metacreo Posted December 25, 2023 Share Posted December 25, 2023 (edited) Anti-Spam, Anti-Bot, Anti-Brute-Force, Block Unwanted Bot and Spammer Traffic The module allows you to protect registration and login forms from bots. Limit the number of login and registration attempts. Module protect and limits the use of contact form, newsletter registration form and modules 'productcomments', 'iqitreviews'. Also, the module detects and ban more than 90% of the simplest bots. It is possible to manually block an IP and Email addresses, as well as exclude blocking. The module keeps a log of connection attempts and a log of entered data. After install, module creates 2 tabs in BO Customers tab. SS Triggers - phrases and words for contact form and 'productcomments', 'iqitreviews' modules (empty table after install and create own list). SS Actions - attempts log table with controls (view, edit, delete). Developed for 8.X but may work with 1.7.8+ (Reported: works on 1.7.8.3)The module will NOT work with versions below 1.7.8.3, perhaps in the future... Download simplesecurity.zip (Always latest version.) ~=DONATIONS ARE WELCOME=~ About updates please read this topic. Edited September 24 by metacreo (see edit history) 1 Link to comment Share on other sites More sharing options...
metacreo Posted January 11 Author Share Posted January 11 (edited) Module updated. Fixed AdminSimpleSecurityActionController search filters. Also fixed registration bug. 🙂 Edited January 11 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
vietnamdulich Posted January 15 Share Posted January 15 Have anyone take tests with this ? Link to comment Share on other sites More sharing options...
metacreo Posted February 8 Author Share Posted February 8 Module upgrade. Added support for newsletter registration (check bot, limit attempts). Link to comment Share on other sites More sharing options...
torbho Posted February 13 Share Posted February 13 The module is indeed excellent and appears to function well. Thank you! However, I'm concerned about the security implications of storing passwords in plain text, especially for non-bot users. As a solution, I've modified it to store passwords as hashed values, aligning with data protection regulations. In this case my Prestashop version is 1.7.8.3 1 Link to comment Share on other sites More sharing options...
metacreo Posted February 14 Author Share Posted February 14 Thank you. What hashes mechanism you want use (md5, sha, etc....)? I can add variable like protected $pwd_use_clear_text = 0; and rewrite passwords to use hashes by default for non-bots. Link to comment Share on other sites More sharing options...
Antti Posted February 14 Share Posted February 14 I installed this yesterday to my store and already it has blocked over 30 spam accounts from registering - so thank you for solving my problem with this module! However, I too am a little concerned about the passwords showing in plain text. Hopefully this can be resolved with the next update - keep up the great work and thanks again! 1 Link to comment Share on other sites More sharing options...
metacreo Posted February 15 Author Share Posted February 15 (edited) Thank you Antti. Module updated. New version 1.0.2 Added configuration page. Added hash passwords option (on config page you may choose how to keep passwords). For new install no need any action. For update you need to go to module config page and enter values. Thanks All for donation. Edited February 22 by metacreo (see edit history) 1 Link to comment Share on other sites More sharing options...
Antti Posted February 22 Share Posted February 22 What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily. Link to comment Share on other sites More sharing options...
metacreo Posted February 22 Author Share Posted February 22 (edited) 37 minutes ago, Antti said: What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily. by default: all warn 3 all ban 5 Edited February 22 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted February 22 Author Share Posted February 22 (edited) Upgraded. Actual version 1.0.3. Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install. Added function checkConfig for each action. Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.Warn values (default 3) must be always less than Ban values (default 5). simplesecurity.zip <- download v 1.0.3 from topic start On 2/22/2024 at 4:10 PM, Antti said: What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily. In your case you can just uninstall and install. config fill auto on install. in new version on update too. Edited September 24 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
Antti Posted February 22 Share Posted February 22 2 hours ago, metacreo said: Upgraded. Actual version 1.0.3. Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install. Added function checkConfig for each action. Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.Warn values (default 3) must be always less than Ban values (default 5). simplesecurity.zip <- download v 1.0.3 In your case you can just uninstall and install. config fill auto on install. in new version on update too. Great, thank you again! 🙏 Link to comment Share on other sites More sharing options...
metacreo Posted February 27 Author Share Posted February 27 (edited) Updated to v 1.0.4 Small improve contact form checks. Convert all chars in Simple Security Triggers to lowercase. Automatic conversion to lowercase during checks and addition to table. simplesecurity.zip <- download v 1.0.4 from start of topic Edited September 24 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted March 15 Author Share Posted March 15 Module updated. No version up. Same version 1.0.4. Small fix in contact form checker. Fixed error if customer sent empty email. Also processing form access counter if email is empty. Link to comment Share on other sites More sharing options...
