Who's Online 86 Members, 0 Anonymous, 529 Guests (See full list)
- Diakoff D
- K Attila
- George Bazz
- Jonatan - Siabyte
This stream auto-updates
- Past hour
juju74460 replied to doekia's topic in Utilisation de PrestaShop : configuration et difficultés😂 Qu'elle idée de s'y prendre comme ça ! Merci Eolia 😉
Casper_O replied to doekia's topic in General topicsit is not a question of if it will fail, but a question of when it will fail. Because people tried the same under the russian contact form spam attack. It lasted verry short. Problem is here, that if you fx send to many mails to gmail, hotmail, yahoo or other bigger ISP where delivery fails, and you do this much, your server and domain will end up on a email blacklist sooner or later. And that can be a pain to get off. If i had to compare this to something, it is like your asking people to pee in their pants for warmth in winter. They get a temporary relief, but it is followed by an even worse predicament.
And if the hacker decides not to type www or http in the name field of the form, what happens to your solution then?
factoriadigital started following [SECURITE] SPAM Customer Account : solution [1.3 -> 1.7]
We are modifying the module to detail that the code used is yours. (Doekia) we have tried to solve quickly to help those who do not have ftp access. Regards.
@AmirRzdBecause your solution does not protect anything, it invite hacker to simply adjust the url and continue their attacks. It does harm the entire ecosystem having such unprotected possible target by feeding the interest for hacker to brute scan in case they succeed
You are right and I know @doekia has a point and I understand know why he was mad. All I want to know is if my solution is going to harm the store or not? If it is wrong just because it "might" fail, that is okay with me. When it fails I will try other solutions. But if my solution is going to harm, I really need to know more about that.
Yes you copied my code and claim it a free contribution, but prior version 126.96.36.199, the override as it was written makes shop to simply crash!
You are really stubborn ! Your new url is known the second you publish it. It is the link on your page and it suffice the bot to use ?controller=auth to "discover" your page. You are not only stupid, your are dangerous for the entire ecosystem! DELETE YOUR POST AND TOPIC
This module makes the changes in overrides to apply it on: classes/Validate.php classes/Customer.php You can try it in 1.5. It is a totally free contribution.
desistore.in joined the community
Casper_O replied to doekia's topic in General topics@AmirRzd the reason for your "solution" is not a real solution is, that whoever is doing these fake account registration might be reading in here also and getting clever over time. Same happend with the contact form spam. People tried the same as you tell people to do now, and it failed. When he figure out he should acually just send it to the controller directly instead trying to guess the SEO friendly URL, then your solution is useless. Try visting https://<your-domain.tld>/?controller=auth - it would acually redirect you to the SEO friendly url Also, for now it seems to be a bit by language, who is beeing attacked. But that would change really fast, just like we saw with the contact form spam
What is the purpose of such? Btw the minimal version is 188.8.131.52
pavlenco joined the community
Yes that is possible. For that I did not propose a single alternative. It is working for me and many others around me. Unless I know that my solution is harmful for a PrestaShop store, I think it is okay.
Note: Topic Name was changed from: PRESTASHOP Spam customer account best and simplest solution This solution is as @doekia said not a real solution, and definitely not the best, since it do not prevent the spam, it only slow the process down for a little. If i had to compare it to something, it is like if you are peeing in your pants for warmth in winter. The temporary relief is followed by an even worse predicament.
ThankBooks replied to doekia's topic in General topicsI'm no expert but even I can see how if everyone implemented your proposal, a spammer would soon know what URL to redirect to and start over again.
davidcedillo.126 joined the community
I removed security from the topic. But it is still a solution unless you tell us otherwise since you are an expert. I think we'd better tell everyone why this solution is wrong.
Hi, Solution with a module here: https://www.factoriadigital.com/prestaforum/threads/solucion-a-registros-fraudulentos-en-prestashop.1557/#post-4294 Regards!
stvaustinez joined the community
que tal @Faby Pena cuando yo sincronizo los WS que me arrojan los datos tiene otro que valida que un dato ya se sincronizo. yo lo valido desde el otro lado para que no me arrojen datos duplicados así dato sincronizado dato que valido para que no se vuelva a insertar. y depende de esta tabla es lo datos que faltan por bajar o subir
miguelsanmx replied to miguelsanmx's topic in PrestaShop Download: instalación, actualización y configuracióngusman126, te agradezco la ayuda pero por ninguna de las opciones pude resolverlo, realmente llevaba muy poco avanzado así que decidí comenzar nuevamente reinstalando todo, de cualquier manera gracias.
I'm mad since your proposal is every thing but security. And what is at stake here is security. Remove your post and your topic - case close
Obviously you have no idea about the Ambassador badge. You are mad at me and I have no idea why. Until you write a helpful comment, I am not going to reply to your comments.
Creating such topic with your ambassador badge + saying "I have a much simpler solution", makes it an argument by authority. Result is absolutely the same you are misleading people