ZIKODK Posted August 2, 2022 Share Posted August 2, 2022 After upgrading to PS1.7.8.6 a few weeks ago, and later upgrading to PS1.7.8.7, I have customer creation that I would call spam. See examples in the attached image. There may be 5-10 customers every day. Is this part of the vulnerability that has been announced about Prestashop. The modules I have installed to check this vulnerability do not report the vulnerability (except for blockwhistlist, so remember to update that module!!). What can I do to avoid this? Link to comment Share on other sites More sharing options...
Martin_NZ Posted August 2, 2022 Share Posted August 2, 2022 I am also seeing this since updating to 1.7.8.7 Only started after the update. Customers are being created with random characters for names. email addresses appear legitimate although probably from public paste/leak. Password recovery emails being sent Here is extract of server log... Cannot block IP as multiple different IP are doing this. Anyone.... How to stop please.... 175.117.144.158 - - [02/Aug/2022:14:16:09 -0700] "POST / HTTP/1.1" 200 45014 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:18 -0700] "GET /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:19 -0700] "POST /contact-us HTTP/1.1" 200 35437 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:21 -0700] "POST /contact-us HTTP/1.1" 200 35439 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:22 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:24 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:25 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:26 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:28 -0700] "GET /my-account HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:29 -0700] "GET /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:32 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:34 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:36 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:38 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:40 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:42 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:50 -0700] "GET /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:56 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:57 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:16:59 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:00 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:02 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:05 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:06 -0700] "GET /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:13 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:15 -0700] "GET / HTTP/1.1" 200 45314 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:17 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:18 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:20 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:22 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:23 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:25 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:27 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:29 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:31 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:33 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:35 -0700] "GET /new-products HTTP/1.1" 200 31749 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:37 -0700] "POST /new-products HTTP/1.1" 200 31913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:39 -0700] "POST /new-products HTTP/1.1" 200 31913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:41 -0700] "POST /new-products HTTP/1.1" 200 31749 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:43 -0700] "GET /?mylogout= HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:44 -0700] "GET / HTTP/1.1" 200 45009 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:46 -0700] "POST / HTTP/1.1" 200 45178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:47 -0700] "POST / HTTP/1.1" 200 45178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:49 -0700] "POST / HTTP/1.1" 200 45014 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:51 -0700] "GET /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:57 -0700] "POST /contact-us HTTP/1.1" 200 35441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:17:59 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:01 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:03 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:05 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:14 -0700] "GET /my-account HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:15 -0700] "GET /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:29 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:32 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:34 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:36 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:37 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:39 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:46 -0700] "GET /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:47 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:52 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:55 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:57 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:18:59 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:01 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:02 -0700] "GET /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:19 -0700] "POST /login?create_account=1 HTTP/1.1" 200 36083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:21 -0700] "POST /login?create_account=1 HTTP/1.1" 200 36089 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:22 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:24 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35980 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:26 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35980 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 175.117.144.158 - - [02/Aug/2022:14:19:28 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" Link to comment Share on other sites More sharing options...
Mediacom87 Posted August 2, 2022 Share Posted August 2, 2022 Hi, The best solution is a Captcha on your site. Like : https://www.prestatoolbox.com/security/423-anti-spam-mathematical-captcha.html 1 Link to comment Share on other sites More sharing options...
Martin_NZ Posted August 2, 2022 Share Posted August 2, 2022 Thank you for advertising your paid module to us. My question is more along the lines of WHY this has only started occurring since the 1.7.8.6 - 1.7.8.7 update. What's changed. In reference to the OP is this related to the recently disclosed vulnerability or or is something else going on here. Link to comment Share on other sites More sharing options...
ZIKODK Posted August 3, 2022 Author Share Posted August 3, 2022 (edited) I want to make customer creation as simple as possible, and will NOT use a reCaptcha module when a customer registers. Agree with Martin_NZ. Why did this start after PS1.7.8.6? Does it have anything to do with the previously reported vulnerability? Prestashop must step in here with a solution. Edited August 3, 2022 by ZIKODK (see edit history) Link to comment Share on other sites More sharing options...
endriu107 Posted August 3, 2022 Share Posted August 3, 2022 You have IP address so you can easly block it on htaccess file, and you should. It's hard to tell it is related to latest voulnerability but if it does and they still try it seems yours prestashop is protected well. 14 minutes ago, ZIKODK said: I want to make customer creation as simple as possible, and will NOT use a reCaptcha module when a customer registers. You can add invisible captcha to your register form. Link to comment Share on other sites More sharing options...
Mediacom87 Posted August 3, 2022 Share Posted August 3, 2022 il y a 12 minutes, ZIKODK a dit : I want to make customer creation as simple as possible, and will NOT use a reCaptcha module when a customer registers. My module has this particularity to secure your site with invisible technologies on the registration page, the mathematical captcha appears only on the contact form to show the visitor the importance you bring to the security of their data. Il y a 7 heures, Martin_NZ a dit : Thank you for advertising your paid module to us. My question is more along the lines of WHY this has only started occurring since the 1.7.8.6 - 1.7.8.7 update. What's changed. In reference to the OP is this related to the recently disclosed vulnerability or or is something else going on here. Currently, I spend my time informing people or securing their sites following the latest security announcements of PrestaShop, so no, I have not taken the time to look into the analysis of PrestaShop code in its entirety. I have, so far, found as the only solution to fight against this attack that dates back to June 2020, the captcha. Link to comment Share on other sites More sharing options...