joe ramires Posted March 19 Share Posted March 19 (edited) I can't install it on 1.7.8.8 Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version. Edited March 19 by joe ramires (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted March 20 Author Share Posted March 20 10 hours ago, joe ramires said: I can't install it on 1.7.8.8 Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version. Hi joe ramires. You can try to install again. I downgraded PS version requirements to 1.7.8.3. Link to comment Share on other sites More sharing options...
joe ramires Posted March 20 Share Posted March 20 Everything works normally now. Thank you. Link to comment Share on other sites More sharing options...
chrono Posted April 8 Share Posted April 8 (edited) Hi, is it possible to downgrade the requirements for the 1.7.6.5 version? Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click Can you tell me whats the best way to get rid off any leftovers? Edited April 8 by chrono (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted April 10 Author Share Posted April 10 (edited) On 4/8/2024 at 3:43 PM, chrono said: Hi, is it possible to downgrade the requirements for the 1.7.6.5 version? Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click Can you tell me whats the best way to get rid off any leftovers? Hello, What PHP version your PS used? And can you publish error from http server log and from PS_DIR/var/log? Unfortunately I'm very busy at the moment. Maybe later I will launch the old version of PS and adapt the module. 1.7.6 and 1.7.8 have different auth controllers and hooks. So... need to rewrite much code to work with 1.7.6 correctly. 1.7.8+ have separate auth and reg controllers. 1.76 have one auth controller, 1.7.6 email subscribe module different of 1.7.8 too. Simple rewrite PS_VERSION requirements not help you to module work with 1.7.6 Edited April 10 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
BlackCrow Posted April 11 Share Posted April 11 I have tried your module, it is really good and works according to my first tests. You write that it should be possible to manually block IP's or e-mail addresses. I can't find this option anywhere. Can you help me further? Otherwise: really nice, great👍 Link to comment Share on other sites More sharing options...
metacreo Posted April 11 Author Share Posted April 11 3 hours ago, BlackCrow said: I have tried your module, it is really good and works according to my first tests. You write that it should be possible to manually block IP's or e-mail addresses. I can't find this option anywhere. Can you help me further? Otherwise: really nice, great👍 Thank you for warm words. To block IP, go to SS Actions in customer section. Find (last by date) IP you need in table and click Edit (not VIEW). Set ban IP or email or both and save. Link to comment Share on other sites More sharing options...
BlackCrow Posted April 12 Share Posted April 12 Hi @metacreo , ty for your help. Can you explain to me which criteria are used to block an ip? I don't quite understand this process yet. I can register accounts, but then there is nothing under Customers > SS Action. However, some bots have already been successfully blocked there. I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. So it is no longer possible to register for the newsletter. However, the account registration and login work fine. Link to comment Share on other sites More sharing options...
biker1947 Posted April 16 Share Posted April 16 (edited) Module installed. Installation without issues. Bots are blocked at contact form! Great! However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never', IP still is blocked on second attempt to signup for newsletter. Edited April 16 by biker1947 (see edit history) Link to comment Share on other sites More sharing options...
Antti Posted April 16 Share Posted April 16 Same here with the newsletter signup issue - it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) please write ps version, this module (1.0.4 latest) version and ps_emailsubscription module version. because as I see this bug is possible only on 1.7 to temporary disable this part of functionality just unhook this module from actionNewsletterRegistrationBefore hook just tested on 1.7.8.11 and 8.x ps and not found any bug with newsletter Edited April 16 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) Version UP 1.0.5 Fixed newsletter registration failure bug on classic theme. Fixed bot check process for newsletter via ajax call on classic theme or themes used ajax. Edited September 24 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
Antti Posted April 16 Share Posted April 16 I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you! Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) 4 minutes ago, Antti said: I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you! Hook back again and up module ver. to 1.0.5 I found the problem and fixed it. Edited April 16 by metacreo (see edit history) 1 Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 10 hours ago, biker1947 said: Module installed. Installation without issues. Bots are blocked at contact form! Great! However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never', IP still is blocked on second attempt to signup for newsletter. 