Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29
  1. #21
    Join Date
    Apr 2012
    Posts
    37
    Plugin Contributions
    1

    Default Re: Spam - fake customers

    Quote Originally Posted by davewest View Post
    The basic 155f-156a filters for preventing some fields from interning bad data or setting some limits to amount or lack of data is really good. Adding a eye testing CAPTCHA or Honey pot CAPTCHA works on bots.. Lest Google version 3 is working I think.. 2 has known walk around. Blocking IP's work, blocking bad bots helps, I placed some code above that helps with human bots.

    In testing, I'm not getting accounts created with what is reported! I can create standard accounts without what's reported, but that's is not what the spammers are after. After adding non-CAPTCHA, the bots have yet to pick the right number! Which is why I ask for links, mods installed, basically, answers to the posting tips so folks here can better help figure out what to help you with...

    @ianhg For logs created from admin, if you was not looking at or managing customers... you may have a problem, see this FAQ. If there created as you delete or edit accounts, then its due to the data in those fields, not the code.
    I am running v1.5.5e with the Template 'Westminster New, Version 1.3' and have blacklisted all IP ranges, removed Ukraine from countries under Localization as that's what the bots were using as the country, remarked out the autoresponder 'welcome' email in the code, added a non-working (but visually there CAPTCHA as I'm still trying to figure out how to add a CAPTCHA to Westminster New. BTW - The IP stored in the created account is actually different than the IP being used as the account is being created. I know this for a fact, as I have logged and even blacklisted the IP being that's viewable in the 'Who's Online' admin tool. In other words, these things are not only spamming from false servers, but are also ghosting IP addresses. SO! If you know how to install a CAPTCHA in Westminster New, that's about all that I've left to try that might work.

  2. #22
    Join Date
    Dec 2007
    Location
    RV... somewhere...
    Posts
    820
    Plugin Contributions
    12

    Default Re: Spam - fake customers

    Quote Originally Posted by sjdeines View Post
    I am running v1.5.5e with the Template 'Westminster New, Version 1.3' and have blacklisted all IP ranges, removed Ukraine from countries under Localization as that's what the bots were using as the country, remarked out the autoresponder 'welcome' email in the code, added a non-working (but visually there CAPTCHA as I'm still trying to figure out how to add a CAPTCHA to Westminster New. BTW - The IP stored in the created account is actually different than the IP being used as the account is being created. I know this for a fact, as I have logged and even blacklisted the IP being that's viewable in the 'Who's Online' admin tool. In other words, these things are not only spamming from false servers, but are also ghosting IP addresses. SO! If you know how to install a CAPTCHA in Westminster New, that's about all that I've left to try that might work.
    I disable countries I don't sell to. Yes, spoofing IP is normal, they some times forget the host line
    1) Westminster new does not modify the customer account page so dropping the tpl_modules_create_account.php file from Google reCAPTCHA should do the job unless its modified by something else. Check there support page if not working.
    2) Trace IP's host by the raw server access logs not zen whos online page..
    3) check template folder //includes/modules/YOUR_TEMPLATE/create_account.php and delete it if no other mods modified it.. then check the same file in //includes/modules/create_account.php and replace with a new one from a clean zc155e..

    If after doing the above, and you still getting hit, follow this FAQ.
    Dave
    Working on a new project... MySite..

  3. #23
    Join Date
    Jul 2007
    Posts
    179
    Plugin Contributions
    1

    Default Re: Spam - fake customers

    Quote Originally Posted by davewest View Post
    adding reCAPTCHA or non-CAPTCHA can help fix issues with bots... with non-bots or human spammers, a simple regex line can help. Regex can also limit or hinder good account creation too..

    The standard create account line for first name on a ZC156a page is
    Code:
    <?php  echo zen_draw_input_field('firstname', '',  zen_set_field_length(TABLE_CUSTOMERS, 'customers_firstname', '40') . '  id="firstname" placeholder="' . ENTRY_FIRST_NAME_TEXT . '"' .  ((int)ENTRY_FIRST_NAME_MIN_LENGTH > 0 ? ' required' : '')); ?>
    adding this in red blocks some characters not normal to names and limit the length to 20 characters.
    Code:
    <?php  echo zen_draw_input_field('firstname', '',  zen_set_field_length(TABLE_CUSTOMERS, 'customers_firstname', '40') . '  id="firstname" pattern="^[^!@$%^&*_+#\\/<>?:;|=.,]{' . ENTRY_FIRST_NAME_MIN_LENGTH . ',20}$" placeholder="' . ENTRY_FIRST_NAME_TEXT . '"' . ((int)ENTRY_FIRST_NAME_MIN_LENGTH > 0 ? ' required' : '')); ?>
    This only works on humans, bots well walk right by it...