ZIKODK Posted August 3, 2022 Author Share Posted August 3, 2022 I am still asking for answer, why this started after upgrading to PS1.7.8.6 and PS1.7.8.7. I use reCaptcha - Google Anti Spam, developed by Prestashop, but only on the contact form. That module meets my needs and I have no intention of changing that. Link to comment Share on other sites More sharing options...
endriu107 Posted August 3, 2022 Share Posted August 3, 2022 3 minutes ago, ZIKODK said: I am still asking for answer, why this started after upgrading to PS1.7.8.6 and PS1.7.8.7. I tkink it's not related with PrestaShop version, there wasn't any changes to add spammers more possibilities. Link to comment Share on other sites More sharing options...
Mediacom87 Posted August 3, 2022 Share Posted August 3, 2022 à l’instant, endriu107 a dit : I tkink it's not related with PrestaShop version, there wasn't any changes to add spammers more possibilities. Maybe he had set up a protection directly in a core file that was overwritten during the update. So we should take the archive of the version before the update and compare the files with the new one to identify the difference. And share the result with the community since it seems to fix this kind of attack. il y a 8 minutes, ZIKODK a dit : I use reCaptcha - Google Anti Spam, developed by Prestashop, but only on the contact form. That module meets my needs and I have no intention of changing that. Ask them to modify their module to meet the needs of their customers by securing the registration form. Link to comment Share on other sites More sharing options...
Martin_NZ Posted August 3, 2022 Share Posted August 3, 2022 46 minutes ago, endriu107 said: You have IP address so you can easly block it on htaccess file, and you should. It's hard to tell it is related to latest voulnerability but if it does and they still try it seems yours prestashop is protected well. You can add invisible captcha to your register form. This is only one of many many IP address, whois lookups show they are originating from all over the place. china, korea, taiwan, spain. Playing whack a mole blocking IP after IP does not address the problem it simply removes the symptom. Link to comment Share on other sites More sharing options...
Martin_NZ Posted August 3, 2022 Share Posted August 3, 2022 16 minutes ago, Mediacom87 said: Maybe he had set up a protection directly in a core file that was overwritten during the update. So we should take the archive of the version before the update and compare the files with the new one to identify the difference. And share the result with the community since it seems to fix this kind of attack. Ask them to modify their module to meet the needs of their customers by securing the registration form. No customisation previously and as discussed never happened before the 1.7.8.7 update was applied Link to comment Share on other sites More sharing options...
Mediacom87 Posted August 3, 2022 Share Posted August 3, 2022 il y a 4 minutes, Martin_NZ a dit : No customisation previously and as discussed never happened before the 1.7.8.7 update was applied Maybe it's unrelated and you've just escaped this attack until now. Link to comment Share on other sites More sharing options...
Martin_NZ Posted August 3, 2022 Share Posted August 3, 2022 11 minutes ago, Mediacom87 said: Maybe it's unrelated and you've just escaped this attack until now. Possibly but seems more than coincidence given OP reporting the same since upgrade. 1 Link to comment Share on other sites More sharing options...
Mediacom87 Posted August 3, 2022 Share Posted August 3, 2022 Il y a 2 heures, Martin_NZ a dit : Possibly but seems more than coincidence given OP reporting the same since upgrade. I just compared the files between version 1.7.8.6 and version 1.7.8.7, there is no reason that the update could cause this. Link to comment Share on other sites More sharing options...
ZIKODK Posted August 4, 2022 Author Share Posted August 4, 2022 A compere beteeen 1.7.8.x. and 1.7.8.6. I had the problem allready in 1.7.8.6. I upgradet from 1.7.7.5. So versions before 1.7.8 6 may havea difference? Link to comment Share on other sites More sharing options...
BSStor Posted October 16, 2022 Share Posted October 16, 2022 This is a reoccurrence of an old issue . It was fixed in 1.7.5.2 but going to 1.7.8.7 it has reappeared. It is an serious exploit. It seems as though they create a customer record without registration and then try to password query it but fails. CAPTCHA wont fix it as it as it is a backdoor. Check your customer lists and you may find you have been attacked. This needs some serious consideration and an immediate fix. These pics show they never registered through the shop and have never logged in. 1 Link to comment Share on other sites More sharing options...
Mediacom87 Posted October 17, 2022 Share Posted October 17, 2022 Il y a 10 heures, BSStor a dit : This is a reoccurrence of an old issue . It was fixed in 1.7.5.2 but going to 1.7.8.7 it has reappeared. Could you explain this, as evidence to the contrary an applied patch does not disappear on its own, would you have a GitHub issue or a PR in reference regarding these claims? 1 Link to comment Share on other sites More sharing options...
marketyellow3 Posted October 17, 2022 Share Posted October 17, 2022 You could use cloudflare for protection, it has an build-in bot management system. You don't need to install an CAPTCHA for this. https://www.cloudflare.com/products/bot-management/ 1 Link to comment Share on other sites More sharing options...
BSStor Posted October 17, 2022 Share Posted October 17, 2022 12 hours ago, Mediacom87 said: claims https://build.prestashop-project.org/news/major-security-vulnerability-on-prestashop-websites/ 1 Link to comment Share on other sites More sharing options...
BSStor Posted October 17, 2022 Share Posted October 17, 2022 (edited) PrestaShop 1.7.8.7 has been released to strengthen the MySQL Smarty cache storage against code injection attacks. but it seems to still be occurring. It may not be the exact same attack. Its not like hackers only have one motive. This may be a variation. Edited October 17, 2022 by BSStor added more (see edit history) 1 Link to comment Share on other sites More sharing options...
ZIKODK Posted October 18, 2022 Author Share Posted October 18, 2022 18 hours ago, marketyellow3 said: You could use cloudflare for protection, it has an build-in bot management system. You don't need to install an CAPTCHA for this. https://www.cloudflare.com/products/bot-management/ Another proposal for a solution to be paid for. If the problem has been there until 1.7.5.2 and has come again at 1.7.8.7 the right solution would be for Prestashop to fix it again. Preferably in version 8.0. Link to comment Share on other sites More sharing options...
Mediacom87 Posted October 18, 2022 Share Posted October 18, 2022 Il y a 1 heure, ZIKODK a dit : If the problem has been there until 1.7.5.2 and has come again at 1.7.8.7 the right solution would be for Prestashop to fix it again. Preferably in version 8.0. I am still waiting for any proof of his allegations. For I have never heard of this anywhere and yet I believe I would be the most knowledgeable on this forum. A solution like ClouFlare is a good thing to set up by being careful on its configuration, even in free version, it improves a lot of things.https://www.mediacom87.fr/en/cloudflare-and-keycdn-the-perfect-couple-for-prestashop/ 1 Link to comment Share on other sites More sharing options...
marketyellow3 Posted October 18, 2022 Share Posted October 18, 2022 1 hour ago, ZIKODK said: Another proposal for a solution to be paid for. If the problem has been there until 1.7.5.2 and has come again at 1.7.8.7 the right solution would be for Prestashop to fix it again. Preferably in version 8.0. I've had the same issue on some of my shops and fixed it with the free version of Cloudflare. 1 Link to comment Share on other sites More sharing options...
Wallgrind.nl Posted October 18, 2022 Share Posted October 18, 2022 They are really just spam bots, use a stronger recaptcha score to prevent them on your registration form. 1 Link to comment Share on other sites More sharing options...
anabal Posted October 18, 2022 Share Posted October 18, 2022 I have the same issue in 1.7.6.1 version, false customer accounts and carts are been created in the last week. 1 Link to comment Share on other sites More sharing options...
BSStor Posted October 18, 2022 Share Posted October 18, 2022 14 hours ago, Mediacom87 said: I am still waiting for any proof of his allegations. For I have never heard of this anywhere and yet I believe I would be the most knowledgeable on this forum. A solution like ClouFlare is a good thing to set up by being careful on its configuration, even in free version, it improves a lot of things.https://www.mediacom87.fr/en/cloudflare-and-keycdn-the-perfect-couple-for-prestashop/ This is not a criminal case and I havent read that you are a judge to determine the validity of an 'allegation'. Cloudfare want $200 a month for a business shop. Free is for hobby. Is this forum just for advertisers selling their wares as self proclaimed gods of prestashop?? There are multiple shop owners with the same issue / exploit. I support the OP and others that have the same issue. This exploit needs to be addressed as it is in the core of prestashop and the reputation of security prestashop would be at risk if it is dismissed as a figment of our imaginations. If we are all ignored then the real solution is to migrate the shop to a secure platform. A solution is required in the core and their are multiple examples. The bot is not going through the registration page. It is a code exploit. No more advertisers , its just making the issue cloudy. 2 Link to comment Share on other sites More sharing options...
Nickz Posted October 18, 2022 Share Posted October 18, 2022 (edited) I think its overly interpreted. With some 1000 Updates a day and 2 people claiming that they get Spam after having updated is way overthought. It might be that your mail did not function flawlessly. Edited October 18, 2022 by Nickz (see edit history) 1 Link to comment Share on other sites More sharing options...
RamboRich Posted October 19, 2022 Share Posted October 19, 2022 (edited) No, its just not 2 people BTW. I just upgraded my shop a few days ago to the newest version (1-click-upgrade) 1.7.8.7 from v176x and have noticed this as well. Something is going on. Never have I had so many weird registers with what the OP (ZIKODK) shows. Mine is looking pretty much the same. Everything else on my shop has stayed the same, same modules, no changes... It only happened when I upgraded to the newest version. Which was around 3-4 days ago. Edit: for attached screenshot and weird customer names with random characters but some sort of valid email address: Edited October 19, 2022 by RamboRich Add screenshot & additional info (see edit history) 1 Link to comment Share on other sites More sharing options...
RamboRich Posted October 19, 2022 Share Posted October 19, 2022 I have to retract. These weird registrations have been going on for some time. At least they show that way since the upgrade. I didn't notice them before the upgrade though... I looked thru my history beyond the update point and (at least since before I upgraded to newer 1.7.8.7) there's still a bunch of weird registration names (random characters) with what seems to be somewhat valid email addresses. I'm seeing the same thing on an older shop running 1.7.5.1 Therefore, using logic and deduction, etc. It is not due to the upgrade as its being going on in my other shop and it seems on a regular basis... Google Captcha on the registration form should work, would it not? 1 1 Link to comment Share on other sites More sharing options...