8 hours ago, Antti said: Same here with the newsletter signup issue - it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. fixed in 1.0.5 1 Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) On 4/12/2024 at 12:50 PM, BlackCrow said: Hi @metacreo , ty for your help. Can you explain to me which criteria are used to block an ip? I don't quite understand this process yet. I can register accounts, but then there is nothing under Customers > SS Action. However, some bots have already been successfully blocked there. I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. So it is no longer possible to register for the newsletter. However, the account registration and login work fine. Your SS Actions table is always empty or just on registration? Probably your PS version too old and not have separate registration controller. Try new 1.0.6 with small corrections of logic. If IP or Email is blocked or is set to never, no more records in table. Checked last record only for blocked or whitelisted conditions. If IP or Email have zero condition in table, all related checks performed always and if detected bot (for example), IP is blocked. private $_block_ip = 0; // 0 - not blocked, 1 - blocked, 2 - never block private $_block_email = 0; // 0 - not blocked, 1 - blocked, 2 - never block public function hookActionSubmitAccountBefore($params) { $this->_redirect = $this->_action = 'registration'; $this->checkAuthAndReg(); if (!$this->_errors) { return true; } } private function checkAuthAndReg() { .... if (!$this->checkIsBlocked()) { $this->checkIsBot(); $this->_attempt = $this->getAttemptsCount(); if (($this->_attempt .... { if ($this->_block_ip !== 2 && $this->_block_email !== 2) { $this->_errors[] = $this->l('Temporarily prohibited. Please try again in a few minutes.'); } $this->_detected[] = 'warn'; } if ($this->_attempt ....) { if ($this->_block_ip !== 2 && $this->_block_email !== 2) { $this->_errors[] = $this->l('Prohibited. Please contact site administrator.'); $this->_block_ip = 1; } $this->_detected[] = 'ban'; } $this->storeData(); } if (!$this->_errors) { return; } else { ... } } Function store data runs only if not blocked. private function storeData() { if ($this->_block_ip === 2 || $this->_block_email === 2) { return; } and storeData self checks for witelisting.... About newsletter is just a bug, just my themes not used ajax for newsletter and I missed this moment. Now it fixed. Edited April 17 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
biker1947 Posted April 18 Share Posted April 18 (edited) PS 1.8.3 Classic theme Module v1.06 Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. Not to alarm or frustate customers, for the time being, I disabled register for newsletter, Edited April 18 by biker1947 (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted April 18 Author Share Posted April 18 (edited) 19 hours ago, biker1947 said: PS 1.8.3 Classic theme Module v1.06 Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. Not to alarm or frustate customers, for the time being, I disabled register for newsletter, PS 1.8.3 please write correct version No bugs on PS 1.7.8.3. Tested. Edited April 19 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
biker1947 Posted April 19 Share Posted April 19 Correction on previous my note: PS 8.1.3 module 1.0.6 classic theme Link to comment Share on other sites More sharing options...
metacreo Posted April 20 Author Share Posted April 20 15 hours ago, biker1947 said: Correction on previous my note: PS 8.1.3 module 1.0.6 classic theme @biker1947 Hi, As can you see, no problem on PS 8.1.3 with Classic theme. Check your module config. Maybe wrong settings stored. test_1.mp4 Link to comment Share on other sites More sharing options...
chrono Posted June 25 Share Posted June 25 (edited) On 4/8/2024 at 2:43 PM, chrono said: Hi, is it possible to downgrade the requirements for the 1.7.6.5 version? Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click Can you tell me whats the best way to get rid off any leftovers? Im still having issues with this, I see the SS trigger and Action again and everytime a customer tries to create an account it gives error 500. Thanks for your time edit: tried even reinstalling with the updated version but it doesn't let me. its also causing issues with payments other than registering customers (its the only new module ive added since the customers complaints) Edited June 25 by chrono (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted June 29 Author Share Posted June 29 On 6/25/2024 at 6:31 PM, chrono said: Im still having issues with this, I see the SS trigger and Action again and everytime a customer tries to create an account it gives error 500. Thanks for your time edit: tried even reinstalling with the updated version but it doesn't let me. its also causing issues with payments other than registering customers (its the only new module ive added since the customers complaints) Can you provide php server error.log at 500 error ? 1.7.6.5 have other, different auth and reg code and maybe other hooks... How to you use 1765 version? this version is seriously vulnerable. https://www.cybersecurity-help.cz/vdb/prestashop/prestashop/1.7.6.5/ I don’t try to make it compatible with such versions, but when I have free time, I can rewrite the module. and yet for this I need to install the old and vulnerable 1765. Link to comment Share on other sites More sharing options...
Netagent Posted July 30 Share Posted July 30 Hello, it seems as if the "hasStopWord" function (blocking bad words in contact forms) no longer works in Prestashop version 8.1.x. I have no problems in version 8.0.x. Tested with module versions 1.0.4 and 1.0.6. Can anyone confirm this? Link to comment Share on other sites More sharing options...
metacreo Posted August 4 Author Share Posted August 4 On 7/31/2024 at 1:34 AM, Netagent said: Hello, it seems as if the "hasStopWord" function (blocking bad words in contact forms) no longer works in Prestashop version 8.1.x. I have no problems in version 8.0.x. Tested with module versions 1.0.4 and 1.0.6. Can anyone confirm this? Checked, work fine. PS 8.1.6 contactform v 4.4.2 Check your overrides probably disabled via admin. or maybe you use custom contact module? Link to comment Share on other sites More sharing options...
metacreo Posted August 4 Author Share Posted August 4 Same, no problem on PS 8.1.7 with native contactform v 4.4.2 Link to comment Share on other sites More sharing options...
Netagent Posted August 4 Share Posted August 4 ok, I think I know why it doesn't work... I also have the module "CAPTCHA - reCAPTCHA - Anti spam - Anti fake account" (ets_advancedcaptcha) running. This module also uses an override with the "sendMessage" function and uses a hook in the contact form template. As soon as the hook is set, it doesn't work. If the hook isn't set, it works. Link to comment Share on other sites More sharing options...
metacreo Posted September 11 Author Share Posted September 11 @Netagent Did you succeed to combine the modules? If not, it would be good to look at the overwrite of other modules. Maybe I will make them compatible. Link to comment Share on other sites More sharing options...
helsinkisisu Posted September 14 Share Posted September 14 (edited) My 1.7.8.11 site suddenly started being hit by a registration bot three days ago (the upper and lower case random letter names one) and I gave your module a try. It has worked a charm and has caught 140 bot attempts in just over two days. 🙂👍 Is there a way to change the default to ban email as well as IP for these? They frequently use the same email address. My site has no newsletter and an embedded third-party contact form (a solution which allows zero spam submissions). So it's just registrations, and, in this country, it is pretty unlikely that we'll have any registrations with the email names being used. Edited September 14 by helsinkisisu (see edit history) 1 Link to comment Share on other sites More sharing options...
vintop95 Posted September 15 Share Posted September 15 You are the GOAT Link to comment Share on other sites More sharing options...
metacreo Posted September 16 Author Share Posted September 16 @helsinkisisu Yes, it is possible, but I did not do it intentionally. Now imagine a situation where an attacker will use email addresses of innocent people. In this way, the attacker will be able to prevent access to anyone. Link to comment Share on other sites More sharing options...
helsinkisisu Posted September 16 Share Posted September 16 (edited) 14 minutes ago, metacreo said: @helsinkisisu Yes, it is possible, but I did not do it intentionally. Now imagine a situation where an attacker will use email addresses of innocent people. In this way, the attacker will be able to prevent access to anyone. Yes, I appreciate this danger. However, out of the now 225+ registration attempts by the same bot, none of the email address names remotely resemble 99.9% of the genuine Finnish email names registering in the shop. And I would much prefer to make it that little bit more restrictive for the bot and deal with maybe one person with an English email name if they have difficulty registering. Looking back through four years of registered accounts, there is only one. And I know that customer personally. Edited September 16 by helsinkisisu (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted September 16 Author Share Posted September 16 @helsinkisisu Ok. let's try to add such an option in the near future Link to comment Share on other sites More sharing options...
metacreo Posted September 16 Author Share Posted September 16 @helsinkisisu New module ver. 1.0.7 witch option block bot emails can be downloaded from top. Testing. 1 Link to comment Share on other sites More sharing options...
helsinkisisu Posted September 16 Share Posted September 16 Thanks! Wasn't expecting that so quickly. 🤩 Looks to be working great for me. 1 Link to comment Share on other sites More sharing options...
NIO72 Posted September 19 Share Posted September 19 I try to use it on my PS 1.7.8.1 but reply to me a series of errors that you didn't know how to interpret but a very long list, I tried to download and install all the versions that are present in this topic but none of them works so I ask if someone can help me Link to comment Share on other sites More sharing options...
Ray UK Posted September 19 Share Posted September 19 Works fine on my 8.1.7 Im always afraid that is potentially blocking legitimate registrations. Would it be possible to maybe add columns for Name/Surname and remove the password hash column ( as I think that column is useless ). Then if we see a Name/Surname that looks legitimate we can have an option to authenticate that registration and send the email registration form to the customer with a custom note (ie, Upon registration, your ip address was mistaken as a potential bot registration. We have now activated your account and you are able to log in". Thanks for a great module 1 Link to comment Share on other sites More sharing options...
metacreo Posted September 20 Author Share Posted September 20 (edited) @Ray UK Thank you. I can add Name/Surname col`s. But many of shops using only email field for registration, depended on shop theme. During the entire period of use, no erroneous blocking was observed. If client using real browser (not like chrome headless for js scraping/hacking) there can be no mistake. Edited September 20 by metacreo (see edit history) 1 Link to comment Share on other sites More sharing options...
metacreo Posted September 20 Author Share Posted September 20 @NIO72 As far as I know and tested, this is the initial version 1.7.8.3. Earlier versions may have a different authentication mechanism, so the module will not work. As I wrote above, there is no point in making an adaptation for versions below 1.7.8.10, since you will still be hacked sooner or later and this module will not help. In order to try to help you, we still need to get some information from you. Option: I tried everything, I have a lot of errors - this means absolutely nothing to anyone. We don't have telepathic abilities, we need to know what errors the page and even the web server gives you. Link to comment Share on other sites More sharing options...
