Spam customers in PS1.7.8.7?

[ZIKODK]

After upgrading to PS1.7.8.6 a few weeks ago, and later upgrading to PS1.7.8.7, I have customer creation that I would call spam.
See examples in the attached image.
There may be 5-10 customers every day.
Is this part of the vulnerability that has been announced about Prestashop.
The modules I have installed to check this vulnerability do not report the vulnerability (except for blockwhistlist, so remember to update that module!!).
What can I do to avoid this?

[Martin_NZ]

I am also seeing this since updating to 1.7.8.7

Only started after the update.

Customers are being created with random characters for names. email addresses appear legitimate although probably from public paste/leak.

Password recovery emails being sent

 

 

Here is extract of server log... Cannot block IP as multiple different IP are doing this.

 

Anyone.... How to stop please....

 

175.117.144.158 - - [02/Aug/2022:14:16:09 -0700] "POST / HTTP/1.1" 200 45014 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:18 -0700] "GET /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:19 -0700] "POST /contact-us HTTP/1.1" 200 35437 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:21 -0700] "POST /contact-us HTTP/1.1" 200 35439 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:22 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:24 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:25 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:26 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:28 -0700] "GET /my-account HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:29 -0700] "GET /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:32 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:34 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:36 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:38 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:40 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:42 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:50 -0700] "GET /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:56 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:57 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:16:59 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:00 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:02 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:05 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:06 -0700] "GET /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:13 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:15 -0700] "GET / HTTP/1.1" 200 45314 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:17 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:18 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:20 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:22 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:23 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:25 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:27 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:29 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:31 -0700] "POST /login?create_account=1 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:33 -0700] "GET /my-account HTTP/1.1" 200 31058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:35 -0700] "GET /new-products HTTP/1.1" 200 31749 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:37 -0700] "POST /new-products HTTP/1.1" 200 31913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:39 -0700] "POST /new-products HTTP/1.1" 200 31913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:41 -0700] "POST /new-products HTTP/1.1" 200 31749 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:43 -0700] "GET /?mylogout= HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:44 -0700] "GET / HTTP/1.1" 200 45009 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:46 -0700] "POST / HTTP/1.1" 200 45178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:47 -0700] "POST / HTTP/1.1" 200 45178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:49 -0700] "POST / HTTP/1.1" 200 45014 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:51 -0700] "GET /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:57 -0700] "POST /contact-us HTTP/1.1" 200 35441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:17:59 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:01 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:03 -0700] "POST /contact-us HTTP/1.1" 200 35372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:05 -0700] "POST /contact-us HTTP/1.1" 200 35208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:14 -0700] "GET /my-account HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:15 -0700] "GET /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:29 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:32 -0700] "POST /login?back=my-account HTTP/1.1" 200 32226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:34 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:36 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:37 -0700] "POST /login?back=my-account HTTP/1.1" 200 32236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:39 -0700] "POST /login?back=my-account HTTP/1.1" 200 32050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:46 -0700] "GET /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:47 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:52 -0700] "POST /password-recovery HTTP/1.1" 200 29781 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:55 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:57 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:18:59 -0700] "POST /password-recovery HTTP/1.1" 200 29945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:01 -0700] "POST /password-recovery HTTP/1.1" 200 30453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:02 -0700] "GET /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:19 -0700] "POST /login?create_account=1 HTTP/1.1" 200 36083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:21 -0700] "POST /login?create_account=1 HTTP/1.1" 200 36089 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:22 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:24 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35980 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:26 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35980 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
175.117.144.158 - - [02/Aug/2022:14:19:28 -0700] "POST /login?create_account=1 HTTP/1.1" 200 35794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

[Mediacom87]

Hi,

The best solution is a Captcha on your site.

Like : https://www.prestatoolbox.com/security/423-anti-spam-mathematical-captcha.html

[Martin_NZ]

Thank you for advertising your paid module to us.

My question is more along the lines of WHY this has only started occurring since the 1.7.8.6 - 1.7.8.7 update. What's changed. In reference to the OP is this related to the recently disclosed vulnerability or or is something else going on here.

[ZIKODK]

I want to make customer creation as simple as possible, and will NOT use a reCaptcha module when a customer registers.
Agree with Martin_NZ. Why did this start after PS1.7.8.6? Does it have anything to do with the previously reported vulnerability?
Prestashop must step in here with a solution.

Edited August 3, 2022 by ZIKODK (see edit history)

[endriu107]

You have IP address so you can easly block it on htaccess file, and you should. 

It's hard to tell it is related to latest voulnerability but if it does and they still try it seems yours prestashop is protected well.

 

14 minutes ago, ZIKODK said:

I want to make customer creation as simple as possible, and will NOT use a reCaptcha module when a customer registers.

You can add invisible captcha to your register form.

[Mediacom87]

il y a 12 minutes, ZIKODK a dit :

I want to make customer creation as simple as possible, and will NOT use a reCaptcha module when a customer registers.

My module has this particularity to secure your site with invisible technologies on the registration page, the mathematical captcha appears only on the contact form to show the visitor the importance you bring to the security of their data.

Il y a 7 heures, Martin_NZ a dit :

Thank you for advertising your paid module to us.

My question is more along the lines of WHY this has only started occurring since the 1.7.8.6 - 1.7.8.7 update. What's changed. In reference to the OP is this related to the recently disclosed vulnerability or or is something else going on here.

Currently, I spend my time informing people or securing their sites following the latest security announcements of PrestaShop, so no, I have not taken the time to look into the analysis of PrestaShop code in its entirety.

I have, so far, found as the only solution to fight against this attack that dates back to June 2020, the captcha.

[ZIKODK]

I am still asking for answer, why this started after upgrading to PS1.7.8.6 and PS1.7.8.7.
I use reCaptcha - Google Anti Spam, developed by Prestashop, but only on the contact form. That module meets my needs and I have no intention of changing that.

[endriu107]

3 minutes ago, ZIKODK said:

I am still asking for answer, why this started after upgrading to PS1.7.8.6 and PS1.7.8.7.

I tkink it's not related with PrestaShop version, there wasn't any changes to add spammers more possibilities.

