Однако немецкие ученые доказали: резистентность клеток к инсулину может быть вызвана увеличением концентрации в крови метилглиоксаля (MG) - метаболита глюкозы. Подробнее читайте на сайте _a href=http://dom-lady.ru_dom-lady.ru_/a_ But if I enter that text the form is blocked. I am starting to think that the javascript is not being executed on the server side If the code is assuming it will run on the client side, then it is no wonder the checks are not performed on some spammers Maybe we should just move the checks to PHP code on the form submit action, that could NEVER fail! Edited March 23, 2018 by w2vy Quote Thomas A. Moulton, W2VY osCommerce core developer osc2.1 to osc 2.3.x Support the developers! http://www.oscommerce.com/about/team Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 23, 2018 Author Share Posted March 23, 2018 (edited) Are you able to create an account? The create an account has the javascript in it too but it also has the original javascript in it. So if javascript is failing on your site, that would fail too. Blocking via the php code would probably be better but that would require further code changes and not be what this addon was intended for. If you updated to the latest version and are using the Responsive version of the addon, you needed to uninstall the module first, replace the files and install again. If you didn't do that, the javascript may not function correctly. Edited March 23, 2018 by Jack_mcs Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
burt Posted March 23, 2018 Share Posted March 23, 2018 I've been thinking about this and testing some things out... This code worked best for my needs (which were; stop spammers, use as little code as possible) <input type="text" name="inputHP" pattern="[0]{0}" aria-describedby="atHP" hidden> <span id="atHP" hidden>This is a Test for weeding out Spammers. You must leave this input box totally blank.</span> What have I missed by just using that code ? Note that I did hardcode it, if I was to spend time on it, it'd be a Hook most likely. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 24, 2018 Author Share Posted March 24, 2018 I haven't tested it but that looks like a good idea. But a second hook would be needed to add the code to check for emails and url's, if those options were wanted. That is more in-line with not changing the core code and is probably a better solution for the community edition. Actually, it might be a good addition to the stock shop. A generalized package that would protect any form in the shop by just calling a hook with the forms name, or something like that. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.