metacreo Posted September 20 Author Share Posted September 20 (edited) @Ray UK Columns added. I see you use PHP 8.3.9 PS 8.1.7 Please share experience. You have downgrade PHP on update time? Or correcting autoupgrade module? I just need to update one shop quickly. Edited September 20 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
NIO72 Posted September 20 Share Posted September 20 @metacreo Thanks for your reply. So yes, obviously you can't know all the error responses that were given to me but at the same time I didn't want to weigh down the chat by copying and pasting everything, it seemed a bit excessive to me. In the meantime I found an additional plugin online called "User verification" which is compatible with my version and in its simplicity I see that it is blocking all the unwanted registrations so for now it works like this and I'm fine. I know for sure that a good solution would certainly be to upgrade the software version but I still don't know exactly how to do it. And as long as this function is fine with me, at this point if in the future I should continue to have problems, however, I will resume this topic and I will return to ask for help, in the meantime, thank you very much for your enormous availability 😊 Link to comment Share on other sites More sharing options...
Ray UK Posted September 20 Share Posted September 20 (edited) 5 hours ago, metacreo said: @Ray UK Columns added. I see you use PHP 8.3.9 PS 8.1.7 Please share experience. You have downgrade PHP on update time? Or correcting autoupgrade module? I just need to update one shop quickly. Module is now showing the columns, First Name, Last Name.. but they are all blank. and the columns are now too wide. Can the password one be removed. I dont think that is of use to anybody. Edited September 20 by Ray UK (see edit history) Link to comment Share on other sites More sharing options...
Ray UK Posted September 20 Share Posted September 20 11 hours ago, metacreo said: @Ray UK Columns added. I see you use PHP 8.3.9 PS 8.1.7 Please share experience. You have downgrade PHP on update time? Or correcting autoupgrade module? I just need to update one shop quickly. Ive actually changed it back to 8.1.29. Not because I had any problems but the PS advice says the compatability does not go up to php 8.3.9 yet so unsure on updates. Link to comment Share on other sites More sharing options...
diysec Posted September 23 Share Posted September 23 Thanks for a great module. I have installed the latest 1.0.8 onto our server running 1.7.8.11. I am having an issue where it thinks my IP address is a BOT, even though I have cleared out the "SS Actions" table. I am asking what is the criteria that the module looks for when determining traffic is a bot? Thanks Link to comment Share on other sites More sharing options...
metacreo Posted September 23 Author Share Posted September 23 (edited) first name, last name columns removed from table, this data still is available in action view and edit. password column removed from table and still displayed in action view. @Ray UK The passwd column needed for many shops to set customer correct password. Many of customers not seen "remember my password" button and call to admins after blocking @diysec Can you give more details? What does "I think" mean? Edited September 23 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
helsinkisisu Posted September 23 Share Posted September 23 (edited) 1 hour ago, metacreo said: first name, last name columns removed from table, this data still is available in action view and edit. Why did you do this? It was perfect for immediately confirming (as in a quick glance at the table) a non-genuine login/registration. The listings below without names were recorded pre-1.0.8 Edited September 23 by helsinkisisu (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted September 23 Author Share Posted September 23 ok, let's return the first and last name to the table. I just noticed that the table is too wide. I use huge monitors, and this is inconvenient for users with laptops. I'll try to optimize the table. 1 Link to comment Share on other sites More sharing options...
helsinkisisu Posted September 23 Share Posted September 23 34 minutes ago, metacreo said: ok, let's return the first and last name to the table. I just noticed that the table is too wide. I use huge monitors, and this is inconvenient for users with laptops. I'll try to optimize the table. Yes, I have a huge monitor too (and 1080 laptop). Removing the password column will help, as the passwords a hashed anyway. Link to comment Share on other sites More sharing options...
metacreo Posted September 23 Author Share Posted September 23 Passwords column removed completely, it can be displayed on action view only. First/Last Names returned back to table... All as @Ray UK asked. 1 Link to comment Share on other sites More sharing options...
Ray UK Posted September 23 Share Posted September 23 Updated and working fine on PS8.1.7 Many thanks Link to comment Share on other sites More sharing options...
diysec Posted September 23 Share Posted September 23 @metacreo - More details for you. 1. Installed your module (v1.0.8) and left settings at defaults (ie 3 warn / 5 ban) 2. Go to SigIn page on my site and login with incorrect password as a test. 3. Look at SS Actions table and my IP address is detected as a "bot" and ban IP is set to "yes". Just want to know what criteria does the module use to determine what a "bot" is? Thanks Link to comment Share on other sites More sharing options...
metacreo Posted September 23 Author Share Posted September 23 @diysec Please wait some time. I make special debug version for you. Link to comment Share on other sites More sharing options...