Mediacom87 Posted October 19, 2022 Share Posted October 19, 2022 Il y a 11 heures, BSStor a dit : This is not a criminal case and I havent read that you are a judge to determine the validity of an 'allegation'. Cloudfare want $200 a month for a business shop. Free is for hobby. Is this forum just for advertisers selling their wares as self proclaimed gods of prestashop?? There are multiple shop owners with the same issue / exploit. I support the OP and others that have the same issue. This exploit needs to be addressed as it is in the core of prestashop and the reputation of security prestashop would be at risk if it is dismissed as a figment of our imaginations. If we are all ignored then the real solution is to migrate the shop to a secure platform. A solution is required in the core and their are multiple examples. The bot is not going through the registration page. It is a code exploit. No more advertisers , its just making the issue cloudy. Ok, so you announce that this was fixed, but that it is back on the latest version of PrestaShop, I don't judge your words, but when you announce things like that, you rely on specific things and since the code difference between 1.7.8.6 and 1.7.8.7 can't be about this point you're addressing, I'm trying to understand on what basis you announce that. Have you posted an issue on GitHub? Are you referring to an already created issue and if so, which one? Regarding CloudFlare, I never said it was the ultimate solution, but a possible solution. After that, if people don't have a captcha installed on their store to secure their site, what can I do? Link to comment Share on other sites More sharing options...
Nickz Posted October 19, 2022 Share Posted October 19, 2022 10 hours ago, RamboRich said: No, its just not 2 people BTW. I just upgraded my shop a few days ago to the newest version (1-click-upgrade) 1.7.8.7 from v176x and have noticed this as well. so there are 3. Your 3 need to get together to find the one ingredient tying you to the Spam. An infected Module maybe. A Web-outfit you all used? Did your Mail work before the update? Why did you all update? Link to comment Share on other sites More sharing options...
RamboRich Posted October 19, 2022 Share Posted October 19, 2022 (edited) 10 hours ago, RamboRich said: I have to retract. These weird registrations have been going on for some time. At least they show that way since the upgrade. I didn't notice them before the upgrade though... I looked thru my history beyond the update point and (at least since before I upgraded to newer 1.7.8.7) there's still a bunch of weird registration names (random characters) with what seems to be somewhat valid email addresses. I'm seeing the same thing on an older shop running 1.7.5.1 Therefore, using logic and deduction, etc. It is not due to the upgrade as its being going on in my other shop and it seems on a regular basis... Google Captcha on the registration form should work, would it not? See my previous post, quoted above. I've determined the upgrade was not the cause. Edited October 19, 2022 by RamboRich (see edit history) 1 Link to comment Share on other sites More sharing options...
ZIKODK Posted October 19, 2022 Author Share Posted October 19, 2022 21 minutes ago, Nickz said: so there are 3. Your 3 need to get together to find the one ingredient tying you to the Spam. An infected Module maybe. A Web-outfit you all used? Did your Mail work before the update? Why did you all update? Forget it. I do not want to spend my time on this topic anymore. Link to comment Share on other sites More sharing options...
Martin_NZ Posted October 19, 2022 Share Posted October 19, 2022 Likewise I'm done here. I've used and supported Prestashop for almost a decade but frankly I find the comments in these forums adversarial and accusatory. Module developers pushing their own commercial products and dismissal of genuine queries when all we want is issues we raise to be addressed in a sensible fashion. Ive watched the developers and self appointed demi-gods argue and tell us as general users of a product that we should be doing this and that doing github things, interpreting code and all sorts of other nonsense. We are end users not developers. We just want a product that works well without all the aggro. I'm done with Prestashop. As a trial I've since migrated some of my sites to Woo Commerce and I'm very happy with the end result. The rest will follow in due course. 1 Link to comment Share on other sites More sharing options...
Mediacom87 Posted October 19, 2022 Share Posted October 19, 2022 Il y a 2 heures, Martin_NZ a dit : Likewise I'm done here. I've used and supported Prestashop for almost a decade but frankly I find the comments in these forums adversarial and accusatory. Module developers pushing their own commercial products and dismissal of genuine queries when all we want is issues we raise to be addressed in a sensible fashion. Ive watched the developers and self appointed demi-gods argue and tell us as general users of a product that we should be doing this and that doing github things, interpreting code and all sorts of other nonsense. We are end users not developers. We just want a product that works well without all the aggro. I'm done with Prestashop. As a trial I've since migrated some of my sites to Woo Commerce and I'm very happy with the end result. The rest will follow in due course. I agree with you on many points. But, the life of an opensource script is not simple, especially in the world of online commerce where merchants want a flawless solution without spending money and where developers try to support the project, but must also earn a living on the side. I have provided an answer with what I think is the best solution to fix a problem with a reasonable investment for a merchant. As I also explained, the code difference between version 1.7.8.6 and 1.7.8.7 can't justify having this kind of problem, it's just that the bots fell on the sites after the update. But I imagine that on your woocommerce sites, you also have captchas to avoid this problem, personally I prefer not to use the captcha proposed by Google since I believe that there are solutions more respectful of the data of my customers, hence my specific development, which I use and which works. After, concerning PrestaShop, and to come back on this point, the 1.7 version has heavily complicated the management of a project with this solution and I deplore it since its creation, proof of my position, my site is still in version 1.6. 1 Link to comment Share on other sites More sharing options...
Nickz Posted October 20, 2022 Share Posted October 20, 2022 23 hours ago, Martin_NZ said: Ive watched the developers and self appointed demi-gods argue and tell us as general users of a product that we should be doing this and that doing github things, interpreting code and all sorts of other nonsense. We are end users not developers. We just want a product that works well without all the aggro. As a commercial product the ideal constelation of a company is having an IT department, which many people here present seem not to know. In defense of Prestashop, giving us a free to develop on your own product, to all wanting to give it a try. What more do you want? You want to have people here giving you advice you wish to hear? Go to the job offer Forum and place a request. Remember don't look a gifted horse in the mouth. Link to comment Share on other sites More sharing options...