    I would also check the template or mods you may be using that they meet current ZC filters.
    @davewest Thanks for this.
    I applied your excellent non-captcha and it has stopped spam coming from contact page on one particular site. It has also appeared to have stopped the spam bot setting up fake accounts on another site with links as described in this thread. I did get four fake accounts which I think may have been done by an actual spammer, as they came through with long first names and surnames so I have added the above tested and it appears to work. So I wait to see if anything happens later today, many thanks excellent help from you. Just one thing is it possible to only except UK postal codes in the correct format in postal code field.
    Thanks again.

  4. #24
    Join Date
    Dec 2007
    Location
    RV... somewhere...
    Posts
    820
    Plugin Contributions
    12

    Default Re: Spam - fake customers

    Quote Originally Posted by ianhg View Post
    Just one thing is it possible to only except UK postal codes in the correct format in postal code field.
    Thanks again.
    I'm not sure what the UK pattern is, but on many of my pages I use jquery maskedinput script to format things like dates, phone numbers.. This could work if you only have one pattern only.. The script is tied to input class or id and script is placed at the bottom of the tpl_PAGE You can see how it works by looking at my map request page.. Google jquery maskedinput to get the latest version and instructions.. The UI script and css is used for the popup calendar.


    Code:
    <script src="<?php echo $template->get_template_dir('jquery-ui.min.js',DIR_WS_TEMPLATE, $current_page_base,'jscript') . '/jquery-ui.min.js' ?>" type="text/javascript"></script>
    <script src="<?php echo $template->get_template_dir('jquery.maskedinput.js',DIR_WS_TEMPLATE, $current_page_base,'jscript') . '/jquery.maskedinput.js' ?>" type="text/javascript"></script>
    <script type="text/javascript">
        $(function() {
            $("#date")
                    .datepicker({ nextText: "", prevText: "", changeMonth: true, changeYear: true })
                    .mask("99/99/9999");
        $(".phone")             .mask("999-999-9999");
        });
    </script>
    Dave
    Working on a new project... MySite..

  5. #25
    Join Date
    Jul 2007
    Posts
    179
    Plugin Contributions
    1

    Default Re: Spam - fake customers

    @davewest Thank you for your speedy response. Just one other point do you need to be using PHP7 or greater for your honey pot CAPTCHA to work?

  6. #26
    Join Date
    Dec 2007
    Location
    RV... somewhere...
    Posts
    820
    Plugin Contributions
    12

    Default Re: Spam - fake customers

    Quote Originally Posted by ianhg View Post
    @davewest Thank you for your speedy response. Just one other point do you need to be using PHP7 or greater for your honey pot CAPTCHA to work?
    No.. not php version specific at all.. the only requirement is the slider! Its a HTML5 issue.. any current browser higher then IE9 is supportive, lesser browsers would only get an input field to figure out what to do. I think IE has a different idea how HTML5 should be so there may be some issues there conflicting with the scripting. Something I've been trying to fix without IE to go by, hoping IE get there act together with everyone else someday...
    Dave
    Working on a new project... MySite..

  7. #27
    Join Date
    Jul 2007
    Posts
    179
    Plugin Contributions
    1

    Default Re: Spam - fake customers

    @davewest sorry to be a pain.. I noticed when testing this on one site if I answered the contact page correctly then went to the create account page incorrectly it went through, so would this be a caching issue with the browsers? Also once logged in then went to the contact us page the email went through even though the slider was incorrect. Is there a way of stopping caching on the contact us page?

  8. #28
    Join Date
    Apr 2012
    Posts
    37
    Plugin Contributions
    1

    Default Re: Spam - fake customers

    Quote Originally Posted by davewest View Post
    I disable countries I don't sell to. Yes, spoofing IP is normal, they some times forget the host line
    1) Westminster new does not modify the customer account page so dropping the tpl_modules_create_account.php file from Google reCAPTCHA should do the job unless its modified by something else. Check there support page if not working.
    2) Trace IP's host by the raw server access logs not zen whos online page..
    3) check template folder //includes/modules/YOUR_TEMPLATE/create_account.php and delete it if no other mods modified it.. then check the same file in //includes/modules/create_account.php and replace with a new one from a clean zc155e..

    If after doing the above, and you still getting hit, follow this FAQ.
    OPTION # resolved the issue of the CAPTCHA not working, which was:
    3) check template folder //includes/modules/YOUR_TEMPLATE/create_account.php and delete it if no other mods modified it.. then check the same file in //includes/modules/create_account.php and replace with a new one from a clean zc155e..

    Respect!

  9. #29
    Join Date
    Jul 2007
    Posts
    179
    Plugin Contributions
    1

    Default Re: Spam - fake customers

    Quote Originally Posted by ianhg View Post
    @davewest sorry to be a pain.. I noticed when testing this on one site if I answered the contact page correctly then went to the create account page incorrectly it went through, so would this be a caching issue with the browsers? Also once logged in then went to the contact us page the email went through even though the slider was incorrect. Is there a way of stopping caching on the contact us page?
    @davewest Both sites working well, thanks

 

 
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Fake Phantom Spam Customers? CAPTCHA No Help
    By bamboohq in forum General Questions
    Replies: 14
    Last Post: 1 Sep 2009, 06:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR