metacreo Posted December 25, 2023 Share Posted December 25, 2023 (edited) Anti-Spam, Anti-Bot, Anti-Brute-Force, Block Unwanted Bot and Spammer Traffic The module allows you to protect registration and login forms from bots. Limit the number of login attempts and registration attempts. Module protect and limits the use of contact form, newsletter registration form and modules 'productcomments', 'iqitreviews'. Also, the module detects and ban more than 90% of the simplest bots. It is possible to manually block an IP and Email addresses, as well as exclude blocking. The module keeps a log of connection attempts and a log of entered data. After install, module creates 2 tabs in BO Customers tab. SS Triggers - phrases and words for contact form and 'productcomments', 'iqitreviews' modules (empty table after install and create own list). SS Actions - attempts log table with controls (view, edit, delete). Developed for 8.X but may work with 1.7.8+ (Reported: works on 1.7.8.3) Download simplesecurity.zip (Always latest version.) ~=DONATIONS ARE WELCOME=~ About updates please read this topic. Edited February 27 by metacreo Try to no more editing topic start. (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted January 11 Author Share Posted January 11 (edited) Module updated. Fixed AdminSimpleSecurityActionController search filters. Also fixed registration bug. 🙂 Edited January 11 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
vietnamdulich Posted January 15 Share Posted January 15 Have anyone take tests with this ? Link to comment Share on other sites More sharing options...
metacreo Posted February 8 Author Share Posted February 8 Module upgrade. Added support for newsletter registration (check bot, limit attempts). Link to comment Share on other sites More sharing options...
metacreo Posted February 8 Author Share Posted February 8 Admins. Why I see "Hidden - This content must be approved before it can be edited"? What is wrong with this post? Link to comment Share on other sites More sharing options...
torbho Posted February 13 Share Posted February 13 The module is indeed excellent and appears to function well. Thank you! However, I'm concerned about the security implications of storing passwords in plain text, especially for non-bot users. As a solution, I've modified it to store passwords as hashed values, aligning with data protection regulations. In this case my Prestashop version is 1.7.8.3 1 Link to comment Share on other sites More sharing options...
metacreo Posted February 14 Author Share Posted February 14 Thank you. What hashes mechanism you want use (md5, sha, etc....)? I can add variable like protected $pwd_use_clear_text = 0; and rewrite passwords to use hashes by default for non-bots. Link to comment Share on other sites More sharing options...
Antti Posted February 14 Share Posted February 14 I installed this yesterday to my store and already it has blocked over 30 spam accounts from registering - so thank you for solving my problem with this module! However, I too am a little concerned about the passwords showing in plain text. Hopefully this can be resolved with the next update - keep up the great work and thanks again! 1 Link to comment Share on other sites More sharing options...
metacreo Posted February 15 Author Share Posted February 15 (edited) Thank you Antti. Module updated. New version 1.0.2 Added configuration page. Added hash passwords option (on config page you may choose how to keep passwords). For new install no need any action. For update you need to go to module config page and enter values. Thanks All for donation. Edited February 22 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
Antti Posted February 22 Share Posted February 22 What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily. Link to comment Share on other sites More sharing options...
metacreo Posted February 22 Author Share Posted February 22 (edited) 37 minutes ago, Antti said: What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily. by default: all warn 3 all ban 5 Edited February 22 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted February 22 Author Share Posted February 22 Upgraded. Actual version 1.0.3. Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install. Added function checkConfig for each action. Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.Warn values (default 3) must be always less than Ban values (default 5). simplesecurity.zip <- download v 1.0.3 1 hour ago, Antti said: What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily. In your case you can just uninstall and install. config fill auto on install. in new version on update too. Link to comment Share on other sites More sharing options...
Antti Posted February 22 Share Posted February 22 2 hours ago, metacreo said: Upgraded. Actual version 1.0.3. Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install. Added function checkConfig for each action. Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.Warn values (default 3) must be always less than Ban values (default 5). simplesecurity.zip <- download v 1.0.3 In your case you can just uninstall and install. config fill auto on install. in new version on update too. Great, thank you again! 🙏 Link to comment Share on other sites More sharing options...
metacreo Posted February 27 Author Share Posted February 27 Updated to v 1.0.4 Small improve contact form checks. Convert all chars in Simple Security Triggers to lowercase. Automatic conversion to lowercase during checks and addition to table. simplesecurity.zip <- download v 1.0.4 (also the same version in start of topic) Link to comment Share on other sites More sharing options...
metacreo Posted March 15 Author Share Posted March 15 Module updated. No version up. Same version 1.0.4. Small fix in contact form checker. Fixed error if customer sent empty email. Also processing form access counter if email is empty. Link to comment Share on other sites More sharing options...
