Philip79 Posted June 5, 2020 Share Posted June 5, 2020 Since putting the contribution into production I have received a total of four messages advising that new user accounts were created that had a violation. What information would you like me to send to you about the accounts to help prevent their future creation by the Russian bots? Thanks. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 5, 2020 Author Share Posted June 5, 2020 The new account message says it is a violation but it usually isn't. It wasn't worth the effort to change the text to read differently for that one item. Some shops owners don't like to be notified on first account creations, thus the setting in the Pro version. But ou may want to take a look at the actual accounts to see if there is anything in them that should have been caught, like numbers in a name. If there is, then post the details of the account along with your HP settings and I will take a look. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Philip79 Posted June 5, 2020 Share Posted June 5, 2020 Honetpot is doing a good job so far. These are example sof the messages received: 37.120.136.172 06-05-2020: A new account was created by Georgesut GeorgesutFF.This IP has 1 violations. 185.238.104.91 06-04-2020: A new account was created by Vishivkacyhog VishivkacyhogML.This IP has 1 violations. The user names that create are usually in the above format. Now that Honeypot is installed, I do not have to execute a SQL script to identify new users accounts multiple times a day and since the messages contain the IP address I just add them to the iplist.txt file. If the IP address is for a ISP that is in Russia or the eastern European counties, I have been blocking the whole group of IP addresses associated with the one IP address as they are usually blacklisted on the CleanTalk web site. As the list of IP addresses grows in the iplist.txt file hopefully there will be fewer and fewer. The daily list of bogus created accounts is down from 10-20/day to 4 or less/day. So between the IP blocker in CPanel and the iplist.txt file, thinghs should get better. Quick question on the cron job. My hosting service set-up the cron job but I am not getting a message as expected. Was there something specific that I needed to do to cause that message to be sent when the iplist.txt file updated? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 6, 2020 Author Share Posted June 6, 2020 7 hours ago, Philip79 said: Was there something specific that I needed to do to cause that message to be sent when the iplist.txt file updated? No, you should get an email when the script runs, even if it can't connect to the other server. It might be that your host setup the cron job to hide is output, which is common for many cron jobs. If they did, that needs to be removed since it blocks the output from the script. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Schakeri12 Posted June 8, 2020 Share Posted June 8, 2020 Dear jack, I saw you commented on this error: 1048 - Column 'ip_number' cannot be nullinsert into honeypot_track set count = '1', ip_number = INET_ATON( 'xxxxx.xxxxxx.xxxxx' ), last_date = now()[TEP STOP] That because it's hardly used you don't want to include IPv6 functionality. I installed you contribution 2 weeks ago and I know have already 3 customers who run into this error. (They contacted me) not sure how may people gave up. Since this is also not shown in to the logging. I know had to disable the module. Is there a way to make this work for IPv6 or a way to go arround this? Thanks for all you hard work. regards Schakeri (Netherlands) Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 9, 2020 Author Share Posted June 9, 2020 4 hours ago, Schakeri12 said: Is there a way to make this work for IPv6 or a way to go arround this? The code could be made to work with IPV6 IP's but I don't have any plans to do that at the moment. To ignore those, find this code in the includes/functions/honeypot.php file function CheckCreateAccountHP($all_fields) { $cust = $all_fields['firstname'] . ' ' . $all_fields['lastname']; and add this after it if (! filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { return false; //either an IPV6 or invalid IP so ignore } Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Philip79 Posted June 14, 2020 Share Posted June 14, 2020 Follow-up on the cron job \admin\honeypot.php is not executing at all. This includes executing it from a browser. I even added an echo statement at the beginning of the code as an indicator that it was at least getting that far and I get nothing displayed. Could this be a security issue. Since it isn't displaying any of the echo statements it cannot be a PHP version issue. Thanks for your assistance. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 14, 2020 Author Share Posted June 14, 2020 Try replacing all of the contents of the file with just one echo statement. If you get that, then add a few of the original lines of code and an echo statement after that. If it is something in script, that will find it. If you don't get an email with just the one echo statement, then you need to ask your host to check why cron isn't working. Just a thought but if you don't set the email for cron, it defaults to the default one so you would not get the emails. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ArtcoInc Posted July 23, 2020 Share Posted July 23, 2020 @Jack_mcs Which version of Honey Pot do I use for a v2.3.3.4 BS shop? Thanks! Malcolm Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 24, 2020 Author Share Posted July 24, 2020 I think the last released version, 1.10, will work. Use the files in the NewFiles directory in the Phonex_Frozen_and_v234 directory. And then make the changes using those in the ChangedFiles_Frozen_and_V234 directory. If that doesn't work, you may have to use the NewFiles in the MS2 directory. Honeypot will work in any version of oscommerce. I recently installed it into an MS2 shop. But the core files differ so much in some of the versions that it might take some playing around with to get it to work in your version. ArtcoInc 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
danil0 Posted July 28, 2020 Share Posted July 28, 2020 hello .. I installed the latest 1.10 version on a custom 2.3.4 OSC version. Everything seems working well except the captcha image is not appear and the string "FORM_REQUIRED_INPUT" has no translation. Are there any files missing? Can anyone help? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 28, 2020 Author Share Posted July 28, 2020 2 hours ago, danil0 said: the string "FORM_REQUIRED_INPUT" has no translation. This is because some versions of oscommerce don't use that item. To fix it, edit the includes/honeypot/modules/honeypot_display.php file and change this FORM_REQUIRED_INPUT . ' </div> to this (notice the addition of a single quote) '</div> For the captcha, the gd library is required. That is part of php but has to be enabled in it. You need to ask your host if it is enabled. There is an older version of it that, I think, won't work. So if they can enable the latest version, that would be best. But I've mentioned before that the captcha is really not needed and just adds a bother to your customers. Use it if you like. But the blocking should work fine without it. danil0 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ArtcoInc Posted July 28, 2020 Share Posted July 28, 2020 @Jack_mcs With your guidance above, I installed this on my osC 2.3.3.4 BS shop. I'm not using the captcha. Before installation, I was getting hundreds of fake customer accounts a day. One day, I found I had 100 fake accounts. In the time to delete them, I had 10 more. In the time to delete those, I had 3 more. Since installing this, I have had NO new fake accounts 😀 Now, it's a small site with not a lot of actual activity, so I haven't had any real customers complain that they can't create an account. We'll see what happens. Oh, the file /includes/HoneyPot_log is growing. Is there a harm in emptying it once in a while? Or, is there a harm in letting it grow too big? Thank you! Malcolm Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 29, 2020 Author Share Posted July 29, 2020 @ArtcoIncI'm pleased to hear the addon helped. Regarding the file size, you can safely delete it. It will be created again as needed. There is a limit in the code of 300 KB (reduced in the next version). When that limit is reached, a backup of the file is made and the log cleared. For the free version of the addon, it probably doesn't help to keep such large files. In the Pro version, the log can be viewed in different ways, like sorting by IP, so a bigger log gives a better picture of what's happening over time. ArtcoInc 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
danil0 Posted July 29, 2020 Share Posted July 29, 2020 1. I checked the new files and instructions was from 234 version (Install_Frozen_V234.txt) 2. I tried the contact_us.php changed new file also from zipped cotribution file and the result was the same ...seems like it has no access on some directories I guess... 3. header tag module in Admin is installed because I installed the honeypot Module from this.. I attached printscreen from both pages if anyone can unsterstand what is going on? Quote Link to comment Share on other sites More sharing options...
danil0 Posted July 29, 2020 Share Posted July 29, 2020 20 hours ago, Jack_mcs said: But the blocking should work fine without it unfortunatelly is not working and the captcha is my last hope 20 hours ago, Jack_mcs said: To fix it, edit the includes/honeypot/modules/honeypot_display.php file and change this I did that change but it appears again Quote Link to comment Share on other sites More sharing options...
ArtcoInc Posted July 29, 2020 Share Posted July 29, 2020 @danil0 Two things ... 1) It still looks like you messed up the edits to contact_us.php. Can you post your modified file here? 2) Do you have access to your database, through something like phpMyAdmin ? Can you confirm that you have a table called honeypot_track ? Malcolm danil0 1 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 30, 2020 Author Share Posted July 30, 2020 5 hours ago, danil0 said: unfortunatelly is not working and the captcha is my last hope There's a mistake in the database file for MS2 shops. The settings are applied to the configuration group with the ID of 16. That is probably not correct in your shop since it has been around for a while, as I understand it. The corrected file is attached. But don't just apply it. You need to do the following: 1 - Remove all of the entries in your database having to do with this addon. You can do that manually by searching or run this command, assuming you didn't change the original sql file: delete from configuration where configuration_key like '%honeypot%' 2 - Look at the configuration_group table and see what the last number is in the configuration_group_id column. 3 - Edit the attached file and change all entries of '16' to 'X' where X is the number you found in step 2 plus 1. So if the number you found is 111, then you would change the file to use '112'. 4 - Upload the attached file and run it. database_changes.php Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
danil0 Posted July 30, 2020 Share Posted July 30, 2020 11 hours ago, ArtcoInc said: @danil0 Two things ... 1) It still looks like you messed up the edits to contact_us.php. Can you post your modified file here? 2) Do you have access to your database, through something like phpMyAdmin ? Can you confirm that you have a table called honeypot_track ? Malcolm 1) <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2010 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); require('includes/languages/' . $language . '/contact_us.php'); if (isset($_GET['action']) && ($_GET['action'] == 'send') && isset($_POST['formid']) && ($_POST['formid'] == $sessiontoken)) { $error = false; $name = tep_db_prepare_input($_POST['name']); $email_address = tep_db_prepare_input($_POST['email']); $enquiry = tep_db_prepare_input($_POST['enquiry']); if (!tep_validate_email($email_address)) { $error = true; $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR); } /*** BEGIN HONEYPOT ***/ include('includes/honeypot/modules/honeypot_verify_general.php'); /*** END HONEYPOT ***/ $actionRecorder = new actionRecorder('ar_contact_us', (tep_session_is_registered('customer_id') ? $customer_id : null), $name); if (!$actionRecorder->canPerform()) { $error = true; $actionRecorder->record(false); $messageStack->add('contact', sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_CONTACT_US_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_CONTACT_US_EMAIL_MINUTES : 15))); } if ($error == false) { tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address); $actionRecorder->record(); tep_redirect(tep_href_link('contact_us.php', 'action=success')); } } $breadcrumb->add(NAVBAR_TITLE, tep_href_link('contact_us.php')); require('includes/template_top.php'); ?> <div class="page-header"> <h1 class="h3"><?php echo HEADING_TITLE; ?></h1> </div> <?php if ($messageStack->size('contact') > 0) { echo $messageStack->output('contact'); } if (isset($_GET['action']) && ($_GET['action'] == 'success')) { ?> <div class="contentContainer"> <div class="contentText"> <div class="alert alert-info"><?php echo TEXT_SUCCESS; ?></div> </div> <div class="pull-right"> <?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'fa fa-angle-right', tep_href_link('index.php')); ?> </div> </div> <?php } else { ?> <?php //BEGIN HONEYPOT ?> <?php echo tep_draw_form('contact_us', tep_href_link('contact_us.php', 'action=send'), 'post', ' onsubmit="return validateMyForm();" class="form-horizontal"', true); ?> <?php //END HONEYPOT ?> <div class="contentContainer"> <div class="contentText"> <div class="row"> <?php echo $oscTemplate->getContent('contact_us'); ?> </div> <p class="text-danger text-right"><?php echo FORM_REQUIRED_INFORMATION; ?></p> <div class="clearfix"></div> <div class="form-group has-feedback"> <label for="inputFromName" class="control-label col-sm-3"><?php echo ENTRY_NAME; ?></label> <div class="col-sm-9"> <?php echo tep_draw_input_field('name', NULL, 'required autofocus="autofocus" aria-required="true" id="inputFromName" placeholder="' . ENTRY_NAME_TEXT . '"'); echo FORM_REQUIRED_INPUT; ?> </div> </div> <div class="form-group has-feedback"> <label for="inputFromEmail" class="control-label col-sm-3"><?php echo ENTRY_EMAIL; ?></label> <div class="col-sm-9"> <?php echo tep_draw_input_field('email', NULL, 'required aria-required="true" id="inputFromEmail" placeholder="' . ENTRY_EMAIL_ADDRESS_TEXT . '"', 'email'); echo FORM_REQUIRED_INPUT; ?> </div> </div> <div class="form-group has-feedback"> <label for="inputEnquiry" class="control-label col-sm-3"><?php echo ENTRY_ENQUIRY; ?></label> <div class="col-sm-9"> <?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15, NULL, 'required aria-required="true" id="inputEnquiry" placeholder="' . ENTRY_ENQUIRY_TEXT . '"'); echo FORM_REQUIRED_INPUT; ?> </div> </div> </div> <?php /*** BEGIN HONEYPOT ***/ include('includes/honeypot/modules/honeypot_display.php'); /*** END HONEYPOT ***/ ?> <div class="buttonSet"> <div class="text-right"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'fas fa-paper-plane', null, 'primary', null, 'btn-success'); ?></div> </div> </div> </form> <?php } require('includes/template_bottom.php'); require('includes/application_bottom.php'); ?> 2) There is no this table with name honeypot_track in my database. I did not found any database table creation sql file inside instractions. The only database editing file was the database_changes.php file where I have changed the ID according instractions, because the 16 was taken from other addon and I executed it. Quote Link to comment Share on other sites More sharing options...