[Mediacom87]

à l’instant, endriu107 a dit :

I tkink it's not related with PrestaShop version, there wasn't any changes to add spammers more possibilities.

Maybe he had set up a protection directly in a core file that was overwritten during the update.

So we should take the archive of the version before the update and compare the files with the new one to identify the difference.

And share the result with the community since it seems to fix this kind of attack.

il y a 8 minutes, ZIKODK a dit :

I use reCaptcha - Google Anti Spam, developed by Prestashop, but only on the contact form. That module meets my needs and I have no intention of changing that.

Ask them to modify their module to meet the needs of their customers by securing the registration form.

[Martin_NZ]

46 minutes ago, endriu107 said:

You have IP address so you can easly block it on htaccess file, and you should. 

It's hard to tell it is related to latest voulnerability but if it does and they still try it seems yours prestashop is protected well.

 

You can add invisible captcha to your register form.

This is only one of many many IP address, whois lookups show they are originating from all over the place. china, korea, taiwan, spain.

Playing whack a mole blocking IP after IP does not address the problem it simply removes the symptom.

[Martin_NZ]

16 minutes ago, Mediacom87 said:

Maybe he had set up a protection directly in a core file that was overwritten during the update.

So we should take the archive of the version before the update and compare the files with the new one to identify the difference.

And share the result with the community since it seems to fix this kind of attack.

Ask them to modify their module to meet the needs of their customers by securing the registration form.

No customisation previously and as discussed never happened before the 1.7.8.7 update was applied

[Mediacom87]

il y a 4 minutes, Martin_NZ a dit :

No customisation previously and as discussed never happened before the 1.7.8.7 update was applied

Maybe it's unrelated and you've just escaped this attack until now.

[Martin_NZ]

11 minutes ago, Mediacom87 said:

Maybe it's unrelated and you've just escaped this attack until now.

Possibly but seems more than coincidence given OP reporting the same since upgrade.

[Mediacom87]

Il y a 2 heures, Martin_NZ a dit :

Possibly but seems more than coincidence given OP reporting the same since upgrade.

I just compared the files between version 1.7.8.6 and version 1.7.8.7, there is no reason that the update could cause this.

[ZIKODK]

A compere beteeen 1.7.8.x. and 1.7.8.6. I had the problem allready in 1.7.8.6.

I upgradet from 1.7.7.5. So versions before 1.7.8 6 may havea difference?

[BSStor]

This is a reoccurrence of an old issue . It was fixed in 1.7.5.2 but going to 1.7.8.7 it has reappeared.

It is an serious exploit. It seems as though they create a customer record without registration and then try to password query it but fails.

CAPTCHA wont fix it as it as it is a backdoor. Check your customer lists and you may find you have been attacked.

This needs some serious consideration and an immediate fix.

 

These pics show they never registered through the shop and have never logged in.

[Mediacom87]

Il y a 10 heures, BSStor a dit :

This is a reoccurrence of an old issue . It was fixed in 1.7.5.2 but going to 1.7.8.7 it has reappeared.

Could you explain this, as evidence to the contrary an applied patch does not disappear on its own, would you have a GitHub issue or a PR in reference regarding these claims?

[marketyellow3]

You could use cloudflare for protection, it has an build-in bot management system. You don't need to install an CAPTCHA for this.

 

https://www.cloudflare.com/products/bot-management/

[BSStor]

12 hours ago, Mediacom87 said:

claims

https://build.prestashop-project.org/news/major-security-vulnerability-on-prestashop-websites/

 

 

[BSStor]

PrestaShop 1.7.8.7 has been released to strengthen the MySQL Smarty cache storage against code injection attacks.

but it seems to still be occurring.

It may not be the exact same attack. Its not like hackers only have one motive. This may be a variation.

Edited October 17, 2022 by BSStor
added more (see edit history)

[ZIKODK]

18 hours ago, marketyellow3 said:

You could use cloudflare for protection, it has an build-in bot management system. You don't need to install an CAPTCHA for this.

 

https://www.cloudflare.com/products/bot-management/

Another proposal for a solution to be paid for.
If the problem has been there until 1.7.5.2 and has come again at 1.7.8.7 the right solution would be for Prestashop to fix it again. Preferably in version 8.0.

[Mediacom87]

Il y a 1 heure, ZIKODK a dit :

If the problem has been there until 1.7.5.2 and has come again at 1.7.8.7 the right solution would be for Prestashop to fix it again. Preferably in version 8.0.

I am still waiting for any proof of his allegations.

For I have never heard of this anywhere and yet I believe I would be the most knowledgeable on this forum.

A solution like ClouFlare is a good thing to set up by being careful on its configuration, even in free version, it improves a lot of things.
https://www.mediacom87.fr/en/cloudflare-and-keycdn-the-perfect-couple-for-prestashop/

 

[marketyellow3]

1 hour ago, ZIKODK said:

Another proposal for a solution to be paid for.
If the problem has been there until 1.7.5.2 and has come again at 1.7.8.7 the right solution would be for Prestashop to fix it again. Preferably in version 8.0.

 

I've had the same issue on some of my shops and fixed it with the free version of Cloudflare.

[Wallgrind.nl]

They are really just spam bots, use a stronger recaptcha score to prevent them on your registration form.

[anabal]

I have the same issue in 1.7.6.1 version, false customer accounts and carts are been created in the last week. 

 

 

[BSStor]

14 hours ago, Mediacom87 said:

I am still waiting for any proof of his allegations.

For I have never heard of this anywhere and yet I believe I would be the most knowledgeable on this forum.

A solution like ClouFlare is a good thing to set up by being careful on its configuration, even in free version, it improves a lot of things.
https://www.mediacom87.fr/en/cloudflare-and-keycdn-the-perfect-couple-for-prestashop/

 

This is not a criminal case and I havent read that you are a judge to determine the validity of an 'allegation'. Cloudfare want $200 a month for a business shop. Free is for hobby. Is this forum just for advertisers selling their wares as self proclaimed gods of prestashop??

There are multiple shop owners with the same issue / exploit. I support the OP and others that have the same issue. This exploit needs to be addressed as it is in the core of prestashop and the reputation of security prestashop would be at risk if it is dismissed as a figment of our imaginations. If we are all ignored then the real solution is to migrate the shop to a secure platform.

A solution is required in the core and their are multiple examples. The bot is not going through the registration page. It is a code exploit.

 

No more advertisers , its just making the issue cloudy.

 

[Nickz]

I think its overly interpreted. With some 1000 Updates a day and 2 people claiming that they get Spam after having updated is way overthought.  It might be that your mail did not function flawlessly.

Edited October 18, 2022 by Nickz (see edit history)

[RamboRich]

No, its just not 2 people BTW. I just upgraded my shop a few days ago to the newest version (1-click-upgrade) 1.7.8.7 from v176x and have noticed this as well.

Something is going on. Never have I had so many weird registers with what the OP (ZIKODK) shows. Mine is looking pretty much the same.

Everything else on my shop has stayed the same, same modules, no changes...

It only happened when I upgraded to the newest version. Which was around 3-4 days ago.

Edit: for attached screenshot and weird customer names with random characters but some sort of valid email address:

Edited October 19, 2022 by RamboRich
Add screenshot & additional info (see edit history)

[RamboRich]

I have to retract.

These weird registrations have been going on for some time. At least they show that way since the upgrade. I didn't notice them before the upgrade though...

I looked thru my history beyond the update point and (at least since before I upgraded to newer 1.7.8.7) there's still a bunch of weird registration names (random characters) with what seems to be somewhat valid email addresses.

I'm seeing the same thing on an older shop running 1.7.5.1

Therefore, using logic and deduction, etc. It is not due to the upgrade as its being going on in my other shop and it seems on a regular basis...

 

Google Captcha on the registration form should work, would it not?

[Mediacom87]

Il y a 11 heures, BSStor a dit :

This is not a criminal case and I havent read that you are a judge to determine the validity of an 'allegation'. Cloudfare want $200 a month for a business shop. Free is for hobby. Is this forum just for advertisers selling their wares as self proclaimed gods of prestashop??

There are multiple shop owners with the same issue / exploit. I support the OP and others that have the same issue. This exploit needs to be addressed as it is in the core of prestashop and the reputation of security prestashop would be at risk if it is dismissed as a figment of our imaginations. If we are all ignored then the real solution is to migrate the shop to a secure platform.

A solution is required in the core and their are multiple examples. The bot is not going through the registration page. It is a code exploit.

 

No more advertisers , its just making the issue cloudy.

 

Ok, so you announce that this was fixed, but that it is back on the latest version of PrestaShop, I don't judge your words, but when you announce things like that, you rely on specific things and since the code difference between 1.7.8.6 and 1.7.8.7 can't be about this point you're addressing, I'm trying to understand on what basis you announce that.

Have you posted an issue on GitHub?

Are you referring to an already created issue and if so, which one?

Regarding CloudFlare, I never said it was the ultimate solution, but a possible solution.

After that, if people don't have a captcha installed on their store to secure their site, what can I do?

[Nickz]

10 hours ago, RamboRich said:

No, its just not 2 people BTW. I just upgraded my shop a few days ago to the newest version (1-click-upgrade) 1.7.8.7 from v176x and have noticed this as well.

so there are 3. Your 3 need to get together to find the one ingredient tying you to the Spam. An infected Module maybe. A Web-outfit you all used? 

Did your Mail work before the update? Why did you all update?

[RamboRich]

10 hours ago, RamboRich said:

I have to retract.

These weird registrations have been going on for some time. At least they show that way since the upgrade. I didn't notice them before the upgrade though...

I looked thru my history beyond the update point and (at least since before I upgraded to newer 1.7.8.7) there's still a bunch of weird registration names (random characters) with what seems to be somewhat valid email addresses.

I'm seeing the same thing on an older shop running 1.7.5.1

Therefore, using logic and deduction, etc. It is not due to the upgrade as its being going on in my other shop and it seems on a regular basis...

 

Google Captcha on the registration form should work, would it not?

See my previous post, quoted above. I've determined the upgrade was not the cause.

Edited October 19, 2022 by RamboRich (see edit history)

[ZIKODK]

21 minutes ago, Nickz said:

so there are 3. Your 3 need to get together to find the one ingredient tying you to the Spam. An infected Module maybe. A Web-outfit you all used? 

Did your Mail work before the update? Why did you all update?

Forget it. I do not want to spend my time on this topic anymore.

[Martin_NZ]

Likewise I'm done here. I've used and supported Prestashop for almost a decade but frankly I find the comments in these forums adversarial and accusatory. Module developers pushing their own commercial products and dismissal of genuine queries when all we want is issues we raise to be addressed in a sensible fashion.

Ive watched the developers and self appointed demi-gods argue and tell us as general users of a product that we should be doing this and that doing github things, interpreting code and all sorts of other nonsense. We are end users not developers. We just want a product that works well without all the aggro.

I'm done with Prestashop. As a trial I've since migrated some of my sites to Woo Commerce and I'm very happy with the end result. The rest will follow in due course.

[Mediacom87]

Il y a 2 heures, Martin_NZ a dit :

Likewise I'm done here. I've used and supported Prestashop for almost a decade but frankly I find the comments in these forums adversarial and accusatory. Module developers pushing their own commercial products and dismissal of genuine queries when all we want is issues we raise to be addressed in a sensible fashion.

Ive watched the developers and self appointed demi-gods argue and tell us as general users of a product that we should be doing this and that doing github things, interpreting code and all sorts of other nonsense. We are end users not developers. We just want a product that works well without all the aggro.

I'm done with Prestashop. As a trial I've since migrated some of my sites to Woo Commerce and I'm very happy with the end result. The rest will follow in due course.

I agree with you on many points.

But, the life of an opensource script is not simple, especially in the world of online commerce where merchants want a flawless solution without spending money and where developers try to support the project, but must also earn a living on the side.

I have provided an answer with what I think is the best solution to fix a problem with a reasonable investment for a merchant.

As I also explained, the code difference between version 1.7.8.6 and 1.7.8.7 can't justify having this kind of problem, it's just that the bots fell on the sites after the update.

But I imagine that on your woocommerce sites, you also have captchas to avoid this problem, personally I prefer not to use the captcha proposed by Google since I believe that there are solutions more respectful of the data of my customers, hence my specific development, which I use and which works.

After, concerning PrestaShop, and to come back on this point, the 1.7 version has heavily complicated the management of a project with this solution and I deplore it since its creation, proof of my position, my site is still in version 1.6.

[Nickz]

23 hours ago, Martin_NZ said:

Ive watched the developers and self appointed demi-gods argue and tell us as general users of a product that we should be doing this and that doing github things, interpreting code and all sorts of other nonsense. We are end users not developers. We just want a product that works well without all the aggro.

As a commercial product the ideal constelation of a company is having an IT department, which many people here present seem not to know.
In defense of Prestashop, giving us a free to develop on your own product, to all wanting to give it a try. What more do you want?

You want to have people here giving you advice you wish to hear?

Go to the job offer Forum and place a request. Remember don't look a gifted horse in the mouth. 

[BSStor]

3 hours ago, Nickz said:

As a commercial product the ideal constelation of a company is having an IT department, which many people here present seem not to know.
In defense of Prestashop, giving us a free to develop on your own product, to all wanting to give it a try. What more do you want?

You want to have people here giving you advice you wish to hear?

Go to the job offer Forum and place a request. Remember don't look a gifted horse in the mouth. 

Not sure what this all means or how it helps. "You want to have people here giving you advice you wish to hear?" of course. Advice from someone that has investigate the issue and has a tested solution. Not just advertises selling wares.

 

Multiple shops have posted an issue that is common. My shop at 1.7.8.7 has the exploit, my shop at 1.7.7.1 doesnt.

It has consistencies with the phpunit exploit but may be a variation. I have run all the phpunit tools and the site is clean.

The only solution offered is at $200 per month capcha with out understanding the problem or any investigation.

Capcha determines human or bot on the web page. It doesnt not prevent sql injection hacks from executing.

I have had enough of this topic. It has been a useless exercise trying to share information that could be in the code base and impacting others.

Commercial solutions that have not tested against this particular issue should not be recommended.

 

[Mediacom87]

il y a 36 minutes, BSStor a dit :

The only solution offered is at $200 per month capcha with out understanding the problem or any investigation.

The captcha was never offered at this price, you are mixing a lot of things.

il y a 37 minutes, BSStor a dit :

Capcha determines human or bot on the web page. It doesnt not prevent sql injection hacks from executing.

Totally agree, but a captcha is a minimum before you think you have a flaw of another type, much more difficult to implement.

il y a 38 minutes, BSStor a dit :

I have had enough of this topic. It has been a useless exercise trying to share information that could be in the code base and impacting others.

You have only shared, so far, a screenshot supposedly proving an SQL injection, it's your right to interpret it that way, but in reality, it doesn't necessarily seem to be that, and precisely to investigate it, you have to go much further and one of the easiest methods is to eliminate the obvious solutions by closing the doors one by one.

il y a 41 minutes, BSStor a dit :

Commercial solutions that have not tested against this particular issue should not be recommended.

The solution used is open-source and requires the investment of users to improve it.

If your site has a problem, this community has proposed since the discovery of potential flaws, solutions to close the doors and this voluntarily.

I approach this with this article, simplistic, talking about the script proposed by Eolia.

To manage an e-commerce is not improvised and requires a particular attention and especially a permanent monitoring.

Either you have the skills, or you acquire the skills, or you delegate to professionals, as in any professional or amateur field. There is nothing new and expecting a solution from others without investing oneself has no chance to help anyone or to make things progress.

I am one of the first to criticize PrestaShop but I will never accuse it of my own incompetence or passivity.

You made the choice to use a free solution to start a business and earn money, this does not relieve you of your responsibilities towards your customers and you must be able to guarantee their security. If you prefer to transfer this responsibility onto the shoulders of your store, then you must turn to a paid solution that will guarantee the proper functioning of your shop.

The solution has its own way of working which has become more professional with time and therefore procedures exist to report bugs, flaws, problems directly to the PrestaShop teams, the forum is not the solution since here you will only find volunteers who help a community and who, as I said before, explain how to report problems such as declaring an issue on GitHub, in order to start the conversation with the PrestaShop teams.

You can continue to be a victim of the system or you can invest in it. Each to his own, but if you don't invest in the system and refuse to accept the solutions provided by others, you will have difficulty in moving your business forward.

 

[BSStor]

we are all victims in some way, just some havent realised.

we shouldnt be attacking the man/shop owners. we should be attacking the ball/hackers.

what was once  a community offering solutions has become a commercial enterprise. its now developer driven rather than shop owner driven

if shop owners change platforms due to the current developer "money for hire attitudes" then prestashop will no longer be viable as a product

if im going to pay $2400 a year for the suggested solution (free is for hobby) then it is more cost effective as a business owner to look to the future for a secure supported platform

developers telling business owners how to spend money is very laughable.

thats it , i am out .see you at magento, woo commerce or some other platform

 

[secomocomprar]

Vamos a tranquilizarnos, esto es discutir por discutir, esta claro que hay diferentes opiniones respecto a que soporte elegimos para nuestra tienda. En principio Prestashop es gratis. y se le supone seguro. Pon el tema básico y ya esta. si quieres otros recursos para tu tienda, es responsabilidad tuya la forma de adquirir los modulos y ver si tienen sistemas antifraude o no. SI tienes a alguien que te recomienda modulos, contratado y le pagas, la responsabilidad pasa a quien pagas.

No hay mas que decir amigos

[ZIKODK]

wow.  What a mudslinging after I wrote that I would not spend more on this topic.  I created the thread because I experienced spam customers after upgrading.  Then it turns out that the problem has been there before, has been fixed, but has come back.  The only solution suggestions are some that cost money.  Along the way, I - along with 2 others with the same issue - are asked to document that something has happened in connection with the upgrade.  How can I do that?  I agree that Prestashop is open source.  I have bought several modules on addons.  So I try as much as possible to keep my shop at a high level.  I'm trying to raise a problem with spam customers with my thread, but I feel like I'm being totally rejected.  Someone writes that a serious shop has an IT department.  There is only me!  And surely the same applies to 99.9% of owners of a Prestashop?  What a mess to write.  It's a shame that this thread has developed the way it has.  I did not solve my problem.  I have to live with that, but this will probably be the last time I create a topic.

