Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HoneyPot Captcha


Jack_mcs

Recommended Posts

1 hour ago, Jack_mcs said:

I'm even more confused at this point. In your original post in another thread you said you have an MS2 shop. But in this post you said you have a 2.3.4 shop. You need to straighten out your files and only use the ones meant for your shop. I can't help until you do that.

I noticed also that the Megastore theme that is installed on this custom osc 2.3.4 has its own styles and classes... so I noticed inside contact_us.php that I edited, there was no class="form-horizontal"  setting on the echo tep_draw_form line.

So I have resolve the fields problem because was Stylesheet matter. Everything works on the admin side settings logs etc. It blocks fake accounts and tries. The only problem is that the contact us form still sending spam mails. When I enabling captcha the spams stops but the captcha image is not loading. The validation of the captcha also works as I get the answer that was wrong the code.

So do you believe I should add form-horizontal class to make captcha image work? 

Link to comment
Share on other sites

i can't help you with your files because you are using a template. For example, you contact us page is submitting with GET.  The code is written to use POST. So you're on your own in getting this to work since it is beyond the scope of free support. Good luck.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

14 hours ago, Jack_mcs said:

i can't help you with your files because you are using a template. For example, you contact us page is submitting with GET.  The code is written to use POST. So you're on your own in getting this to work since it is beyond the scope of free support. Good luck.

everything works perfect except captha image is not loading... I thought it would be easy to resolve... anyway thank you for your time until now

Link to comment
Share on other sites

A new version has been uploaded with these changes:

  • Added code to ignore IPV6 IP's.
  • Added a missing sql command for MS2 shops.
  • Added notification code in case the database changes fail. Reported by member @ArtcoInc.
  • Changed the filtering for domains in emails.
  • Changed the defined names still being used.
  • Chanded installation instructions for MS2 shops.
  • Corrected minor spelling and coding mistakes.
  • Reduced the log size limit from 300 KB to 50 KB.
  • Removed the FORM REQUIRED code for pre-2.3.4 shops.
  • Removed the storage engine from the create table command. Found by member @artcoinc.

Pro Version Only:

  • Added a check to prevent empty emails from being sent.  
  • Added a check in Account Check to see if a customer has made orders.  
  • Added sort options to the Maintenance page. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Okay, was swamped with spam accounts and installed Honeypot. Poof! Like magic they are gone.

BUT now the Contact Us and Create Account pages return HTTP ERROR 500 messages.

Running OSCOM CE Phoenix v1.0.4.2

PHP Version 7.3.20 (Zend 3.3.20)

Is there some blindingly obvious mistake I made suring install? It seemed to just be upload add/replace.

 

Also, I do not have (as far as I can tell) a table called Honeypot_track

Edited by ScaleCreepMinis
Link to comment
Share on other sites

Here are my Honeypot settings:

Enable Honey Pot
True

Pages
contact_us.php
create_account.php

Sort Order
0

Email Addresses Allowed
True

Email Addresses Show Message
True

URL's Allowed
False

URL Show Message
True

Create Account Check
True

Create Account Count
2

Create Account Period
10

Block Names with Numbers
True

Block Phone with Letters
True

Name Length - First
2

Name Length - Last
1

Verify Postal Code
Ignore

Verify Domain Referer Match
True

Verify State and Country match
False

Verify Time to Submit
20

Show Captcha
Numbers

Use IP List
IPList

Block IP Automatically


Bad Words


Exclude IP's


Log Tracker
None

Link to comment
Share on other sites

29 minutes ago, ScaleCreepMinis said:

It seemed to just be upload add/replace.

Only for the new files. For the files to change, you can only use the included ones if you have the same files, minus the Honey Pot changes. You can use a compare program like Winmerge, which is free, to compare your files with those included. The needed changes are marked for honey Pot.

Regarding the tracking file, you won't have one until a block has occurred.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

That will only work if your version of Phoenix is the same as the one used for the included files. Since Phoenix changes so often and I never alter those files, it is unlikely they are compatible with your shop. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 3 months later...

Hi,

I installed Honeypot 1.8 on OSC2.3.4, installed the module header, enabled everything, and added the word "google" in Bad Words, because i noticed all my bot accounts have the word google as company name.

But i tried to create a new account, adding the word google in the company name, but still i can easily create accounts.

How can i know if its working or not

Thanks

Link to comment
Share on other sites

@PsytaniumYou don't say if the bad word filter worked for the contact us page or not.  If not,  look in the HP settings and make sure the contact us and create account pages are checked. I've seen in a few older shops where the pages were not being remembered. If they are set,  make sure you have the Create Account Check setting checked. It disables all create account checks when off.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

2 hours ago, Jack_mcs said:

@PsytaniumYou don't say if the bad word filter worked for the contact us page or not.  If not,  look in the HP settings and make sure the contact us and create account pages are checked. I've seen in a few older shops where the pages were not being remembered. If they are set,  make sure you have the Create Account Check setting checked. It disables all create account checks when off.

Yes Create_account is checked.

