digiscrapcafe Posted October 5, 2016 Share Posted October 5, 2016 If this is in the wrong place, please move. I have been having trouble with spammers registering for my store, and signing up to the newsletter, but of course they do not buy anything, or add an address, only a spammers name, and bogus generated address. and same IP over and over. This has been going on for the second week now. Is there a way to block certain IPS from accessing the store, or at least stop an IP from registering or creating an account. This is getting real annoying, and I don't understand what the purpose is, considering I am not a blog or social network... Are they trying to see if they can hack or something... here is the latest one, same ip.. RandyveicsFP - [email protected] - 199.168.97.28 Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 5, 2016 Share Posted October 5, 2016 The CubeCart Security Suite may be a solution. Coming from only one IP address -- you are lucky. A store I manage has them coming from all over (probably forged). And I did get a registration earlier today from the IP address you mentioned. Hopefully, in CC6.1, there will be a bulk delete of customers from the admin Customer List. (I have incorporated this in that store.) I do not understand the purpose either, other than what I suppose is the fact that this is a 'bot' auto-posting to registration forms of any and all types - not caring what extra information may be included which is not asked for (and CubeCart discards), and certainly not caring what the registration form is for. Maybe there is something in the posted data (which CubeCart would discard) that might provide for a poisoning of the database, but I am convinced the 'bot' simply posts and does not listen for a response. Another user on these forums has implemented a check of submitted registration data that if the first and last names are identical - as is 99% of these instances - to simply exit. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 5, 2016 Share Posted October 5, 2016 We found this check of submitted registration data to be very useful, but I don't want to call too much attention to the solution. Do a little searching on the forum. AGH!! It's not on this forum, but the 3rd party forum. There is a discussion of Spam Control. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 5, 2016 Author Share Posted October 5, 2016 unfortunately, I had to shut my captcha off because it only works apparantly with foundation, and not with the other free templates. I am using Kurouto now, and if I turn Captcha on, then it does not show up on the check out page. Would the captcha help deter this, or do they have means of getting around it Also looking at the security link you added, it looks good and is free, but is there any known problems from anyone in installing this. I would be using the instant install, cause I am cpanel stupid Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 5, 2016 Share Posted October 5, 2016 I think there IS a way to add the Foundation style Recaptcha to v5 skins, but I don't know how. Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 5, 2016 Share Posted October 5, 2016 Unfortunately, my research tells me that Google's reCaptcha (used by CC6) has been thoroughly compromised. As for the CSS plugin, I only recall one user having some problems because of a fundamental misunderstanding regarding the instructions related to a particular setting and what that setting was meant to accomplish. Once that settings intent and how to use it was explained using different words, that user was able to use the plugin with no issues. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 5, 2016 Author Share Posted October 5, 2016 so I should just leave the captcha off then??? cool, I might try the plug in, I am so wary of screwing the store up, and having to lose, and upload it all again.. Wish I could understand cpanel, I feel so simplified lol 35 minutes ago, Dirty Butter said: We found this check of submitted registration data to be very useful, but I don't want to call too much attention to the solution. Do a little searching on the forum. AGH!! It's not on this forum, but the 3rd party forum. There is a discussion of Spam Control. Were you talking to me Butter, I got confused, and not sure what you mean. Can you give me more info on finding this spam control thread? not sure what you mean about the 3rd party Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 5, 2016 Share Posted October 5, 2016 I would argue that, yes, disable the captcha. The reCaptcha inhibits nothing but the ignorant miscreants (not many of those), and adds to the frustration of legit customers. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 5, 2016 Author Share Posted October 5, 2016 I just installed the security thing that was suggested beloe, but I dont see anywhere to place an ip to block, it only has zones in a drop down, and if I add a zone, then anyone from that zone will be locked out... I thought it should have a slot to actually add an IP address number??? I don't have the paid supprt and can not afford to btw, reseaching the ip, it claims it is from an American city Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 5, 2016 Share Posted October 5, 2016 I managed to lock myself out of the Security plugin when my Charter account changed my IP address - I had mistakenly thought I had a permanent IP address with our internet provider. I'll PM the url to the directions for the spam control code @digiscrapcafe That's all I use. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 5, 2016 Author Share Posted October 5, 2016 15 minutes ago, Dirty Butter said: I managed to lock myself out of the Security plugin when my Charter account changed my IP address - I had mistakenly thought I had a permanent IP address with our internet provider. I'll PM the url to the directions for the spam control code @digiscrapcafe That's all I use. Thank you, I will try to make sense of it, and if not, I will be posting more questions in this thread... thanks to both of you so far Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 5, 2016 Author Share Posted October 5, 2016 Butter, I just sent you a PM Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 5, 2016 Author Share Posted October 5, 2016 3 hours ago, bsmither said: Unfortunately, my research tells me that Google's reCaptcha (used by CC6) has been thoroughly compromised. I am using the captcha on my vintage collectibles shop, and it is using Foundation... I am not sure what you mean about comprimised, it doesn't sound good, but do you think I should disable it. Also, Dirty Butter did a test for me after I followed instructions, (she will most likely ask you about it as she would like to keep it private) and the test failed miserably LOL, so maybe you have the answers.... I may be leaving to have dinner soon, but of course will be hoping for more help Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 6, 2016 Share Posted October 6, 2016 By "compromised", I mean easily defeated/bypassed. I do not mean exploitable, as a vector for other kinds of mischief. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 6, 2016 Author Share Posted October 6, 2016 ah, so I should leave it on the tangibles store just for extra safety then I assume... are you saying basically it can't hurt?? Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 6, 2016 Share Posted October 6, 2016 I think a captcha system is not so much for safety, although there is that element, as it is to quell unproductive annoyances - like not allowing children or pets where serious adult conversation is happening. Quote Link to comment Share on other sites More sharing options...