[Mediacom87]

Il y a 1 heure, ZIKODK a dit :

wow.  What a mudslinging after I wrote that I would not spend more on this topic.  I created the thread because I experienced spam customers after upgrading.  Then it turns out that the problem has been there before, has been fixed, but has come back.  The only solution suggestions are some that cost money.  Along the way, I - along with 2 others with the same issue - are asked to document that something has happened in connection with the upgrade.  How can I do that?  I agree that Prestashop is open source.  I have bought several modules on addons.  So I try as much as possible to keep my shop at a high level.  I'm trying to raise a problem with spam customers with my thread, but I feel like I'm being totally rejected.  Someone writes that a serious shop has an IT department.  There is only me!  And surely the same applies to 99.9% of owners of a Prestashop?  What a mess to write.  It's a shame that this thread has developed the way it has.  I did not solve my problem.  I have to live with that, but this will probably be the last time I create a topic.

I offered my module because I know it fixes the problem you are experiencing and respects your customers' data.

But there are free alternatives to install a captcha that is less respectful of your customers' data using third-party services like Google.

After that, you do as you wish, nothing is mandatory, nothing is imposed.

[SeeIQ]

On 10/19/2022 at 4:36 AM, RamboRich said:

I have to retract.

These weird registrations have been going on for some time. At least they show that way since the upgrade. I didn't notice them before the upgrade though...

I looked thru my history beyond the update point and (at least since before I upgraded to newer 1.7.8.7) there's still a bunch of weird registration names (random characters) with what seems to be somewhat valid email addresses.

I'm seeing the same thing on an older shop running 1.7.5.1

Therefore, using logic and deduction, etc. It is not due to the upgrade as its being going on in my other shop and it seems on a regular basis...

 

Google Captcha on the registration form should work, would it not?

i had the same. Installed newest shop and it returns. Even though i have Security Pro module and captcha

same problem was as mentioned until 1.7.5.1. now 1.7.8.7 and starts again.. with 1.7.6.9 i had years no problem

[tank]

I also have fake registrations on verison 1.7.8.2    Also using ecaptcha, which helps but not 100%.    The problem is the email address does not need to be confirmed.  I am convinced if email had to be confirmed there would not be any fake accounts.  I'm also not sure of the motive to create these fake accounts.  

 

[Kriter.io]

On 8/3/2022 at 9:34 AM, ZIKODK said:

I am still asking for answer, why this started after upgrading to PS1.7.8.6 and PS1.7.8.7.
I use reCaptcha - Google Anti Spam, developed by Prestashop, but only on the contact form. That module meets my needs and I have no intention of changing that.

I really think it is not related to PS. Usually, spamming softwares, are based on 1 or few files of release versions of cms (ps, wp, etc) or of single plugins of third parties (for wordpress) or single modules from third parties (for prestashop). That is why is always suggested to buy plugin and modules from trusted shops or directly from cms marketplace. If no "wierd" module has been bought....maybe it has been just a bombing for few days.

It happened to us too and, after cancelled all the new fake customers, we had no problem anymore.

Regards

Fabrizio

[fox@dog1]

We have the same problem. We we bought many modules.

we got good results with the  recaptcha module. unfortunately the mobile page speed dropped from 84 to 41. that's the curse with the modules. the more modules, the slower the shop.

we have now added the following code to the contact form. (modules/contactform/contactform.php)

 

if(Tools::isSubmit('submitMessage')) { $message = Tools::getValue('message'); $from = Tools::getValue('from'); $banned_in_email = ['.ru', 'qq.com', '.vn']; $banned_content = ['email marketing']; foreach ($banned_in_email as $string) { if(strstr($from, $string)) $this->context->controller->errors[] = $this->trans('Invalid email address.',[], 'Shop.Notifications.Error' ); } foreach ($banned_content as $string) { if(strstr($message, $string)) $this->context->controller->errors[] = $this->trans('Invalid message',[],'Shop.Notifications.Error'); } }

More Details: https://www.waschier-design.at/online-shop-tipps/prestashop-spam-ueber-kontaktformular/

It seems to work. But my question is, isn't there a code for customer registration or login?

 

Thanks for help.

Regards,

Mike

ANjAS-SHOP

 

[ps8modules.com]

Hi, you are absolutely right that multiple modules from different developers are slowing down the page as they load more and more TPL files into the page.

There is a solution in the form of JavaScript, where you can control the submission of forms by sending submit.

[fox@dog1]

and where can i find this?

[ps8modules.com]

I've posted it here in the forum in the past but can't find it either.
Give me a minute, I'll find JavaScript on my computer.

[Mediacom87]

il y a une heure, prestashopfree.com a dit :

There is a solution in the form of JavaScript, where you can control the submission of forms by sending submit.

If form security was limited to a JavaScript check, the problem would have been fixed long ago, but even a reCaptcha without a PHP check does not secure forms.

[Mediacom87]

Il y a 1 heure, fox@dog1 a dit :

we got good results with the  recaptcha module. unfortunately the mobile page speed dropped from 84 to 41. that's the curse with the modules. the more modules, the slower the shop.

The module I am proposing does not cause any change on the performance tests since it does not load any external script.

[ps8modules.com]

New script including mathematical captcha.

 

 

[fox@dog1]

Hello prestashopfree.com

Many thanks for this script. I've been looking for years for for such a solutiont. I hope I don't need a captcha anymore. Or what do you mean?

A question. Is it possible to register customers without a mathematical captcha. Only when registering and using the contact form. After all, customers want to close deals as quickly as possible. If you first have to select images (Captcha), then many do not close. Me too. I hate it when I have to fill out a captcha first.

And is the Mathematical Captcha safe?

Regards,

Mike

ANjAS-SHOP

[Mediacom87]

il y a 2 minutes, fox@dog1 a dit :

Is it possible to register customers without a mathematical captcha

This is exactly what my module proposes, not to bother the customers during their registration while securing all the same the inscriptions.