metacreo Posted September 25 Author Share Posted September 25 (edited) @diysec Please download latest module. In module config enable debug mode and enter token who I sent you via PM. Save settings. Repeat your actions where module ban your IP. (go to login page, try login !!! at this moment your IP cannot be banned in actions table) If you see message about success debugging and debug mode can be turned off - disable debug mode. Edited September 25 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
diysec Posted September 25 Share Posted September 25 5 hours ago, metacreo said: @diysec Please download latest module. In module config enable debug mode and enter token who I sent you via PM. Save settings. Repeat your actions where module ban your IP. (go to login page, try login !!! at this moment your IP cannot be banned in actions table) If you see message about success debugging and debug mode can be turned off - disable debug mode. Thanks @metacreo for the support and debug assistance is solving my problem. Successfully resolved login issue with OPC with v1.0.9 of your module. Cheers Link to comment Share on other sites More sharing options...
helsinkisisu Posted September 25 Share Posted September 25 Easily the most responsive and helpful support I've had for any PS module. Donation sent. 👍 Link to comment Share on other sites More sharing options...
metacreo Posted September 25 Author Share Posted September 25 (edited) @diysec, @helsinkisisu Thank you new ver. 1.0.10 Everyone who is satisfied with the functionality and it works, there is no need to update, nothing new. Added simplest debugging support. Added Ajax Login and Ajax Registration support. Before this there were false definitions of the bot on sites with AJAX forms. Added Attempt Time option can set 1 - 10 min. time interval during which the checks is performed (between now and X minutes earlier). Message Please try again in a few minutes now indicates time who set by Attempt Time Like Please try again in a 3 minute(s). Action Table now have css (word-wrap: anywhere; word-break: break-all;) fixes display too long names. Thanks all for donation Edited September 25 by metacreo (see edit history) 1 Link to comment Share on other sites More sharing options...
Okiproko Posted September 26 Share Posted September 26 Bonjour, Je suis votre thread depuis le début et vous remercie pour la mise à disposition du module. Je suis sous PS 1.7.8.10 avec le dernier module Simple Security 1.0.10 installé. Je constate et ce uniquement sur mobile et Google Chrome la disparition de la case à cocher Politique de Confidentialité dès qu'on rentre son mail, empêchant l'envoi d'un mail puisque non coché. Sur les autres navigateurs, aucun souci, mais 2 fois sur 3, le message "Prohibited. Please contact site administrator.", test effectué avec mon email personnel alors que depuis l'admin section SS Actions, j'ai modifié mon email en Never sur Ban IP et Ban Email, mais le résultat est toujours le même. Une cliente m'a appelé ce jour m'informant de la difficulté à envoyer un mail... cependant il bloque parfaitement les mails étrangers vraiment indésirables, top top ! Une idée ? Link to comment Share on other sites More sharing options...
metacreo Posted September 26 Author Share Posted September 26 @Okiproko Hello, I didn't quite understand what the problem was. The flag disappearing is not related to the module, it doesn't have such functionality. If you set "ban email", then everything is correct, this email is blocked. If the client is blocked, see the SS Actions table. To unblock, delete all records associated with this IP and/or email. Or set 'never ban...' to last record (ordered by ID record). See if the number of attempts has been exceeded or if the client is identified as a bot. What theme are you using? Does the form use AJAX? site url? Link to comment Share on other sites More sharing options...
Okiproko Posted September 26 Share Posted September 26 (edited) Hello, Thank you for your quick feedback, I'm using the Cartzilla theme from Prestasafe, the form doesn't use Ajax, the site doesn't use Ajax. My email address is shown in Never on the IP and email. Edited September 26 by Okiproko (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted September 26 Author Share Posted September 26 (edited) 1 hour ago, Okiproko said: My email address is shown in Never on the IP and email. Tested just now your contact form. All works fine. Tested with pc, mobile with chrome. No bugs detected. All works fine. You cat see my connections in Action table meta***@newe***on.com IP start 88.216.... and over mobile ipv6 Now about checkbox and chrome. the checkbox is removed when the form is reloaded, this is normal behavior. You can also make it set by default, for this you need to edit the template file OR override or change controller (in your case gdpr_module) to make checkbox "rememberable" user set. If I didn't understand something, please write in more detail. P.S. To set properly UNBAN needs set unban in last table record (last by time or ID) or better is to remove all records related to IP/Email and leave one with unban settings. Edited September 26 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
diysec Posted October 1 Share Posted October 1 Hi @metacreo Updated your module to the latest version 1.0.10 and no longer working for me. Previous module 1.0.9 - where you added support for AJAX was working. Would you like to do another debug trace? Link to comment Share on other sites More sharing options...
metacreo Posted October 1 Author Share Posted October 1 @diysec Hello, Please go to module config page. Ensure that module enabled. Check AJAX settings state. After update to 1.0.10 AJAX settings added and set by default to disabled. This is related to this version only. Link to comment Share on other sites More sharing options...
metacreo Posted October 1 Author Share Posted October 1 fixed bug of wrong message in productcomments override native module. Now message of success comment post shown correctly. Link to comment Share on other sites More sharing options...