danil0 Posted July 30, 2020 Share Posted July 30, 2020 6 hours ago, Jack_mcs said: There's a mistake in the database file for MS2 shops. The settings are applied to the configuration group with the ID of 16. That is probably not correct in your shop since it has been around for a while, as I understand it. The corrected file is attached. But don't just apply it. You need to do the following: 1 - Remove all of the entries in your database having to do with this addon. You can do that manually by searching or run this command, assuming you didn't change the original sql file: delete from configuration where configuration_key like '%honeypot%' 2 - Look at the configuration_group table and see what the last number is in the configuration_group_id column. 3 - Edit the attached file and change all entries of '16' to 'X' where X is the number you found in step 2 plus 1. So if the number you found is 111, then you would change the file to use '112'. 4 - Upload the attached file and run it. database_changes.php I made all your steps thank you. I saw that there was not column before with name honeypot. With your instractions the column created and the ID is 1602 because the last one was 1601. see attached screenshot. I installed module again to see if it works but I have the same results. Are there any other instractions missing from zipped cotribution v1.10 file? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 30, 2020 Author Share Posted July 30, 2020 5 hours ago, danil0 said: There is no this table with name honeypot_track in my database. It's created when the script is ran. 4 hours ago, danil0 said: I installed module again to see if it works but I have the same results. What are your settings set to? Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
danil0 Posted July 30, 2020 Share Posted July 30, 2020 (edited) 1 hour ago, Jack_mcs said: It's created when the script is ran. What are your settings set to? I searched again after repeating execution of php but there is no this table... but why are you saying that it's created when the script run ? inside the database_changes.php there is no honeypot_track string. I m asking again is there any other database creation file?? my settings are: Enable Honey Pot True Pages contact_us.php create_account.php Sort Order 10 Email Addresses Allowed True Email Addresses Show Message True URL's Allowed True URL Show Message True Create Account Check False Create Account Count 2 Create Account Period 10 Block Names with Numbers True Block Phone with Letters True Name Length - First 2 Name Length - Last 1 Verify Postal Code Ignore Verify Domain Referer Match True Verify State and Country match False Verify Time to Submit 10 Show Captcha None Use IP List IPList Block IP Automatically Bad Words sex, viagra Exclude IP's Log Tracker File I m still receiving spam mails and fake accounts ...and the captcha is not appear Edited July 30, 2020 by danil0 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 30, 2020 Author Share Posted July 30, 2020 16 minutes ago, danil0 said: but why are you saying that it's created when the script run ? By script, I meant the Honey Pot file, not the database file. You have the "Create Account Check" option set to false. here's what the usage file says: Quote Quote Create Account Check - If off, no checks are done for the create account page and fake accounts will not be stopped. This needs to be enabled to stop fake accounts. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
danil0 Posted July 30, 2020 Share Posted July 30, 2020 (edited) 12 minutes ago, Jack_mcs said: By script, I meant the Honey Pot file, not the database file. what is this file? where is it ? is sql text file I have to run to create tables on database? Quote You have the "Create Account Check" option set to false. here's what the usage file says: ok I set it true ... but anyway it seems that all cotribution is not working at all... I must missing something very important because the forms on both pages, create account and contact us, are broken as you can see on screeshoots I send earlier(every field has FORM_REQUIRED_INPUT) Edited July 30, 2020 by danil0 Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 30, 2020 Author Share Posted July 30, 2020 Maybe I'm getting lost in all of the posts but the file you posted here is not an MS2 file. So my guess is that you uploaded the changed files in the addon from the wrong directory. Even if you used the correct directory, it is not a good idea to upload files like that unless you are absolutely sure the file is the correct one for your shop and the one in your shop has not been altered. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.