Noodleman Posted October 6, 2016 Share Posted October 6, 2016 If you want to block an IP or IP range, this is normally done at the server firewall level, or at the hosting companies firewall which sits between your server and the internet. You should have the ability to block access to your site via your hosting control panel or by asking your hosting company to block IP's for you. blocking it on your server within the web server is not recommended as it adds overhead to your server, especially if your server is being attacked. As for reCaptcha, I would ensure you are using the most recent reCaptcha that is available in the store settings and requires you to register for an API key. It's more advanced and will dynamically change the complexity of the challenge offered to the customer during registration based on their reputation (and some other factors). It's not a bullet proof way to 100% stop bots, but it will certainly make it more difficult for them and should reduce the problem you are having. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 6, 2016 Author Share Posted October 6, 2016 thank you both.... bsmither, it is really late here now, I am going to bed, but I may hit you up via message in the next few days as Butter suggested to me, to see if you can figure out why the codes she sent me links to don't work for me... we will have to do that via private message, as she would prefer the info be kept under the radar Good night Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted October 6, 2016 Share Posted October 6, 2016 I would complete support the statements by Noodleman above - IP blocking is much better done at a hosting level - it can easily be done via cPanel yourself or speak to your hosting company and they will / should do it for you and might even block at a server level - we often do that where we see unsophisticated bots like this. Generally, IP blocking like this is actually fairly pointless and a never ending task - most hackers and bots would use rotating proxy servers and can appear to be coming from hundreds or many thousands of different IP addresses from around the world - more sophisticated security is required in these cases which we implement at a server level but nothing is ever 100% and it is a constant battle for us hosting companies as well ! In terms on the captcha, I would also always suggest that they are switched on - it really isnt that much of an issue for customers now (there were times when they were a real pain) and does provide a lot of protection Ian Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 6, 2016 Author Share Posted October 6, 2016 8 hours ago, havenswift-hosting said: I would complete support the statements by Noodleman above - IP blocking is much better done at a hosting level - it can easily be done via cPanel yourself or speak to your hosting company and they will / should do it for you and might even block at a server level - we often do that where we see unsophisticated bots like this. Generally, IP blocking like this is actually fairly pointless and a never ending task - most hackers and bots would use rotating proxy servers and can appear to be coming from hundreds or many thousands of different IP addresses from around the world - more sophisticated security is required in these cases which we implement at a server level but nothing is ever 100% and it is a constant battle for us hosting companies as well ! In terms on the captcha, I would also always suggest that they are switched on - it really isnt that much of an issue for customers now (there were times when they were a real pain) and does provide a lot of protection Ian Thank you for responding, based on what you said, I am already scared of the cpanel lol, so I think I will just live with it, and hope it stops. I did leave the captcha working on the shop that I am using Foundation on, because it works there. However, it does not work on any of the other free templates I am using (currently using Karouto) so I had to turn it off because it was keeping real customers from purchasing or registering.. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted October 7, 2016 Share Posted October 7, 2016 cPanel is nothing to be scared of but if you are, then ask your hosting company as they be able to offer advice and help you with any functionality. Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 7, 2016 Author Share Posted October 7, 2016 yeah, I might, but last time, it was a lot miscommunicating before they actually understood me and got it right lol What I really wish, is that a new captcha would work on all the other free skins/templates, because so far, knock wood, I have not yet had this problem on the (foundation) shop that is able to use one. Is there a fix for all the other free ones, I wonder. If anyone knows of one, I would appreciate being pointed in that direction. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 7, 2016 Share Posted October 7, 2016 Did you take a look at this forum topic I gave you some time ago? Quote Link to comment Share on other sites More sharing options...
digiscrapcafe Posted October 7, 2016 Author Share Posted October 7, 2016 2 hours ago, Dirty Butter said: Did you take a look at this forum topic I gave you some time ago? I don't remember seeing it before, but just tried to read it now, it confused me bad. Thanks anyway Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.