mhsuffolk Posted January 31, 2019 Share Posted January 31, 2019 (edited) Testing Version 1.6 on my PHP 7.2 XAMPP test site and get this error when attempting to create a legitimate account. 1048 - Column 'ip_number' cannot be null insert into honeypot_track set count = '1', ip_number = INET_ATON( '::1' ), last_date = now()[TEP STOP] Edited January 31, 2019 by mhsuffolk Quote Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions. Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 31, 2019 Author Share Posted January 31, 2019 It's failing because you have the option to use the IPV6 format enabled. I may put a check in for what type of IP it is but I don't know that I will be changing the code to accept them. IPV6 IP's are still not used much so I don't find it worthwhile, time-wise, to code for them. mhsuffolk 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mhsuffolk Posted January 31, 2019 Share Posted January 31, 2019 I was not aware of that. Is that in PHP 7.2 or is it in the XAMPP set up? I cannot see a setting for it. Quote Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions. Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 31, 2019 Author Share Posted January 31, 2019 All of the wamp packages come with IPV6 set to on, at least the newer ones do. As far as I know, no host enables that as the default (we don't, at least). To turn it off, open the http.conf file and search for Listen. The lines should look like this to turn IPV6 off: Listen 0.0.0.0:80 #Listen [::0]:80 mhsuffolk 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
valquiria23 Posted February 1, 2019 Share Posted February 1, 2019 On 1/27/2019 at 1:27 PM, Jack_mcs said: A new version has been uploaded with these changes: Thank you very much Jack! Quote Community Oscommerce fan You'll find the latest osC community version here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 1, 2019 Author Share Posted February 1, 2019 You're welcome. valquiria23 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
MrPhil Posted February 3, 2019 Share Posted February 3, 2019 You might want to read this article on CAPTCHAs: https://www.theverge.com/2019/2/1/18205610/google-captcha-ai-robot-human-difficult-artificial-intelligence . It states that AI is expected to improve to the point that it will solve any CAPTCHA puzzle much better than humans can. It's just about there, already. The emphasis will have to shift from how perfectly the "user" can solve a problem to watching how very human imperfections and randomness in the interaction betray who is human. Also, rather than relying on a one-time hard-shell defense against bots, we will have to watch users in their interactions with a site and see if they're doing bot-like things. Big Brother, anyone? The article points out that Third World CAPTCHA farms use people to sign up for forums and blogs, etc., which then can be handed over to bots to do the spamming. This would require monitoring of the user interactions beyond just the signup, such as an occasional CAPTCHA challenge from time to time. If most spammers crap on your forum just once (or use your tell-a-friend function for one mass mailing) and then never come back, that may be more annoying than useful. The comments are rather interesting too. Several people pointed out that the reCAPTCHA emphasis on traffic lights and street signs and vehicle recognition suggests that we are being used to train Google's self-driving cars -- for free. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 3, 2019 Author Share Posted February 3, 2019 @MrPhilThanks for the link. It finally offers a reasonable explanation as to why fake accounts are becoming a common thing. I don't think there is any code that can stop all of them unless some check is added and that is a bother to real customers. But for this addon, their scripts can't get by the contact us and create account pages because those checks are done in php. Although for the create account page, if the settings are strict, like one account allowed, then it might affect legitimate customers. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
fiodh Posted February 15, 2019 Share Posted February 15, 2019 Just installed this on my two responsive bootstrap sites and it's working great. Thanks a million for all your work, Jack! Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 16, 2019 Author Share Posted February 16, 2019 Glad to hear it helped. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Pritchard78 Posted March 25, 2019 Share Posted March 25, 2019 Hi Jack, Just attempting a new install of v1.6 on a CE store. Forgive me if i'm having a blond moment. I notice some discrepancies between instructions 3 & 4 in the ReadMe.txt and the files in "v234\ChangedFiles". There are additional bits of code in the files not in the ReadMe.txt. One example is in the contact_us.php file, on line 24 to 34: /*** BEGIN HONEYPOT ***/ if (MODULE_HEADER_TAGS_HONEYPOT_ALLOW_EMAIL == 'False' || MODULE_HEADER_TAGS_HONEYPOT_ALLOW_URLS == 'False') { include('includes/functions/honeypot.php'); if (($reslt = InvalidText($enquiry)) != 'good') { if ($reslt != 'failed') { $messageStack->add('contact', $reslt); } $error = true; } } /*** END HONEYPOT ***/ This part of code is not mentioned in the ReadMe.txt. Please can you confirm, am i ok to go with the instructions in the ReadMe.txt and ignore the changed files? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 26, 2019 Author Share Posted March 26, 2019 3 hours ago, Pritchard78 said: Please can you confirm, am i ok to go with the instructions in the ReadMe.txt and ignore the changed files? I apologize for the confusion this caused. Yes, that file change is needed. The changed files will always be correct. I try to supply installation instructions but they don't always match. Here are the instructions from the, unreleased, next version: 3) In the contact_us.php file, FIND: if (!tep_validate_email($email_address)) { ADD ABOVE: /*** BEGIN HONEYPOT ***/ if (MODULE_HEADER_TAGS_HONEYPOT_ALLOW_EMAIL == 'False' || MODULE_HEADER_TAGS_HONEYPOT_ALLOW_URLS == 'False') { include('includes/functions/honeypot.php'); if (($reslt = InvalidText($enquiry)) != 'good') { if ($reslt != 'failed') { $messageStack->add('contact', $reslt); } $error = true; } } /*** END HONEYPOT ***/ FIND: <?php echo tep_draw_form('contact_us', tep_href_link('contact_us.php', 'action=send'), 'post', 'class="form-horizontal"', true); ?> REPLACE WITH: <?php //BEGIN HONEYPOT ?> <?php echo tep_draw_form('contact_us', tep_href_link('contact_us.php', 'action=send'), 'post', ' onsubmit="return validateMyForm();" class="form-horizontal"', true); ?> <?php //END HONEYPOT ?> FIND: <div class="buttonSet"> ADD ABOVE IT: <?php //BEGIN HONEYPOT ?> <div style="display:none;"> <label>Keep this field blank</label> <input type="text" name="honeypot" id="honeypot" /> </div> <?php //END HONEYPOT ?> ----------------------------------------------------------------- 4) In the create_acccount.php file, FIND: if ($error == false) { ADD ABOVE: /***** Begin Honey Pot *****/ if ($error == false) { if (defined('MODULE_HEADER_TAGS_HONEYPOT_CREATE_ACCOUNT_CHECK') && MODULE_HEADER_TAGS_HONEYPOT_CREATE_ACCOUNT_CHECK == 'True') { include('includes/languages/' . $language . '/modules/header_tags/ht_honeypot.php'); include('includes/functions/honeypot.php'); $cust = $firstname . ' ' . $lastname; $error = CheckCreateAccountHP($cust); if ($error) { $messageStack->add('create_account', MODULE_HEADER_TAGS_HONEYPOT_CREATE_ACCOUNT_TOO_SOON); } } } /***** End Honey Pot *****/ FIND: <?php echo tep_draw_form('create_account', tep_href_link('create_account.php', '', 'SSL'), 'post', 'class="form-horizontal"', true) . tep_draw_hidden_field('action', 'process'); ?> REPLACE WITH: <?php //BOC Honeypot ?> <?php echo tep_draw_form('create_account', tep_href_link('create_account.php', '', 'SSL'), 'post', 'class="form-horizontal" onSubmit="return validateMyForm(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?> <?php //EOC Honeypot ?> FIND: <div class="buttonSet"> ADD ABOVE: <!-- BOC Honeypot --> <div style="display:none;"> <label>Keep this field blank</label> <input type="text" name="honeypot" id="honeypot" /> </div> <!-- EOC Honeypot --> Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mcbsolutions Posted May 3, 2019 Share Posted May 3, 2019 Hello, I'm getting a few spams that got through with just one character and also long junk strings like this +ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b% Also what is best way to add an array of domains to block, such as domain.com, example.com, etc. Thank you for the help! Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted May 3, 2019 Author Share Posted May 3, 2019 24 minutes ago, mcbsolutions said: I'm getting a few spams that got through with just one character and also long junk strings like this That string is trying to access your database. If it was submitted via the contact us page there's no danger from it. But if it was sent from the create account page, it might cause problems. Honeypot can't block the message because it is legitimate. There's not an option to block for specific text. You can use the account limit setting to prevent additional accounts so that will only allow one through. I have a new version that I am going to try and get uploaded soon. It may help with emails like this. mcbsolutions 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted May 9, 2019 Author Share Posted May 9, 2019 A new version has been uploaded with these changes. Added an ignore IP setting so shop owners can create multiple accounts. Added the account_pwa.php file for those with the Purchase Without Account addon installed. Added code to the contact us page to check for violations of the Honey Pot form. Added an option to prevent emails containing certain words. Changed the notification code and option so emails can be sent for every account creation. For shops with a previous version installed that uses the module, be sure to uninstall the module before updating to avoid database problems. valquiria23 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Boldman Posted May 18, 2019 Share Posted May 18, 2019 Jack, In 2 last lines in the SQL given gives my database an error: insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now())"); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now()); Syntax ? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted May 18, 2019 Author Share Posted May 18, 2019 What is the error? What version of oscommerce are you using? What version of php are you using? Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Boldman Posted May 18, 2019 Share Posted May 18, 2019 8 minutes ago, Jack_mcs said: What is the error? What version of oscommerce are you using? What version of php are you using? V2.3.4 PHP 7.0 Static analysis: 3 errors were found during analysis. Ending quote " was expected. (near "" at position 690) Unexpected token. (near ""); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now());" at position 339) Unexpected beginning of statement. (near ""); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now());" at position 339) SQL query: insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now())"); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now()); MySQL said: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"); insert into configuration (configuration_title, configuration_key, configur' at line 1 Quote Link to comment Share on other sites More sharing options...
MrPhil Posted May 18, 2019 Share Posted May 18, 2019 58 minutes ago, Boldman said: now())"); insert should be now()); insert Any idea how it got corrupted? Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted May 18, 2019 Author Share Posted May 18, 2019 1 hour ago, Boldman said: V2.3.4 PHP 7.0 The error is caused by a mistake in the changes for older shops that can't use modules. I don't have a V2.3.4 shop to test but I think it can use modules so you should not be using that code. But for those that have the problem, change the following. But note, if your shop uses the module, making this change will cause problems. insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now())"); to insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now()); Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 26, 2019 Author Share Posted July 26, 2019 A change was mentioned in Fake Accounts thread to check TOR IP's, which are often used by spammers and hackers. The code to make this change is below. I will add it to the next release once I have time to add a setting and package it. To use it now, open the includes/functions/honeypot.php file and find this line: $db_table = 'honeypot_track'; and add this above it: if (CheckTOR()) { return true; } Then at the end of the file, add this function CheckTOR() { $ips = file("https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1"); $found = false; foreach ($ips as $ip) { if (strpos($ip, $_SERVER['REMOTE_ADDR']) !== FALSE) { $found = true; break; } } return $found; } valquiria23 1 Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
rule Posted August 5, 2019 Share Posted August 5, 2019 @Jack_mcs Unfortunately, this latest change does not improve the situation. We are still seeing about 15 new fake accounts each day. More importantly, using CSF to blacklist IP addresses also appears to be futile. Quote Link to comment Share on other sites More sharing options...
rule Posted August 5, 2019 Share Posted August 5, 2019 Is it possible to extend the module by including a filter to catch domain names used by spammers for emails, i.e. similar to the bad words filter but for account creation rather than contact form? The same domain names seem to be used over and over again. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 5, 2019 Author Share Posted August 5, 2019 35 minutes ago, rule said: Is it possible to extend the module by including a filter to catch domain names used by spammers for emails, i.e. similar to the bad words filter but for account creation rather than contact form? Yes, it is possible. I have done that in the pro version of View Counter. I may make the change in this one but it is not a quick change so I don't know when, or if, that will be due to time constraints. Usually, in my experience, these people creating fake accounts have more than one IP address so blocking one may be a waste of time. You can generally tell if that is the case by checking the WhoIs for the IP. When you do that, you will see an IP Range and/or CIDR listed. Those are short-hand methods for all IP's associated to that one IP. Using one of those to block maybe help. However, you have to be careful since the IP range may include legitimate IP's so you may end up blocking potential customers. You have compare where the IP is from and whether you would hurt the shop by blocking people from that location. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥SCH_001 Posted August 5, 2019 Share Posted August 5, 2019 Hi Jack, I have just installed this on osCommerce Online Merchant v2.3.4.1 CE aka Frozen BS and when I enter a word in the bad word area and click save the bad words not saved I also added the extra TOR IP's part as per above Can you please assist Quote Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.