diysec Posted October 1 Share Posted October 1 3 hours ago, metacreo said: @diysec Hello, Please go to module config page. Ensure that module enabled. Check AJAX settings state. After update to 1.0.10 AJAX settings added and set by default to disabled. This is related to this version only. Hi, AJAX settings are on (see attached) and module is enabled. Link to comment Share on other sites More sharing options...
metacreo Posted October 1 Author Share Posted October 1 (edited) @diysec ok, so what's going on? what's not working? turn on debug with Ti0EgX2VhTtqDCwOAqyovZJOtJYVUCdA Edited October 1 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
diysec Posted October 1 Share Posted October 1 Hi @metacreo Turned on debug and did 4 login attempts with sign-in form. I do not even see anything recorded in the SS Actions table. Its as if the module is not there even though its enabled (including the AJAX settings). I am going uninstall the module and reinstall. I will report back Link to comment Share on other sites More sharing options...
metacreo Posted October 1 Author Share Posted October 1 ver 1.0.11 Removed all AJAX settings. Improved automatic AJAX detection. Link to comment Share on other sites More sharing options...
Ray UK Posted October 1 Share Posted October 1 Im not sure when this happened, but this module and the ReCaptch module are now conflicting. This is stopping anybody being able to log in as it throws an error like this {“error”: true, “message”: “404 not found!”}, Ive disabled the Recaptcha one for now and its working again. Link to comment Share on other sites More sharing options...
diysec Posted October 2 Share Posted October 2 Hi, My problem of the module not working appears to be with our reCaptcha (Knowband) module as well. Turn it off and your module works perfectly, turn it on and your module does NOT function on our site (ie does not record any attempts in SS Action table). Is this something where a fix is need in your module or in the reCaptcha module? Thanks Link to comment Share on other sites More sharing options...
metacreo Posted October 2 Author Share Posted October 2 @Ray UK, @diysec Hello, I don't quite understand why you need a module if you use captcha or why you need a captcha if you use a module. Oh well... I'll try to make them friends (the module with your captchas). Let's try to find a way to check the contact form without overriding contact module, which is very good. This will take longer than previous fixes as there is a lot of testing to do. Link to comment Share on other sites More sharing options...
diysec Posted October 2 Share Posted October 2 @metacreo Hi You make a good point. I mainly use your module to restrict login attempts because PS does not do this natively (well on 1.7.8.11 it does not). Link to comment Share on other sites More sharing options...
Ray UK Posted October 2 Share Posted October 2 (edited) 5 hours ago, metacreo said: @Ray UK, @diysec Hello, I don't quite understand why you need a module if you use captcha or why you need a captcha if you use a module. Oh well... I'll try to make them friends (the module with your captchas). Let's try to find a way to check the contact form without overriding contact module, which is very good. This will take longer than previous fixes as there is a lot of testing to do. I just thought double protection may be good. I don't have a single registration or contact form submission since disabling the recaptcha module, so looks like just yours alone will do the trick. No need to go through the hassle of remaking it without the override. And since disabling the recaptcha yesterday, I now have 136 entries in the SS Action, which I never got before. Edited October 2 by Ray UK (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted October 2 Author Share Posted October 2 (edited) All clear. I'm still thinking about how to make sure the modules don't conflict. The most correct solution is to refuse override. But then we will have to create an extra load on hooks. Since the contact form and controller do not have any hooks, we will have to load everything into the displayHeader hook, which means that the module will hang in memory all the time. Here I need to think through everything Edited October 2 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted October 9 Author Share Posted October 9 (edited) Major module rework. New ver. 1.0.12 Fixed sql/install.php (duplicate entry warning during upgrade). Removed all overrides (no more needed).Unhooked all hooks (no more needed) and hooked to one FrontController initialisation hook. Now module works directly with FrontController and will intercept requests directly and faster. Improvements: Full support for modules: contactform, iqitreviews, productcomments, ps_emailsubscription, iqitemailsubscriptionconf. (without overrides) Modules support tested on PS 8.2.0 with default theme and warehouse 4.6.4. Added checks on add products to cart. (block bots on click add to cart) Added checks on registration to guest or customer during checkout. (block bots on order page) upgrade-1.0.12.php file added but if something wrong try to reinstall the module. Do not forget to backup tables if needed. After this upgrade may work on earlier PS versions but minimum is 1.7.7 (not tested) For testing modify: $this->ps_versions_compliancy = ['min' => '1.7.8.3', 'max' => _PS_VERSION_]; Change min to 1.7.7 version. Thanks all for donations. Edited October 15 by metacreo syntax (see edit history) Link to comment Share on other sites More sharing options...