The next version will integrate other features to limit even more the false accounts and the unwanted mails of the contact form.

My module does not use only JavaScript features since it has no effect on the robots used by the spammers.

[Nickz]

1 hour ago, fox@dog1 said:

And is the Mathematical Captcha safe?

if based on javascript nope

[fox@dog1]

it would be cool if we didn't need an additional connection to google.

Almost all Captcha modules connect to Google Captcha (understandable). But then fontawesome is additionally loaded via bootstraps (is useless). and even worse, opened a connection to google to download google fonts (is unbelievable). Some of these are downloaded before the style sheet, which makes the shop even slower.

[Mediacom87]

à l’instant, fox@dog1 a dit :

Almost all Captcha modules connect to Google Captcha (understandable). But then fontawesome is additionally loaded via bootstraps (is useless). and even worse, opened a connection to google to download google fonts (is unbelievable). Some of these are downloaded before the style sheet, which makes the shop even slower.

And still no, my module does not load third party data to work, in order to keep your customers' data with you and not feed Google for free and thus not comply with GDPR.

[Kriter.io]

I did the same upgrade and had no problems

[ps8modules.com]

My free module doesn't use third parties either.
For a math captcha (let's call it a math check), since the captcha name is confusing, all you need is a few lines of code and a hook connection.

It's really nothing complicated.

Sample PS 1.7.8.8

For module example:

public function hookDisplayMathCheckForm()
{
     $getX = (int)Configuration::get($this->name.'_math_x');
     $getY = (int)Configuration::get($this->name.'_math_y');
     $setX = rand(1, $getX);
     $setY = rand(1, $getY);
     $this->context->smarty->assign(
          array(
               'mathX' => $setX,
               'mathY' => $setY,
           )
       );

       return $this->fetch($this->templateMatchForm);
}

 

For additional protection, it's a good idea to use the Validate.php override.
For Validate.php example:

<?php

class Validate extends ValidateCore
{
    public static function isRestrictedFirstName($name)
    {
        $cnt = mb_strlen(preg_replace('![^A-Z]+!', '', $name));
        $max = 2; // Number of capital letters in Firstname 
        if ($cnt > $max){
            return false;
        } else {
            return true;
        }
    }

    public static function isRestrictedLastName($name)
    {
        $cnt = mb_strlen(preg_replace('![^A-Z]+!', '', $name));
        $max = 2; // Number of capital letters in Lastname
        if ($cnt > $max){
            return false;
        } else {
            return true;
        }
    }

    public static function isRestrictedMessage($message)
    {
        $restrictedWord = ['bitcoin', 'free', 'marketing', 'sex', 'www', 'winner', 'http'];
        $isError = '';
        if ($restrictedWord) {
            foreach ($restrictedWord as $w) {
                if (stristr(strtolower($message), $w)) {
                    $isError = '1';
                }
            }
        } 
        if ($isError == '1') {
            return false;
        } else {
            return true;
        }
    }

    public static function isRestrictedEmail($email)
    {
        $restrictedEmail = ['.marketing', '.ru', '.vn', '@qq.com'];
        $cnt = mb_strlen(preg_replace('![^A-Z]+!', '', $email));
        $max = 3; // Number of capital letters in Email 
        if ($restrictedEmail){
            foreach ($restrictedEmail as $e) {
                if (stristr(strtolower($email), $e)) {
                    $isError = '1';
                }
                if ($cnt > $max){
                    $isError = '1';
                }
            }
        } 
        if ($isError == '1') {
            return false;
        } else {
            return true;
        } 
    }
}

 

And for example for register:

-> ./classes/form/CustomerForm.php

-> function validate()

-> add after

$this->validateByModules();

-> your validate

        $firstnameField = $this->getField('firstname');
        if (Validate::isRestrictedFirstName($this->getField('firstname')->getValue()) === false){ 
            $firstnameField->addError($this->translator->trans(
                'The firstname is not valid',
                [],
                'Shop.Notifications.Error'
            ));
        }
        
        $lastnameField = $this->getField('lastname');
        if (Validate::isRestrictedLastName($this->getField('lastname')->getValue()) === false){
            $lastnameField->addError($this->translator->trans(
                'Thelastname is not valid',
                [],
                'Shop.Notifications.Error'
            ));
        }
       
        if (Validate::isRestrictedEmail($this->getField('email')->getValue()) === false){
            $emailField->addError($this->translator->trans(
                'The email is not valid',
                [],
                'Shop.Notifications.Error'
            ));
        }

+ add your another input filed form mathematical ......

[abdamu]

En 2/1/2023 a las 8:18 PM, prestashopfree.com dijo:

New script including mathematical captcha.

 

 

Another here with the same problem using version 1.7.8.7 and 1.7.8.8...
It seems they are still looking for PrestaShop vulnerabilities
Your new module looks good, but I can't download it.
Is it blocked? Can it be downloaded from your website?
Thanks in advance

 

Edited January 5, 2023 by abdamu (see edit history)

[thehurricane]

Hello,
do You still have problems with those fake accounts? I have PS 1.7.8.9 and still get spam registrations

 

[ps8modules.com]

 

[thehurricane]

I've read that fake accounts are made through Newsletter subscription module. Does anyone have any solution what to change to stop those accounts create? I cannot disable Newsletter subscription module, because I need it

[tank]

The validate.php code looks interesting, and will probably work.  Some of my customers enter all capital letters, so it would have to account for that.

I think maybe the spammers have a list of all Prestashop websites, do I plan on removing anything that says prestashop.  Its better if they have no idea what platform you are on.