BSStor Posted October 20, 2022 Share Posted October 20, 2022 3 hours ago, Nickz said: As a commercial product the ideal constelation of a company is having an IT department, which many people here present seem not to know. In defense of Prestashop, giving us a free to develop on your own product, to all wanting to give it a try. What more do you want? You want to have people here giving you advice you wish to hear? Go to the job offer Forum and place a request. Remember don't look a gifted horse in the mouth. Not sure what this all means or how it helps. "You want to have people here giving you advice you wish to hear?" of course. Advice from someone that has investigate the issue and has a tested solution. Not just advertises selling wares. Multiple shops have posted an issue that is common. My shop at 1.7.8.7 has the exploit, my shop at 1.7.7.1 doesnt. It has consistencies with the phpunit exploit but may be a variation. I have run all the phpunit tools and the site is clean. The only solution offered is at $200 per month capcha with out understanding the problem or any investigation. Capcha determines human or bot on the web page. It doesnt not prevent sql injection hacks from executing. I have had enough of this topic. It has been a useless exercise trying to share information that could be in the code base and impacting others. Commercial solutions that have not tested against this particular issue should not be recommended. Link to comment Share on other sites More sharing options...
Mediacom87 Posted October 20, 2022 Share Posted October 20, 2022 il y a 36 minutes, BSStor a dit : The only solution offered is at $200 per month capcha with out understanding the problem or any investigation. The captcha was never offered at this price, you are mixing a lot of things. il y a 37 minutes, BSStor a dit : Capcha determines human or bot on the web page. It doesnt not prevent sql injection hacks from executing. Totally agree, but a captcha is a minimum before you think you have a flaw of another type, much more difficult to implement. il y a 38 minutes, BSStor a dit : I have had enough of this topic. It has been a useless exercise trying to share information that could be in the code base and impacting others. You have only shared, so far, a screenshot supposedly proving an SQL injection, it's your right to interpret it that way, but in reality, it doesn't necessarily seem to be that, and precisely to investigate it, you have to go much further and one of the easiest methods is to eliminate the obvious solutions by closing the doors one by one. il y a 41 minutes, BSStor a dit : Commercial solutions that have not tested against this particular issue should not be recommended. The solution used is open-source and requires the investment of users to improve it. If your site has a problem, this community has proposed since the discovery of potential flaws, solutions to close the doors and this voluntarily. I approach this with this article, simplistic, talking about the script proposed by Eolia. To manage an e-commerce is not improvised and requires a particular attention and especially a permanent monitoring. Either you have the skills, or you acquire the skills, or you delegate to professionals, as in any professional or amateur field. There is nothing new and expecting a solution from others without investing oneself has no chance to help anyone or to make things progress. I am one of the first to criticize PrestaShop but I will never accuse it of my own incompetence or passivity. You made the choice to use a free solution to start a business and earn money, this does not relieve you of your responsibilities towards your customers and you must be able to guarantee their security. If you prefer to transfer this responsibility onto the shoulders of your store, then you must turn to a paid solution that will guarantee the proper functioning of your shop. The solution has its own way of working which has become more professional with time and therefore procedures exist to report bugs, flaws, problems directly to the PrestaShop teams, the forum is not the solution since here you will only find volunteers who help a community and who, as I said before, explain how to report problems such as declaring an issue on GitHub, in order to start the conversation with the PrestaShop teams. You can continue to be a victim of the system or you can invest in it. Each to his own, but if you don't invest in the system and refuse to accept the solutions provided by others, you will have difficulty in moving your business forward. 1 Link to comment Share on other sites More sharing options...
BSStor Posted October 21, 2022 Share Posted October 21, 2022 we are all victims in some way, just some havent realised. we shouldnt be attacking the man/shop owners. we should be attacking the ball/hackers. what was once a community offering solutions has become a commercial enterprise. its now developer driven rather than shop owner driven if shop owners change platforms due to the current developer "money for hire attitudes" then prestashop will no longer be viable as a product if im going to pay $2400 a year for the suggested solution (free is for hobby) then it is more cost effective as a business owner to look to the future for a secure supported platform developers telling business owners how to spend money is very laughable. thats it , i am out .see you at magento, woo commerce or some other platform Link to comment Share on other sites More sharing options...
secomocomprar Posted October 21, 2022 Share Posted October 21, 2022 Vamos a tranquilizarnos, esto es discutir por discutir, esta claro que hay diferentes opiniones respecto a que soporte elegimos para nuestra tienda. En principio Prestashop es gratis. y se le supone seguro. Pon el tema básico y ya esta. si quieres otros recursos para tu tienda, es responsabilidad tuya la forma de adquirir los modulos y ver si tienen sistemas antifraude o no. SI tienes a alguien que te recomienda modulos, contratado y le pagas, la responsabilidad pasa a quien pagas. No hay mas que decir amigos 1 Link to comment Share on other sites More sharing options...
ZIKODK Posted October 21, 2022 Author Share Posted October 21, 2022 wow. What a mudslinging after I wrote that I would not spend more on this topic. I created the thread because I experienced spam customers after upgrading. Then it turns out that the problem has been there before, has been fixed, but has come back. The only solution suggestions are some that cost money. Along the way, I - along with 2 others with the same issue - are asked to document that something has happened in connection with the upgrade. How can I do that? I agree that Prestashop is open source. I have bought several modules on addons. So I try as much as possible to keep my shop at a high level. I'm trying to raise a problem with spam customers with my thread, but I feel like I'm being totally rejected. Someone writes that a serious shop has an IT department. There is only me! And surely the same applies to 99.9% of owners of a Prestashop? What a mess to write. It's a shame that this thread has developed the way it has. I did not solve my problem. I have to live with that, but this will probably be the last time I create a topic. Link to comment Share on other sites More sharing options...