Ray UK Posted October 10 Share Posted October 10 20 hours ago, metacreo said: Major module rework. New ver. 1.0.12 Fixed sql/install.php (duplicate entry warning during upgrade). Removed all overrides (no more needed).Unhooked all hooks (no more needed) and hooked to one FrontController initialisation hook. Now module works directly with FrontController and will intercept requests directly and faster. Improvements: Full support for modules: contactform, iqitreviews, productcomments, ps_emailsubscription, iqitemailsubscriptionconf. (without overrides) Modules support tested on PS 8.2.0 with default theme and warehouse 4.6.4. Added checks on add products to cart. (block bots on click add to cart) Added checks on registration to guest or customer during checkout. (block bots on order page) upgrade-1.0.12.php file added but if something wrong try to reinstall the module. Do not forget to backup tables if needed. After this upgrade may work on earlier PS versions but minimum is 1.7.7 (not tested) For testing modify: $this->ps_versions_compliancy = ['min' => '1.7.8.3', 'max' => _PS_VERSION_]; Change min to 1.7.7 version. Thank all for donations. Updated. After update, I noticed the override is still in the override folder. Ive deleted it manually, but will that cause issues. Many Thanks Link to comment Share on other sites More sharing options...
metacreo Posted October 10 Author Share Posted October 10 @Ray UK No. This module not needed overrides. But check other modules like captcha, reCaptcha, etc... if they used overrides then reinstall these modules. Link to comment Share on other sites More sharing options...
Ray UK Posted October 10 Share Posted October 10 57 minutes ago, metacreo said: @Ray UK No. This module not needed overrides. But check other modules like captcha, reCaptcha, etc... if they used overrides then reinstall these modules. Yes I saw that in your notes. I know it doesnt need an override, but the override from the previous version of your module was still there. I opened it up and it mentioned ets in there so I deleted that override. Not sure if you can put something in your install file to remove that override for people who are less savvy Link to comment Share on other sites More sharing options...
metacreo Posted October 11 Author Share Posted October 11 Strange. The directories should have been deleted. Both from the module folder and from the overrides folder. Maybe you have wrong permissions on override dir or wrong owner. @$module->unregisterHook('actionNewsletterRegistrationBefore'); @$module->unregisterHook('actionAuthenticationBefore'); @$module->unregisterHook('actionSubmitAccountBefore'); @$module->unregisterHook('actionCheckoutRender'); @$module->unregisterHook('displayHeader'); $module->registerHook('actionFrontControllerInitBefore'); $modOverridePath = _PS_MODULE_DIR_ . 'simplesecurity/'; $modDirs = [ 'override/modules/productcomments/controllers/front', 'override/modules/productcomments/controllers', 'override/modules/productcomments', 'override/modules/iqitreviews/controllers/front', 'override/modules/iqitreviews/controllers', 'override/modules/iqitreviews', 'override/modules/contactform', 'override/modules', 'override' ]; foreach ($modDirs as $dir) { if (file_exists($modOverridePath . $dir)) { @array_map('unlink', glob($modOverridePath . $dir . '/*.*')); @rmdir($modOverridePath . $dir); } } $psOverridePath = _PS_OVERRIDE_DIR_ . 'modules/'; $psDirs = [ 'productcomments/controllers/front', 'productcomments/controllers', 'productcomments', 'iqitreviews/controllers/front', 'iqitreviews/controllers', 'iqitreviews', 'contactform' ]; foreach ($psDirs as $dir) { if (file_exists($psOverridePath . $dir)) { @array_map('unlink', glob($psOverridePath . $dir . '/*.*')); @rmdir($psOverridePath . $dir); } } return true; Link to comment Share on other sites More sharing options...
diysec Posted October 16 Share Posted October 16 Hi @metacreo Upgraded to version 1.0.12 from 1.0.10 and now I see NO attempts logged in SS Actions table and I still have reCaptcha turned off. Help? Link to comment Share on other sites More sharing options...
metacreo Posted October 16 Author Share Posted October 16 (edited) 9 hours ago, diysec said: Hi @metacreo Upgraded to version 1.0.12 from 1.0.10 and now I see NO attempts logged in SS Actions table and I still have reCaptcha turned off. Help? in modules list shown version 1.0.12? try clean cache and install module again. check module hooks. go to design > positions. select show:1-simplesecurity. and check Display non-positionable hooks you must see only one hook actionFrontControllerInitBefore and check is module ENABLED first. In some cases module disables on error(permissions, owner) during install or update. Edited October 16 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
diysec Posted October 18 Share Posted October 18 Hi @metacreo Module shows as 1.0.12. I uninstalled module and re-installed it. Checked the module hooks (see attached) and module is enabled. It is showing the same signs as an older version of the module before you included fixes for AJAX, not sure if that issue has come back. Link to comment Share on other sites More sharing options...
metacreo Posted October 18 Author Share Posted October 18 (edited) maybe you have filled filters in table ? try reset please write me url of your site or go to config, enter token and enable debug. Edited October 18 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted 24 minutes ago Author Share Posted 24 minutes ago Small improvement. Version UP 1.0.13. Added support for legal bots. Bots that report themselves as bots are blocked. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now