Spam customers in PS1.7.8.7?

[Nickz]

1 hour ago, endriu107 said:

Oh, you think in your case there is special attack that any other site wasn't attacked before?

There are different methods, some like your might use a technical "solution" to spam attack a shop.
In our case it wasn't even a shop, and due to the earlier contracts the client used, the domain went into a Spam list to be worked. There are clickfarms, spamming and clicking for a low hourly rate. 

I think we could agree on that there are more than one method to spread spam.

[endriu107]

If we speak about prestashop contact form it doesn't matter how spammers attack it all at the end must go thrue controllers that why my module protect that well. My solution allows to block spam if they use chinees, korean, russian alfabet. You can enable invisible captcha, you can block specific email addresses by pointing them in list or whole email domains, also you can create list with banned words.

If those click farms use your contact form to send spam, for shure that messages have some words that can be easly added to list and block contact form, not in front using js but in controllers side.

[tank]

On 1/12/2024 at 7:44 PM, metacreo said:

But it's useless. I would still like to see it. And unfortunately this solution is not ideal. The user should be able to enter any name. That's his name.

About Angers code... The user can still enter any name.   No normal user wil enter a name like JoHN with 3 capital letters

[metacreo]

On 2/2/2024 at 7:55 AM, tank said:

About Angers code... The user can still enter any name.   No normal user wil enter a name like JoHN with 3 capital letters

If you doing order as guest and not want to show your real name... you can enter everything...  Block access by name is a wrong way. This is a fact.
PS: I upgraded my free module. Now it checks newsletter registration.

 

[fox@dog1]

Hello endriu107

Sorry,

Your module doesn't work. I was able to log in several times with typical spam fake accounts.

[endriu107]

Waht prestashop version you have, what module version you have, and what data are not blocked can you show sample?

[fox@dog1]

i use 1.7.8.10. I took your module version 1.02

see jpg 

[fox@dog1]

i tryed it in our test-shop.

 

The solution from Angers works. We reduced the number of capital letters to 2. And now it works.

Edited February 21 by fox@dog1 (see edit history)

[metacreo]

On 2/21/2024 at 5:18 PM, fox@dog1 said:

i tryed it in our test-shop.

 

The solution from Angers works. We reduced the number of capital letters to 2. And now it works.

Try [Simple Security] free module. No spyware, no advertising and no third party services. Module real is free. Some people have already forgotten about bots and the problems that are in this topic, and you are still trying to connect some scripts. 🤣

[DARKF3D3]

I'm having the same problem on PS8.1.
But from my experience captcha doesnt prevent these fake users.
The problem is that they're not created automatically by bots, so they bypass the captcha.

Edited February 29 by DARKF3D3 (see edit history)

[skijump]

Using 8.1. Receiving 10 "same first and last name" registrations from compromised email addresses. Single capital letter names now.

(Prestashop, I wish you the best as user time spent fixing this ecommerce platform is time away from product selling.)

[Nickz]

13 hours ago, skijump said:

(Prestashop, I wish you the best as user time spent fixing this ecommerce platform is time away from product selling.)

Well usually a good running shop begins to broaden his/her infrastructure. Before Online Shops took off, pre Amazon so to say a 2nd shop was opened. New people came in as the company grew. No difference online.

Online there is a lot more to think about than offline, online shops need to have an IT department. Can just be one guy/gal. 

Funny enough accounting no one tries him-herself. 

Edited March 6 by Nickz (see edit history)

[skijump]

I think PS is generally used by businesses with 1-3 employees (making and shipping product) without funds for IT departments. Thus pre-loaded features like recaptcha and other basic items would be very helpful.

If anyone knows how to add recaptcha v3 to 8.1's registration I'd love to know

[Mediacom87]

Il y a 1 heure, skijump a dit :

I think PS is generally used by businesses with 1-3 employees (making and shipping product) without funds for IT departments. Thus pre-loaded features like recaptcha and other basic items would be very helpful.

If anyone knows how to add recaptcha v3 to 8.1's registration I'd love to know

reCaptcha is an external service, so there's no reason why PrestaShop should include it as part of its solution.

The V3 of reCaptcha was identified several times as preventing the normal operation of PrestaShop and should therefore be avoided as part of an ecommerce solution.

I use my solution, which suits me and my customers, since I haven't had any invasions since I set it up.

 

[skijump]

I know reCaptcha is an external service. Same as Google Analytics, PayPal, etc. If you're new to Prestashop, they're very handy modules.

[tank]

I use reCaptha V2   Im not a robot  , but was still getting fake registrations, been running Angar code  for 2 months, all good now.

[DARKF3D3]

Yes, recaptcha doesn't solve the problem because these accounts are not automatically created by bots but by humans.

[skijump]

@tank @darkf3d3 appreciate the feedback

[helsinkisisu]

On 1/11/2024 at 1:02 PM, metacreo said:

This module helps you

https://www.prestashop.com/forums/topic/1083135-free-module-simple-security/

Tested on 8.X but may work with 1.7

I have suddenly today been getting these same registrations on my 1.7.8.11 site. 20-30 today. After adding this module, none made it through. 15 blocked in the past six hours. 👍

Edited September 12 by helsinkisisu (see edit history)

[calgaryx]

On 10/17/2022 at 5:06 AM, marketyellow3 said:

You could use cloudflare for protection, it has an build-in bot management system. You don't need to install an CAPTCHA for this.

 

https://www.cloudflare.com/products/bot-management/

This solution worked for me. Thank you.

[MEG Venture]

If ordinary reCaptcha modules don't work for you, I strongly recommend "Advanced Google reCaptcha - Stop bots and fake accounts" module. Because, in addition to implement recaptcha solutions such as reCaptcha v2 and v3, this module checks every registrations (customer creations and newsletter submissions) in terms of syntax, consonnonts normality, bot possibility, etc. Therefore, bot created names, surnames and emails are automatically blocked.

I think this module is a lifesaver on bot fighting.