Mediacom87 Posted October 21, 2022 Share Posted October 21, 2022 Il y a 1 heure, ZIKODK a dit : wow. What a mudslinging after I wrote that I would not spend more on this topic. I created the thread because I experienced spam customers after upgrading. Then it turns out that the problem has been there before, has been fixed, but has come back. The only solution suggestions are some that cost money. Along the way, I - along with 2 others with the same issue - are asked to document that something has happened in connection with the upgrade. How can I do that? I agree that Prestashop is open source. I have bought several modules on addons. So I try as much as possible to keep my shop at a high level. I'm trying to raise a problem with spam customers with my thread, but I feel like I'm being totally rejected. Someone writes that a serious shop has an IT department. There is only me! And surely the same applies to 99.9% of owners of a Prestashop? What a mess to write. It's a shame that this thread has developed the way it has. I did not solve my problem. I have to live with that, but this will probably be the last time I create a topic. I offered my module because I know it fixes the problem you are experiencing and respects your customers' data. But there are free alternatives to install a captcha that is less respectful of your customers' data using third-party services like Google. After that, you do as you wish, nothing is mandatory, nothing is imposed. Link to comment Share on other sites More sharing options...
SeeIQ Posted November 2, 2022 Share Posted November 2, 2022 On 10/19/2022 at 4:36 AM, RamboRich said: I have to retract. These weird registrations have been going on for some time. At least they show that way since the upgrade. I didn't notice them before the upgrade though... I looked thru my history beyond the update point and (at least since before I upgraded to newer 1.7.8.7) there's still a bunch of weird registration names (random characters) with what seems to be somewhat valid email addresses. I'm seeing the same thing on an older shop running 1.7.5.1 Therefore, using logic and deduction, etc. It is not due to the upgrade as its being going on in my other shop and it seems on a regular basis... Google Captcha on the registration form should work, would it not? i had the same. Installed newest shop and it returns. Even though i have Security Pro module and captcha same problem was as mentioned until 1.7.5.1. now 1.7.8.7 and starts again.. with 1.7.6.9 i had years no problem 1 Link to comment Share on other sites More sharing options...
tank Posted November 13, 2022 Share Posted November 13, 2022 I also have fake registrations on verison 1.7.8.2 Also using ecaptcha, which helps but not 100%. The problem is the email address does not need to be confirmed. I am convinced if email had to be confirmed there would not be any fake accounts. I'm also not sure of the motive to create these fake accounts. Link to comment Share on other sites More sharing options...
Kriter.io Posted November 13, 2022 Share Posted November 13, 2022 On 8/3/2022 at 9:34 AM, ZIKODK said: I am still asking for answer, why this started after upgrading to PS1.7.8.6 and PS1.7.8.7. I use reCaptcha - Google Anti Spam, developed by Prestashop, but only on the contact form. That module meets my needs and I have no intention of changing that. I really think it is not related to PS. Usually, spamming softwares, are based on 1 or few files of release versions of cms (ps, wp, etc) or of single plugins of third parties (for wordpress) or single modules from third parties (for prestashop). That is why is always suggested to buy plugin and modules from trusted shops or directly from cms marketplace. If no "wierd" module has been bought....maybe it has been just a bombing for few days. It happened to us too and, after cancelled all the new fake customers, we had no problem anymore. Regards Fabrizio Link to comment Share on other sites More sharing options...
fox@dog1 Posted January 2, 2023 Share Posted January 2, 2023 We have the same problem. We we bought many modules. we got good results with the recaptcha module. unfortunately the mobile page speed dropped from 84 to 41. that's the curse with the modules. the more modules, the slower the shop. we have now added the following code to the contact form. (modules/contactform/contactform.php) if(Tools::isSubmit('submitMessage')) { $message = Tools::getValue('message'); $from = Tools::getValue('from'); $banned_in_email = ['.ru', 'qq.com', '.vn']; $banned_content = ['email marketing']; foreach ($banned_in_email as $string) { if(strstr($from, $string)) $this->context->controller->errors[] = $this->trans('Invalid email address.',[], 'Shop.Notifications.Error' ); } foreach ($banned_content as $string) { if(strstr($message, $string)) $this->context->controller->errors[] = $this->trans('Invalid message',[],'Shop.Notifications.Error'); } } More Details: https://www.waschier-design.at/online-shop-tipps/prestashop-spam-ueber-kontaktformular/ It seems to work. But my question is, isn't there a code for customer registration or login? Thanks for help. Regards, Mike ANjAS-SHOP 1 Link to comment Share on other sites More sharing options...
ps8modules Posted January 2, 2023 Share Posted January 2, 2023 Hi, you are absolutely right that multiple modules from different developers are slowing down the page as they load more and more TPL files into the page. There is a solution in the form of JavaScript, where you can control the submission of forms by sending submit. Link to comment Share on other sites More sharing options...
fox@dog1 Posted January 2, 2023 Share Posted January 2, 2023 and where can i find this? Link to comment Share on other sites More sharing options...
ps8modules Posted January 2, 2023 Share Posted January 2, 2023 I've posted it here in the forum in the past but can't find it either. Give me a minute, I'll find JavaScript on my computer. Link to comment Share on other sites More sharing options...