Add Honey Pot captcha to the specified pages.
Enable Honey Pot
True

Pages
create_account.php
tell_a_friend.php

Sort Order
0

Email Addresses Allowed
True

Email Addresses Show Message
True

URL's Allowed
True

URL Show Message
True

Create Account Check
True

Create Account Count
2

Create Account Period
10

Block Names with Numbers
True

Block Phone with Letters
True

Create Account Notify
None

Name Length - First
2

Name Length - Last
1

Show Math Captcha
False

Use IP List
False

Bad Words
google

Exclude IP's


Log Tracker
None
Link to comment
Share on other sites

Then all I can think of is that you didn't make the correct changes in the files. Please compare your files with the ones in the ChangedFiles_Frozen_and_V234 directory, or even use one of those for a quick test.

Also, having the "Email Addresses Allowed" and "URL's Allowed" options set to true prevents the code from stopping most spam. I suggest you change to false and then try sending an email from your contact us page with an email address or url in the body. If the email isn't blocked, then there is something wrong in your installation and troubleshooting the contact page will be much easier. If it does work, then it means there is a mistake in the create account file.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 months later...
3 hours ago, Gold1s said:

Mod works great, but I see it 2 times

In includes/hooks/shop/siteWide/honeypot_display.php. delete this line:

return $str; 

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

Thanks for the add-on @Jack_mcs.  I installed the MS2 v1.10 on my v2.2 RC2a based site, but there are some differences I am running into.

Emails are not being sent from catalog/contact_us.php and it just returns to the catalog/contact_us.php page like nothing happened.

In catalog/contact_us.php the directions state to:

FIND:

<?php echo tep_draw_form('contact_us', tep_href_link('contact_us.php', 'action=send'), 'post', 'class="form-horizontal"', true); ?>

REPLACE WITH:

<?php //BEGIN HONEYPOT ?>
<?php echo tep_draw_form('contact_us', tep_href_link('contact_us.php', 'action=send'), 'post', ' onsubmit="return validateMyForm();" class="form-horizontal"', true); ?>
<?php //END HONEYPOT ?>   

My version has this on line 105 instead:
<?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?>

I tried to replace it with this:
<?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send'), 'onsubmit="return validateMyForm();"'); ?>

Should I have done something different?

Likewise, in catalog/create_account.php the directions state to find:

<?php echo tep_draw_form('create_account', tep_href_link('create_account.php', '', 'SSL'), 'post', '', true) . tep_draw_hidden_field('action', 'process'); ?>

REPLACE WITH:

<?php //BOC Honeypot ?>
<?php echo tep_draw_form('create_account', tep_href_link('create_account.php', '', 'SSL'), 'post', 'class="form-horizontal" onSubmit="return validateMyForm(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?>
<?php //EOC Honeypot ?>


Instead, on line 309 I found:
<?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onSubmit="return check_form(create_account);"') . tep_draw_hidden_field('action', 'process'); ?>

And changed it to:
<?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'class="form-horizontal" onSubmit="return validateMyForm(create_account);"',) . tep_draw_hidden_field('action', 'process'); ?>
 

I an getting a syntax error, but I don't know enough to know what is wrong.  Will someone please point me in the right direction?

Edited by pchem
Link to comment
Share on other sites

1 hour ago, pchem said:

<?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send'), 'onsubmit="return validateMyForm();"'); ?>

You almost got it. :) Try this:

echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send'), 'post', 'onsubmit="return validateMyForm();"', true); 

There are changed files for your version in the package so you can use those to see the change.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thanks again Jack!

I got the contact_us.php working with the revision you provided.

At about line 309 in create_account.php I ended up just trying the code recommended in the install file even though the commands looked quite a bit different, and it seems to be working fine.

Link to comment
Share on other sites

  • 2 weeks later...

Hello,

Goodmorning. Please I need help with the HONEYPOT module. This add-on has been a lifesaver from the vicious attacks of spammers. Lately, the module is failing to stop attacks, especially after I upgraded to Phoenix v1.0.7.15. The Creat Account page (create_account.php) is throwing 500 Error Message and new customers are not able to create accounts. If you disable the module then  everything works well. When I compared the new (create_account.php) for  v1.0.7.15, I noticed differences. If anyone has an updated (1) Contact us Page (contact_us.php) & (2) Create Acct page (create_account.php) of HONEYPOT adapted to work with PHOENIX v1.0.7.15, please kindly post it here, Thank you in advance. The Russian Spammers are at it again. Thank you.

-CGIFTER

 

Link to comment
Share on other sites

Hi guru's, 

I just added the Honeypot addon on my create an account form and configure same as it is on the installation file. except of configuration_group ID on table. I found the DB tables and configurtion_group on it under the TOOLS->DATABASE TABLES but i didnt saw the group ID there. (Where i Can find that ?)

Also, I see its showing in the end of the form but not working properly. Even i put wrong answer there , its till submit the form.. :( 

http://www.randpaseka.com/catalog/create_account.php

 

you can check on this page 

Link to comment
Share on other sites

@sunnybutt222I may not be understanding you but I think you are referring to the database value that needs to be set. Assuming you do not have a Frozen or Phoenix shop, this is what you need to do:

  • Look at the configuration_group table in your database and see what the highest ID number is.
  • Edit the included database_changes.php file and change all instances of '16' to 'xx', where xx is one higher than the ID you found above.
  • Upload that file and run it in a browser like this http://www.randpaseka.com/catalog/database_changes.php

The database is different than the files. If you don't know how to get the ID from the database, you can ask your host if they will get it for you. Whatever number is the highest one, you want to add one to it for use in the file. Please ask again if you get stuck.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...