keat Posted January 16, 2020 Author Share Posted January 16, 2020 @wkd Just bear in mind what I mentioned 6 posts up. If a customer had his caps lock on, and his first and second name ended in the same letter, then he's going to get caught by BSmithers trap. From my point of view It's not often that a customer will leave his caps lock on, and what's the odds that if he did, that he might just have the same end letter in both his first and second name? However, if we lost a customer, and he was about to spend £500 (or above), then this would be more annoying than the bot. Maybe we should collectively try to find another pattern ? Link to comment Share on other sites More sharing options...
bsmither Posted January 16, 2020 Share Posted January 16, 2020 We may try using a rule that if the first and last names have all their characters in caps, then allow it. The rogue registrations I have seen do not shout. Link to comment Share on other sites More sharing options...
Claudia M Posted January 24, 2020 Share Posted January 24, 2020 I just got a registered customer with the same three letter first and last name in all caps from singapore. What is your trap Brian? I know this won't make sense and I've been told in the past this is not possible but it has happened again. I went to look at my webstore this morning and it was showing and old skin that I still have uploaded. I DID NOT CHANGE THE SETTINGS IN ADMIN. Also, in checking my email log the above customer had used the contact form and sent it to the following departments: General Inquiry - International Shipping Quote - Questions about a product. I have long ago deleted those email accounts and moved all emails sent from the contact form to sales@blah blah. In looking at the store settings these old email addresses are showing which I had changed all of them to sales@blahblah. I still have the departments. I don't know if the two are connected but I'd like to figure out what is going on. Link to comment Share on other sites More sharing options...
wkD Posted January 25, 2020 Share Posted January 25, 2020 I added that code but now nobody can sign up for our site - it will give everyone the white out... message me direct and I will send you the credentials for our website so you can check it out yourself bsmither. Link to comment Share on other sites More sharing options...
bsmither Posted January 25, 2020 Share Posted January 25, 2020 I made changes to the code I posted earlier. It seems my testing of the use of preg_match gave false positive results. Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 4, 2020 Share Posted October 4, 2020 In case anyone wants to try SemperFi's old hack, I found the code in an archived copy of our store. (The link to the post is from the old CC forum and is no longer any good. - maybe somebody knows how to find it in the new forum?) If I remember correctly, a REAL customer going through the sign up form sees the error message that first and last cannot be the same - but a bot will not see that message and will never know they were not successful. In cubecart.class.php // Check passwords match if not empty if (isset($_POST['register']) && $_POST['register']==1 && !empty($_POST['password']) && $_POST['password'] !== $_POST['passconf']) { $errors['password'] = true; $error_messages[] = $GLOBALS['language']->account['error_password_mismatch']; } //SemperFi from http://www.cubecartforums.org/index.php?showtopic=17937 STOP HACKERS // Check names aren't the same if ($_POST['user']['first_name']==$_POST['user']['last_name']) { $error['names'] = true; $error_messages[] = $GLOBALS['language']->account['error_names_same']; } //SemperFi end STOP HACKERS if (preg_match("/[a-z]/i", $_POST['user']['phone'])) { $errors['phone'] = true; $error_messages[] = $GLOBALS['language']->account['error_valid_phone']; } Link to comment Share on other sites More sharing options...
foz1234 Posted December 19, 2020 Share Posted December 19, 2020 Silly question.. but does the cubecart forum link need to work for the script to work? Thought I would ask before I added it. Link to comment Share on other sites More sharing options...
bsmither Posted December 19, 2020 Share Posted December 19, 2020 This line? //SemperFi from http://www.cubecartforums.org/index.php?showtopic=17937 STOP HACKERS You can delete that line. Link to comment Share on other sites More sharing options...
foz1234 Posted December 20, 2020 Share Posted December 20, 2020 Thank you Brian, Which script is best to try first? It seems we are all struggling with this same issue/bot. I went through our customer db and removed all customers in bold that have 0 purchases and with duplicate first and last names, but moving forward I will try adding one of the scripts in this thread. Wouldn't a plugin/addon or even hardcoded into cc asking a single question or even better say 6-10 rotating questions that we could set relevant to our site not be a simpler/better option this would surly stop all? Or am I missing something? I've never learned php most a pitty. Thanks Link to comment Share on other sites More sharing options...
bsmither Posted December 20, 2020 Share Posted December 20, 2020 Either script will work, but the one that is placed ini-custom.inc.php will kill PHP immediately. A code snippet or plugin still requires CubeCart to get up to be fully awake only to thwart an unwanted event. So, if that's what we want, to simply and quickly thwart an unwanted event, just kill PHP at the earliest possible opportunity. Sure, a different Captcha (Q/A, for example) would try and catch faulty submissions, but we are aware that the vast majority of robotically submitted registrations match a pattern. The few that make it through in a year's time (that's been my rate since doing this) is easily managed. Link to comment Share on other sites More sharing options...
foz1234 Posted December 20, 2020 Share Posted December 20, 2020 Thanks for your reply Brian. Happy holidays to all. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.