Mediacom87 Posted January 2, 2023 Share Posted January 2, 2023 il y a une heure, prestashopfree.com a dit : There is a solution in the form of JavaScript, where you can control the submission of forms by sending submit. If form security was limited to a JavaScript check, the problem would have been fixed long ago, but even a reCaptcha without a PHP check does not secure forms. Link to comment Share on other sites More sharing options...
Mediacom87 Posted January 2, 2023 Share Posted January 2, 2023 Il y a 1 heure, fox@dog1 a dit : we got good results with the recaptcha module. unfortunately the mobile page speed dropped from 84 to 41. that's the curse with the modules. the more modules, the slower the shop. The module I am proposing does not cause any change on the performance tests since it does not load any external script. Link to comment Share on other sites More sharing options...
ps8modules Posted January 2, 2023 Share Posted January 2, 2023 New script including mathematical captcha. Link to comment Share on other sites More sharing options...
fox@dog1 Posted January 4, 2023 Share Posted January 4, 2023 Hello prestashopfree.com Many thanks for this script. I've been looking for years for for such a solutiont. I hope I don't need a captcha anymore. Or what do you mean? A question. Is it possible to register customers without a mathematical captcha. Only when registering and using the contact form. After all, customers want to close deals as quickly as possible. If you first have to select images (Captcha), then many do not close. Me too. I hate it when I have to fill out a captcha first. And is the Mathematical Captcha safe? Regards, Mike ANjAS-SHOP Link to comment Share on other sites More sharing options...
Mediacom87 Posted January 4, 2023 Share Posted January 4, 2023 il y a 2 minutes, fox@dog1 a dit : Is it possible to register customers without a mathematical captcha This is exactly what my module proposes, not to bother the customers during their registration while securing all the same the inscriptions. The next version will integrate other features to limit even more the false accounts and the unwanted mails of the contact form. My module does not use only JavaScript features since it has no effect on the robots used by the spammers. Link to comment Share on other sites More sharing options...
Nickz Posted January 4, 2023 Share Posted January 4, 2023 1 hour ago, fox@dog1 said: And is the Mathematical Captcha safe? if based on javascript nope 1 Link to comment Share on other sites More sharing options...
fox@dog1 Posted January 4, 2023 Share Posted January 4, 2023 it would be cool if we didn't need an additional connection to google. Almost all Captcha modules connect to Google Captcha (understandable). But then fontawesome is additionally loaded via bootstraps (is useless). and even worse, opened a connection to google to download google fonts (is unbelievable). Some of these are downloaded before the style sheet, which makes the shop even slower. Link to comment Share on other sites More sharing options...
Mediacom87 Posted January 4, 2023 Share Posted January 4, 2023 à l’instant, fox@dog1 a dit : Almost all Captcha modules connect to Google Captcha (understandable). But then fontawesome is additionally loaded via bootstraps (is useless). and even worse, opened a connection to google to download google fonts (is unbelievable). Some of these are downloaded before the style sheet, which makes the shop even slower. And still no, my module does not load third party data to work, in order to keep your customers' data with you and not feed Google for free and thus not comply with GDPR. Link to comment Share on other sites More sharing options...
Kriter.io Posted January 4, 2023 Share Posted January 4, 2023 I did the same upgrade and had no problems Link to comment Share on other sites More sharing options...
ps8modules Posted January 4, 2023 Share Posted January 4, 2023 My free module doesn't use third parties either. For a math captcha (let's call it a math check), since the captcha name is confusing, all you need is a few lines of code and a hook connection. It's really nothing complicated. Sample PS 1.7.8.8 For module example: public function hookDisplayMathCheckForm() { $getX = (int)Configuration::get($this->name.'_math_x'); $getY = (int)Configuration::get($this->name.'_math_y'); $setX = rand(1, $getX); $setY = rand(1, $getY); $this->context->smarty->assign( array( 'mathX' => $setX, 'mathY' => $setY, ) ); return $this->fetch($this->templateMatchForm); } For additional protection, it's a good idea to use the Validate.php override.For Validate.php example: <?php class Validate extends ValidateCore { public static function isRestrictedFirstName($name) { $cnt = mb_strlen(preg_replace('![^A-Z]+!', '', $name)); $max = 2; // Number of capital letters in Firstname if ($cnt > $max){ return false; } else { return true; } } public static function isRestrictedLastName($name) { $cnt = mb_strlen(preg_replace('![^A-Z]+!', '', $name)); $max = 2; // Number of capital letters in Lastname if ($cnt > $max){ return false; } else { return true; } } public static function isRestrictedMessage($message) { $restrictedWord = ['bitcoin', 'free', 'marketing', 'sex', 'www', 'winner', 'http']; $isError = ''; if ($restrictedWord) { foreach ($restrictedWord as $w) { if (stristr(strtolower($message), $w)) { $isError = '1'; } } } if ($isError == '1') { return false; } else { return true; } } public static function isRestrictedEmail($email) { $restrictedEmail = ['.marketing', '.ru', '.vn', '@qq.com']; $cnt = mb_strlen(preg_replace('![^A-Z]+!', '', $email)); $max = 3; // Number of capital letters in Email if ($restrictedEmail){ foreach ($restrictedEmail as $e) { if (stristr(strtolower($email), $e)) { $isError = '1'; } if ($cnt > $max){ $isError = '1'; } } } if ($isError == '1') { return false; } else { return true; } } } And for example for register: -> ./classes/form/CustomerForm.php -> function validate() -> add after $this->validateByModules(); -> your validate $firstnameField = $this->getField('firstname'); if (Validate::isRestrictedFirstName($this->getField('firstname')->getValue()) === false){ $firstnameField->addError($this->translator->trans( 'The firstname is not valid', [], 'Shop.Notifications.Error' )); } $lastnameField = $this->getField('lastname'); if (Validate::isRestrictedLastName($this->getField('lastname')->getValue()) === false){ $lastnameField->addError($this->translator->trans( 'Thelastname is not valid', [], 'Shop.Notifications.Error' )); } if (Validate::isRestrictedEmail($this->getField('email')->getValue()) === false){ $emailField->addError($this->translator->trans( 'The email is not valid', [], 'Shop.Notifications.Error' )); } + add your another input filed form mathematical ...... Link to comment Share on other sites More sharing options...