 

 

[Angar]

PrestaShop 1.7.8

Create file:
/override/classes/Validate.php

add in this file the code:
 

<?php

use Egulias\EmailValidator\EmailValidator;
use Egulias\EmailValidator\Validation\MultipleValidationWithAnd;
use Egulias\EmailValidator\Validation\RFCValidation;
use PrestaShop\PrestaShop\Core\ConstraintValidator\Constraints\CustomerName;
use PrestaShop\PrestaShop\Core\ConstraintValidator\Factory\CustomerNameValidatorFactory;
use PrestaShop\PrestaShop\Core\Domain\Currency\ValueObject\NumericIsoCode;
use PrestaShop\PrestaShop\Core\Email\SwiftMailerValidation;
use PrestaShop\PrestaShop\Core\String\CharacterCleaner;
use Symfony\Component\Validator\Validation;

class Validate extends ValidateCore
{

    public static function isCustomerName($name)
    {
        $validatorBuilder = Validation::createValidatorBuilder();
        $validatorBuilder->setConstraintValidatorFactory(
            new CustomerNameValidatorFactory(new CharacterCleaner())
        );
        $validator = $validatorBuilder->getValidator();
        $violations = $validator->validate($name, [
            new CustomerName(),
        ]);

		// Custom validation: check if name contains more than 4 capital letters
		$capitalLettersCount = preg_match_all('/[A-Z]/', $name);
		$normalLettersCount = preg_match_all('/[a-z]/', $name);

		if ($capitalLettersCount > 1 && $normalLettersCount > 1) {
			if ($capitalLettersCount > 4) {
				return 0; // More than 4 capital letters, validation fails
			}
		}

        return (count($violations) !== 0) ? 0 : 1;
    }

}

If the name contains mixed letters (uppercase and lowercase letters) and more than 4 uppercase letters, registration is not possible.
This should block fake accounts for example gHnfJCZoaIQ, ANKFDgUmTHJ etc., but allow the creation of regular accounts.

[ej.farsta]

will it works with 1.7.6 as well?

[tank]

Will give Angars code a try

 

Edited November 20, 2023 by tank (see edit history)

[TwinkleEye]

Hi just upgraded to PS 8.1.x  and PHP 8.1 - Using Recaptcha and startet to get fake customer creation in the backend please do see attached. 

 

 

Hence that a solution come up? 

 

Im also using Cloudflare Bot Fight but still a fake user is created 

 

 

I do hope it is ok to ask the question

 

Best,

 

 

Edited November 24, 2023 by TwinkleEye (see edit history)

[Nickz]

Best way is not to use a contact form. Also saver due to SQL Injections.

[endriu107]

18 hours ago, Nickz said:

Best way is not to use a contact form. Also saver due to SQL Injections.

Why not use contact form? I think this is not related with this topic but good module will stop spam from contact form. I know because I made really powerfull module for that and any of my customer never complain.

 

@TwinkleEye in your case spam user firstname and lastname are same so it should be easy to block it. Maybe in this week I find some time and create free module for that, and later expand it possibilities in other cases.

[TwinkleEye]

6 hours ago, endriu107 said:

Why not use contact form? I think this is not related with this topic but good module will stop spam from contact form. I know because I made really powerfull module for that and any of my customer never complain.

 

@TwinkleEye in your case spam user firstname and lastname are same so it should be easy to block it. Maybe in this week I find some time and create free module for that, and later expand it possibilities in other cases.

Hi @endriu107

 

THank you very much. Im using Knowband Recaptcha but it seems, that this is not fully compliant with PS 8.x - Hence Im also having a case with them for the same. But I will of courrse appreciate if you could do as stated above.

 

Best,

 

 

[Nickz]

23 hours ago, Nickz said:

Also saver due to SQL Injections.

Here you go.

[Riempie]

Hi,

 

I'm also having the same problem with false customer registration. I've tried Angars code and it works when you register yourself with 5 capital letters in the name. You'll get an error and can't continue. 

I also have a Recaptcha on my store and changed from V3 to V2 where you have to check a box saying you're not a robot but I still received 3 false registrations in less than 24 hours. The registrations are also always female. How can we stop this?

Prestashop 1.7.8.4

php 7.4.33

[Mediacom87]

Le 03/08/2022 à 1:04 AM, Mediacom87 a dit :

Hi,

The best solution is a Captcha on your site.

Like : https://www.prestatoolbox.com/security/423-anti-spam-mathematical-captcha.html

 

[Riempie]

I have a Recaptcha on my site and you have to click the box 'I'm not a robot' to register and still receiving fake registrations.

I think it is not coming from the actual registration form but from somewhere else. Maybe an url on the Prestashop files? 

[Nickz]

On 11/27/2023 at 5:29 AM, Riempie said:

I think it is not coming from the actual registration form but from somewhere else. Maybe an url on the Prestashop files? 

If you did your "SEO" yourself and ordered a lot of weak message board, directory links than you have the solution to that riddle. 
Most people we have contact with suffer the consequences for the results of: I do SEO mayself, its easy after all. 

Edited November 29, 2023 by Nickz (see edit history)

[endriu107]

@TwinkleEye

 

 

[Mediacom87]

il y a une heure, mankimenzs a dit :

I have a Recaptcha on my site and you have to click the box 'I'm not a robot' to register and still receiving fake registrations.

So it's not well developed or installed.

[TwinkleEye]

Hi all,

 

Just an update. 

 

As previous mentioned Im using the Recaptcha module from Knowband. I have been in intense dialogue with them where I had reproduce the error etc. They have now corrected the issue, and it is working as it should. This is NOT a commercial for using the module as it should have been working out of the box, 

 

Thank you all for commenting on this. 

 

Best,

 

[endriu107]

Hi, I just release new version of my free module. Now it also check letters in first and last name. More info and module attachment in this topic:

 

[tank]

I tried Angers code, seems to work, I reduced the number of capital letters. I also added to log file, so I can see how many attempts were made, so far 5 attempts.

[Riempie]

7 hours ago, tank said:

I tried Angers code, seems to work, I reduced the number of capital letters. I also added to log file, so I can see how many attempts were made, so far 5 attempts.

Hi Tank, what code did you add to log the attempts into a log file?

[Impatient]

Hi,
in the past 4-5 days I notices the same issue: fake registrations.
At first I thought of competitors that were comparing prices then I realized it must be another reason.

Is it a bot?
What is the goal?
Removing the fake customers will prevent problems later?
Did anyone find a ultimate solution that non-coders can apply?

Thanks for sharing your experience.

