foz1234 Posted December 4, 2020 Share Posted December 4, 2020 Hi I am receiving more and more emails from my own website in russian. when using translation its all different crap. I have changed my email passwords to a real strong one (just to be 100% sure and safe) and changed google reCaptcha to invisible v2 from v2 checkbox but i am still receiving between 5-20 a day. Is there any other security i can add/use e.g. is there anything to ask a question like what colour is a apple type of thing that i've seen used on different sites? Thanks for any support you provide in advance. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 4, 2020 Share Posted December 4, 2020 These emails are almost certainly being sent via the Contact Us form and they have either found a way to circumvent the reCaptcha (assuming it is working OK) or they are being done manually. Changing the email password to a strong one is not a bad idea but wont help in this case. We block all connections into all our servers from Russia (and a few other countries such as China etc) which your hosting company wont do as it has to be done at a server level, but we also manage all of our fully managed hosting customers through Cloudflare and it is possible to block connections by country in the Cloudflare firewall at their edge network which means that they dont even get as far as our servers or the website. This is one of many, many benefits of using Cloudflare when correctly configured Link to comment Share on other sites More sharing options...
Frank Auffret Posted December 4, 2020 Share Posted December 4, 2020 Same here a big increase in spam via the contact form on several sites - Google reCaptcha to invisible v2 is on. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 4, 2020 Share Posted December 4, 2020 14 minutes ago, Frank Auffret said: Same here a big increase in spam via the contact form on several sites - Google reCaptcha to invisible v2 is on. Our hosting solution is available to you as well ! Quality Hosting, support, upgrades and no spam Link to comment Share on other sites More sharing options...
foz1234 Posted December 5, 2020 Author Share Posted December 5, 2020 On 12/4/2020 at 10:57 AM, havenswift-hosting said: These emails are almost certainly being sent via the Contact Us form and they have either found a way to circumvent the reCaptcha (assuming it is working OK) or they are being done manually. Changing the email password to a strong one is not a bad idea but wont help in this case. We block all connections into all our servers from Russia (and a few other countries such as China etc) which your hosting company wont do as it has to be done at a server level, but we also manage all of our fully managed hosting customers through Cloudflare and it is possible to block connections by country in the Cloudflare firewall at their edge network which means that they dont even get as far as our servers or the website. This is one of many, many benefits of using Cloudflare when correctly configured How does this work if they bypass geo-locks while being connected to a VPN? Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 5, 2020 Share Posted December 5, 2020 49 minutes ago, foz1234 said: How does this work if they bypass geo-locks while being connected to a VPN? Well of course it can’t do that if they are connecting using a VPN based in say France. However it will stop the vast majority of them and if you only sell to one or two or ten countries you can block all connections except those. Is it 100%, of course not but is it better than you have now ?? Link to comment Share on other sites More sharing options...
foz1234 Posted December 5, 2020 Author Share Posted December 5, 2020 I totally agree with you, but I thought that majority of these spammers would use a vpn? I maybe wrong just something I suspected they did. I thought a further additional security layer like a ramdom question related to the site may help. I am assuming there is no such addon/plugin available? Is there anyway to test if the invisible captcha is working? Thanks again for your help and time replying, I do appreciate it. (Added. Just logged into Google captcha and I can see red and green in charts so its working) Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 5, 2020 Share Posted December 5, 2020 33 minutes ago, foz1234 said: I totally agree with you, but I thought that majority of these spammers would use a vpn? I maybe wrong just something I suspected they did. Most of the ones bothering with small CubeCart sites for silly things like this will not use a VPN 35 minutes ago, foz1234 said: (Added. Just logged into Google captcha and I can see red and green in charts so its working) There has been talk for a while now that Google V2 (both versions) has been broken which is why I guess Google brought out V3 which CubeCart doesnt yet support. Of course if people are doing it manually rather than by a bot then no recaptcha would stop them Link to comment Share on other sites More sharing options...
RBosma Posted December 5, 2020 Share Posted December 5, 2020 My contact form is broken, so no spam for me.. Can't find the problem yet... But seems the better thing I presume... Link to comment Share on other sites More sharing options...
keat Posted December 10, 2020 Share Posted December 10, 2020 I also have Russia blocked on our server firewall, but they still seem to get through occasionally. I also suspect Recapture has been circumvented. I see new accounts being created with a set pattern, I doubt these are manual entries. In fact here is one created today VapersawWA, VapersawWA Link to comment Share on other sites More sharing options...
bsmither Posted December 10, 2020 Share Posted December 10, 2020 There is a conversation on the forums that suggests an edit to index.php that tests for this registration pattern, and if matched, simply exits PHP. Link to comment Share on other sites More sharing options...
foz1234 Posted December 17, 2020 Author Share Posted December 17, 2020 Hi Brian Do you have a link to this thread please? Thanks Link to comment Share on other sites More sharing options...
bsmither Posted December 17, 2020 Share Posted December 17, 2020 It is: https://forums.cubecart.com/topic/54715-potential-malicous-attack/ Please read the entire conversation. Link to comment Share on other sites More sharing options...
foz1234 Posted December 22, 2020 Author Share Posted December 22, 2020 Hi Brian, Two-three days and so far zero russian spam since adding your script. Thanks mate Happy Holidays & stay safe to all Link to comment Share on other sites More sharing options...