abdamu Posted January 5, 2023 Share Posted January 5, 2023 (edited) En 2/1/2023 a las 8:18 PM, prestashopfree.com dijo: New script including mathematical captcha. Another here with the same problem using version 1.7.8.7 and 1.7.8.8... It seems they are still looking for PrestaShop vulnerabilities Your new module looks good, but I can't download it. Is it blocked? Can it be downloaded from your website? Thanks in advance Edited January 5, 2023 by abdamu (see edit history) Link to comment Share on other sites More sharing options...
thehurricane Posted August 4, 2023 Share Posted August 4, 2023 Hello, do You still have problems with those fake accounts? I have PS 1.7.8.9 and still get spam registrations Link to comment Share on other sites More sharing options...
ps8modules Posted August 4, 2023 Share Posted August 4, 2023 Link to comment Share on other sites More sharing options...
thehurricane Posted August 10, 2023 Share Posted August 10, 2023 I've read that fake accounts are made through Newsletter subscription module. Does anyone have any solution what to change to stop those accounts create? I cannot disable Newsletter subscription module, because I need it Link to comment Share on other sites More sharing options...
tank Posted August 10, 2023 Share Posted August 10, 2023 The validate.php code looks interesting, and will probably work. Some of my customers enter all capital letters, so it would have to account for that. I think maybe the spammers have a list of all Prestashop websites, do I plan on removing anything that says prestashop. Its better if they have no idea what platform you are on. Link to comment Share on other sites More sharing options...
Angar Posted August 22, 2023 Share Posted August 22, 2023 PrestaShop 1.7.8 Create file: /override/classes/Validate.php add in this file the code: <?php use Egulias\EmailValidator\EmailValidator; use Egulias\EmailValidator\Validation\MultipleValidationWithAnd; use Egulias\EmailValidator\Validation\RFCValidation; use PrestaShop\PrestaShop\Core\ConstraintValidator\Constraints\CustomerName; use PrestaShop\PrestaShop\Core\ConstraintValidator\Factory\CustomerNameValidatorFactory; use PrestaShop\PrestaShop\Core\Domain\Currency\ValueObject\NumericIsoCode; use PrestaShop\PrestaShop\Core\Email\SwiftMailerValidation; use PrestaShop\PrestaShop\Core\String\CharacterCleaner; use Symfony\Component\Validator\Validation; class Validate extends ValidateCore { public static function isCustomerName($name) { $validatorBuilder = Validation::createValidatorBuilder(); $validatorBuilder->setConstraintValidatorFactory( new CustomerNameValidatorFactory(new CharacterCleaner()) ); $validator = $validatorBuilder->getValidator(); $violations = $validator->validate($name, [ new CustomerName(), ]); // Custom validation: check if name contains more than 4 capital letters $capitalLettersCount = preg_match_all('/[A-Z]/', $name); $normalLettersCount = preg_match_all('/[a-z]/', $name); if ($capitalLettersCount > 1 && $normalLettersCount > 1) { if ($capitalLettersCount > 4) { return 0; // More than 4 capital letters, validation fails } } return (count($violations) !== 0) ? 0 : 1; } } If the name contains mixed letters (uppercase and lowercase letters) and more than 4 uppercase letters, registration is not possible. This should block fake accounts for example gHnfJCZoaIQ, ANKFDgUmTHJ etc., but allow the creation of regular accounts. 1 1 Link to comment Share on other sites More sharing options...
ej.farsta Posted October 18, 2023 Share Posted October 18, 2023 will it works with 1.7.6 as well? Link to comment Share on other sites More sharing options...
tank Posted November 19, 2023 Share Posted November 19, 2023 (edited) Will give Angars code a try Edited November 20, 2023 by tank (see edit history) Link to comment Share on other sites More sharing options...
TwinkleEye Posted November 24, 2023 Share Posted November 24, 2023 (edited) Hi just upgraded to PS 8.1.x and PHP 8.1 - Using Recaptcha and startet to get fake customer creation in the backend please do see attached. Hence that a solution come up? Im also using Cloudflare Bot Fight but still a fake user is created I do hope it is ok to ask the question Best, Edited November 24, 2023 by TwinkleEye (see edit history) Link to comment Share on other sites More sharing options...
Nickz Posted November 25, 2023 Share Posted November 25, 2023 Best way is not to use a contact form. Also saver due to SQL Injections. Link to comment Share on other sites More sharing options...
endriu107 Posted November 26, 2023 Share Posted November 26, 2023 18 hours ago, Nickz said: Best way is not to use a contact form. Also saver due to SQL Injections. Why not use contact form? I think this is not related with this topic but good module will stop spam from contact form. I know because I made really powerfull module for that and any of my customer never complain. @TwinkleEye in your case spam user firstname and lastname are same so it should be easy to block it. Maybe in this week I find some time and create free module for that, and later expand it possibilities in other cases. Link to comment Share on other sites
Recommended Posts