Extra Registration Security

[MutsNuts]

Hi all,

Just installed the Zen Cart system and am starting tweaking it later today.

There is one thing that is bugging me though and this is the forced registration to buy a product, i have looked at using agora cart as this does not do this, but it sort of pales in comparison against everything else that can be done.

If reg is needed it needs to be a little more secure, I run several Phpbb boards and I have a problem with spammers/hackers/robots, they register dummy names etc etc and try to gain access.

The main problem was the robots, was clearing off 50 to 60 accounts a day, this is a big problem.

A helpfull member give me a link to a mod, this mod basically added extra validating fields into the reg process, a sort of human check.

It had questions like what colour is the sky a, red b, purple, c,blue
what noise does a bog make a, whoof b, Meoow c, bhaaa

the answer where radio buttons and the answers had to be correct or the reg process ended.

Since implememnting this my robot registration has gone from 60 a day to zero in 4 months.

This is a must for me with any reg process now as I have no time cleaning up after robots.

My php is very limited, I am an avid C++, VB programmer though and use linux full time, I know my stuff but never touched php.

Is this mod available already or can somebody create it, it is a very valuable option.

thanks

Paul
MutsNuts

[kuroi]

There is at least one CAPTCHA mod for account creation in the downloads area. However, this isn't a problem that I have ever heard of with Zen Cart or seen on any of my own sites. Maybe Zen Cart has enough wrinkles in its account creation to put off the robots.

[MutsNuts]

Thanks for the response, this is my first e-commerce solution for my client, zen cart sure does look the business but just wanted to find out more about the reg thing.

If it is the case that robots aren't a problem that that is good enough for me. I have some experience with forums, and support many, it is one of the biggest problems I have with them.

It is all down to the robot I think, if the format for details is stringent enough then this can have the same effect as questions.

Robots find it hard to format exact required responses so this might be good enough.

Still I would like to be sure instead of finding out 5 months down the line from my client.

I'll take a look at the mod mentioned if i can find it, but in the mean time, has anyone else had issues with strange registrations with repeating data usually from robots?.

Also, I wish to turn off all email features for customers i.e. not letting anyone refer products to friends. If a hacker gets an account they can use these for solicited emailing to people so i'm told.

Paul

[MutsNuts]

Also one more question,

Upgrades, I know from my forum work, upgrading the version is a pain if you have mods to your forum.

I have one forum heavily modded, upgrading it to the next version is a pig of a job, thankfully I left notes on what was added, and I work 2 forums the live and a shadow forum which is updated to match the live one to test mods and upgrades on

Do the mods to Zen cart break when upgrading Zen Cart or will the Upgrades fail if modes have been put in place??.

I do know about using overides, which is a very simple and effective way of keeping your altered files seperate, but do mods have the same issues as pnpbb??.

sorry for the bombardment of questions, but it's the only way to learn.

Paul

[kuroi]

Also, I wish to turn off all email features for customers i.e. not letting anyone refer products to friends. If a hacker gets an account they can use these for solicited emailing to people so i'm told.

There are protections built into this function, such as optionally restricting it to registered users and a footer that can explain why the emails have been sent and how to report abuse. And in practise the issue about which you are worried doesn't seem to happy, or at least not the extent that it gets reported in this forum.

That's not really a surprise, since the hoops a spammer would have to jump through are higher than other methods available to them, and the extent to which it would be useful much lower. It would be a shame to deprive your clients of a legitimate marketing tool, in order to avert such a minuscule risk.

[kuroi]

Do the mods to Zen cart break when upgrading Zen Cart or will the Upgrades fail if modes have been put in place??.

I do know about using overides, which is a very simple and effective way of keeping your altered files seperate, but do mods have the same issues as pnpbb??.

There's no definitive answer to this question. In general the over-ride system does keep most of the files in mods away from the impacts of upgrades, and some mods are completely unaffected by them.

However at the other end of the extreme, the are mods that can't help but interact with or replace core Zen Cart code or functions and these will be much more sensitive to upgrades.

And then there's the question of the extent of the upgrade. Some mods will continue to work nicely through a series of minor upgrades but suffer when there's a major upgrade.

So what do you do? Well three main points that are less ambiguous.

1. Use mods sparingly to solve real problems or add genuinely needed functionality
2. As far as possible use mods with an active support thread and a history of being updated to work with upgrades
3. Keep records (as you do) of the files that are over-written and changed by them

[MutsNuts]

thanks alot, that was pretty much the answer I was expecting. I'm a designer really by trade not a developer, but have strong c++ vb skills. Carts aren't normally my bag, but times change. I generally like making things look nice, it's far less hastle (or it would be if MS sorted out IE).

I'll use the document method i use for the forums, if upgrade fails then i can re-install new version from fresh and apply mods, then update database.

Seems Zen is pretty secure, googling around seems to show no real issues with security, I guess i'm just paranoid, but it doesn't hurt checking.

Paul