foz1234 Posted December 23, 2020 Author Share Posted December 23, 2020 Sorta spoken to soon, but this must me from contact us form no account made. Illona <[email protected]> wrote to Sales: --------------- заговор на удачу и деньги читать --------------- Link to comment Share on other sites More sharing options...
bsmither Posted December 23, 2020 Share Posted December 23, 2020 That is from the Contact Us form. I have had no success at stopping this. Can't use IP addresses from Russia because it is CubeCart's mailer that is sending the email. The Contact Us is a form submission, however, so there might be a way to interdict the submission based on some criteria, but there is no pattern. Link to comment Share on other sites More sharing options...
foz1234 Posted December 24, 2020 Author Share Posted December 24, 2020 Hi Brian, Yes that's correct and another today and 3 or 4 yesterday JamesLox <[email protected]> wrote to Sales: --------------- Во «Автомаляр+» вам сможете отыскать наиболее обширный перечень продуктов с основных европейских также наилучших российских изготовителей, что заключается с тыс. названий. Максимальный подбор автомобиля окраски во Украине показан непосредственно во нашем торговом центре. купить краску для авто ваз --------------- This email is sent from the store's master email address but it is possible to reply directly to the sender using the reply button on your email software. -------------------------- Only common denominator is they all have Russian language in them. I can only read English, so if there is anyway to drop the email from sending if it contain Russian characters? Link to comment Share on other sites More sharing options...
foz1234 Posted December 29, 2020 Author Share Posted December 29, 2020 I am assuming there is no way to drop email if it contains Russian characters by the lack of replies? Its very annoying as I tend to get 2-10 per day even over the Christmas period, the script seems to have stopped the bot from creating false accounts but obviously not stopped the contact us from spamming. Not sure why this is happening to my site, the messages are not related. Link to comment Share on other sites More sharing options...
bsmither Posted December 29, 2020 Share Posted December 29, 2020 Please try adding this line just after the last line of the previous test. The previous test kills PHP if any of the conditions are met for unwanted registrations. This test will look for any character used in the Russian language. If there is such a character in the Contact Us form "Enquiry" text entry, PHP exits. Edit: Oops! This won't work: if ('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry']) exit; Fixed: if (preg_match('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry'])) exit; Link to comment Share on other sites More sharing options...
foz1234 Posted December 31, 2020 Author Share Posted December 31, 2020 Hi Brian Thanks again, so to confirm, to test this i place the above line in "ini-custom.inc.php" as below? <?php if( ( (isset($_GET['seo_path']) && $_GET['seo_path'] == "register") || (isset($_GET['_a']) && $_GET['_a'] == "register") ) && !empty($_POST['first_name']) && !empty($_POST['last_name']) && ( (!empty($_POST['phone']) && $_POST['phone']=="123456") || # //preg_match('/[A-Z]\z/',trim($_POST['first_name']))===preg_match('/[A-Z]\z/',trim($_POST['last_name'])) (ctype_upper(substr(trim($_POST['first_name']),-2)) && ctype_upper(substr(trim($_POST['last_name']),-2))) || !empty($_GET['agreed']) ) ) exit; // Kills PHP leaving browser with white screen if ('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry']) exit; Link to comment Share on other sites More sharing options...
bsmither Posted December 31, 2020 Share Posted December 31, 2020 if (preg_match('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry'])) exit; Forgot the preg_match. (Too much egg-nog.) Link to comment Share on other sites More sharing options...
foz1234 Posted December 31, 2020 Author Share Posted December 31, 2020 Hi Brian LOL re: egg-nog, I may have 1 or 2 myself tonight - Happy New year mate !! i changed the code but it is not working Brian, unless i am not putting it in the correct file/folder? once added i cleared CC cache (not sure if i needed to or not), i then tried sending a contact us (email) through the website, I sent 1 with subject & enquiry in english and the second in russian - скачать фото кубани in both fields but sadly both came through. ini-custom.inc.php (in same place index.php etc) code: <?php if( ( (isset($_GET['seo_path']) && $_GET['seo_path'] == "register") || (isset($_GET['_a']) && $_GET['_a'] == "register") ) && !empty($_POST['first_name']) && !empty($_POST['last_name']) && ( (!empty($_POST['phone']) && $_POST['phone']=="123456") || # //preg_match('/[A-Z]\z/',trim($_POST['first_name']))===preg_match('/[A-Z]\z/',trim($_POST['last_name'])) (ctype_upper(substr(trim($_POST['first_name']),-2)) && ctype_upper(substr(trim($_POST['last_name']),-2))) || !empty($_GET['agreed']) ) ) exit; // Kills PHP leaving browser with white screen if (preg_match('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry'])) exit; Link to comment Share on other sites More sharing options...
bsmither Posted December 31, 2020 Share Posted December 31, 2020 I will experiment. Link to comment Share on other sites More sharing options...
foz1234 Posted December 31, 2020 Author Share Posted December 31, 2020 Thanks Brian, you go above and beyond Thanks mate Link to comment Share on other sites More sharing options...
bsmither Posted December 31, 2020 Share Posted December 31, 2020 Try this one: if (preg_match('/.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*/u', $_POST['contact']['enquiry'])) exit; (The stuff on Stack Overflow can be woefully incomplete.) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.