[endriu107]

Removing this users probably didn't change anything. You can turn them off to be sure they can't login.

You can check my free module I post link few posts above, it should stop spammers.

[Nickz]

3 hours ago, Impatient said:

same issue: fake registrations

Are those fake registrations from a country you won't sell to? Block those countries ofer Geoblock in .htaccess.
For bots you need to identify them in order to block them.

[RobbieBlokeToys]

On 10/19/2022 at 1:52 PM, Nickz said:

so there are 3. Your 3 need to get together to find the one ingredient tying you to the Spam. An infected Module maybe. A Web-outfit you all used? 

Did your Mail work before the update? Why did you all update?

More than a year later and we're experiencing the same thing, dozens of these fake accounts being created per day.

Just because you only see three people reporting it here doesn't mean it's not a problem, it just means most people experiencing this aren't here reporting it on an English speaking forum, and if they do come here looking for help they're finding nothing of use (but snarky comments) so there's no reason for them to participate.

And to clarify:

1. Adding captcha to forms reduces sales. It just does, it's a fact. Which is why people don't want to do it.

2. I have only 2 modules from a trusted developer, this problem existed before I added both.

3. Everything is up-to-date on my install.

[endriu107]

16 minutes ago, RobbieBlokeToys said:

and if they do come here looking for help they're finding nothing of use (but snarky comments)

Did you even read posts from this topic? There is few solution including my free module.

[tank]

The spammers on my website uses other people real email address not some made up email address.  I know this because a got an email saying they never registered on my website and asked to be removed.  

I am using Angars code, and it is working to block spammers. 

Prestahop still needs to have email verification where the person registering receives an email to confirm registration, I don't understand why Prestashop would think that is not required. 

[ps8modules.com]

I agree. That's why I expanded my antispam to include the necessity of email verification and many other checks. You need to realize that once your e-shop is attacked, no protections will help you anymore. Just calculate how much it will cost you to restore the e-shop, uninstall it. I don't understand such a long thread. Are there so many people who want to have a safe business and for free? I'm not doing any advertising here, I'm just stating that I've already spent several tens of hours on the development of protection and several tens of hours on testing. I use the module on my website.

For basic protection, free modules from @endriu107

Edited December 7, 2023 by ps8moduly.cz (see edit history)

[Mediacom87]

Il y a 3 heures, tank a dit :

Prestahop still needs to have email verification where the person registering receives an email to confirm registration, I don't understand why Prestashop would think that is not required. 

Simply because we're talking about ecommerce and nothing else.

In this sector, any element blocking registration will block the act of purchase.

That's why the module I propose and use doesn't add any extra step to the registration of a new customer, while blocking all fraudulent registrations and guaranteeing the protection of user data, since it doesn't rely on external applications.

There are many different solutions, both free and paid, delivering customer data to Google or not. In any case, the big difference between a paid and a free module is the support and follow-up over time to counter any new form of attack.

I'd like to take this opportunity to remind you that the merchant is responsible for his site's visitor and customer data, so it's up to him to implement appropriate solutions to prevent any data leakage to third parties.

[metacreo]

On 8/2/2022 at 9:47 AM, ZIKODK said:

After upgrading to PS1.7.8.6 a few weeks ago, and later upgrading to PS1.7.8.7, I have customer creation that I would call spam.
See examples in the attached image.
There may be 5-10 customers every day.
Is this part of the vulnerability that has been announced about Prestashop.
The modules I have installed to check this vulnerability do not report the vulnerability (except for blockwhistlist, so remember to update that module!!).
What can I do to avoid this?

This module helps you

https://www.prestashop.com/forums/topic/1083135-free-module-simple-security/

Tested on 8.X but may work with 1.7

Edited January 12 by metacreo (see edit history)

[Nickz]

On 12/7/2023 at 4:47 PM, tank said:

The spammers on my website uses other people real email address not some made up email address.  I know this because a got an email saying they never registered on my website and asked to be removed.  

the access log should give away their country, Geo Block them. 

[metacreo]

On 12/7/2023 at 11:47 PM, tank said:

The spammers on my website uses other people real email address not some made up email address.  I know this because a got an email saying they never registered on my website and asked to be removed.  

I am using Angars code, and it is working to block spammers. 

Prestahop still needs to have email verification where the person registering receives an email to confirm registration, I don't understand why Prestashop would think that is not required. 

why spammers? what are they doing? ok, they register under someone’s email and then what?

[tank]

On 1/11/2024 at 6:23 AM, metacreo said:

why spammers? what are they doing? ok, they register under someone’s email and then what?

Thats a good question...and I'm not 100% sure why... I think they embed links in the address.  I have them blocked now so I can't check, no more spam registration using angar code from this thread, but I changed to more than 2 Cap letters to flag as spammer.  I also logged attempted registration,  I have blocked about 50 false registrations so far.

[metacreo]

47 minutes ago, tank said:

 I think they embed links in the address. 

But it's useless. I would still like to see it. And unfortunately this solution is not ideal. The user should be able to enter any name. That's his name.

[Nickz]

12 hours ago, metacreo said:

But it's useless. I would still like to see it. And unfortunately this solution is not ideal. The user should be able to enter any name. That's his name.

We took of the contactform all fields, leaving a drop down for telephone numbers. Still, spam came though.

Best bet is due to a working a list.
There a people working up lists, the have no other reason than to tick off the name of a Domain.

[endriu107]

5 hours ago, Nickz said:

We took of the contactform all fields, leaving a drop down for telephone numbers. Still, spam came though.

Spammers didn't go through form, they attack directly by controllers. I made really powerful module to protect contact form that work on controller side. My clients never again complain about spam messages.

[Nickz]

19 hours ago, endriu107 said:

Spammers didn't go through form,

Do you have access to the site I took as an example?
If not you cannot opinate about that case.

Edited January 14 by Nickz (see edit history)

[endriu107]

7 minutes ago, Nickz said:

Do you have access to the site I took as an example?
If not you cannot opinate about that case.

Oh, you think in your case there is special attack that any other site wasn't attacked before?

I work on dozens cases before I create module to block spam. If your case is other I will be happy to have access and check it to improve my solution.