joe ramires Posted March 19 Share Posted March 19 (edited) I can't install it on 1.7.8.8 Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version. Edited March 19 by joe ramires (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted March 20 Author Share Posted March 20 10 hours ago, joe ramires said: I can't install it on 1.7.8.8 Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version. Hi joe ramires. You can try to install again. I downgraded PS version requirements to 1.7.8.3. Link to comment Share on other sites More sharing options...
joe ramires Posted March 20 Share Posted March 20 Everything works normally now. Thank you. Link to comment Share on other sites More sharing options...
chrono Posted April 8 Share Posted April 8 (edited) Hi, is it possible to downgrade the requirements for the 1.7.6.5 version? Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click Can you tell me whats the best way to get rid off any leftovers? Edited April 8 by chrono (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted April 10 Author Share Posted April 10 (edited) On 4/8/2024 at 3:43 PM, chrono said: Hi, is it possible to downgrade the requirements for the 1.7.6.5 version? Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click Can you tell me whats the best way to get rid off any leftovers? Hello, What PHP version your PS used? And can you publish error from http server log and from PS_DIR/var/log? Unfortunately I'm very busy at the moment. Maybe later I will launch the old version of PS and adapt the module. 1.7.6 and 1.7.8 have different auth controllers and hooks. So... need to rewrite much code to work with 1.7.6 correctly. 1.7.8+ have separate auth and reg controllers. 1.76 have one auth controller, 1.7.6 email subscribe module different of 1.7.8 too. Simple rewrite PS_VERSION requirements not help you to module work with 1.7.6 Edited April 10 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
BlackCrow Posted April 11 Share Posted April 11 I have tried your module, it is really good and works according to my first tests. You write that it should be possible to manually block IP's or e-mail addresses. I can't find this option anywhere. Can you help me further? Otherwise: really nice, great👍 Link to comment Share on other sites More sharing options...
metacreo Posted April 11 Author Share Posted April 11 3 hours ago, BlackCrow said: I have tried your module, it is really good and works according to my first tests. You write that it should be possible to manually block IP's or e-mail addresses. I can't find this option anywhere. Can you help me further? Otherwise: really nice, great👍 Thank you for warm words. To block IP, go to SS Actions in customer section. Find (last by date) IP you need in table and click Edit (not VIEW). Set ban IP or email or both and save. Link to comment Share on other sites More sharing options...
BlackCrow Posted April 12 Share Posted April 12 Hi @metacreo , ty for your help. Can you explain to me which criteria are used to block an ip? I don't quite understand this process yet. I can register accounts, but then there is nothing under Customers > SS Action. However, some bots have already been successfully blocked there. I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. So it is no longer possible to register for the newsletter. However, the account registration and login work fine. Link to comment Share on other sites More sharing options...
biker1947 Posted April 16 Share Posted April 16 (edited) Module installed. Installation without issues. Bots are blocked at contact form! Great! However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never', IP still is blocked on second attempt to signup for newsletter. Edited April 16 by biker1947 (see edit history) Link to comment Share on other sites More sharing options...
Antti Posted April 16 Share Posted April 16 Same here with the newsletter signup issue - it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) please write ps version, this module (1.0.4 latest) version and ps_emailsubscription module version. because as I see this bug is possible only on 1.7 to temporary disable this part of functionality just unhook this module from actionNewsletterRegistrationBefore hook just tested on 1.7.8.11 and 8.x ps and not found any bug with newsletter Edited April 16 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 Version UP 1.0.5 Fixed newsletter registration failure bug on classic theme. Fixed bot check process for newsletter via ajax call on classic theme or themes used ajax. Link to comment Share on other sites More sharing options...
Antti Posted April 16 Share Posted April 16 I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you! Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) 4 minutes ago, Antti said: I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you! Hook back again and up module ver. to 1.0.5 I found the problem and fixed it. Edited April 16 by metacreo (see edit history) 1 Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 10 hours ago, biker1947 said: Module installed. Installation without issues. Bots are blocked at contact form! Great! However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never', IP still is blocked on second attempt to signup for newsletter. 8 hours ago, Antti said: Same here with the newsletter signup issue - it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. fixed in 1.0.5 1 Link to comment Share on other sites More sharing options...
metacreo Posted April 16 Author Share Posted April 16 (edited) On 4/12/2024 at 12:50 PM, BlackCrow said: Hi @metacreo , ty for your help. Can you explain to me which criteria are used to block an ip? I don't quite understand this process yet. I can register accounts, but then there is nothing under Customers > SS Action. However, some bots have already been successfully blocked there. I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. So it is no longer possible to register for the newsletter. However, the account registration and login work fine. Your SS Actions table is always empty or just on registration? Probably your PS version too old and not have separate registration controller. Try new 1.0.6 with small corrections of logic. If IP or Email is blocked or is set to never, no more records in table. Checked last record only for blocked or whitelisted conditions. If IP or Email have zero condition in table, all related checks performed always and if detected bot (for example), IP is blocked. private $_block_ip = 0; // 0 - not blocked, 1 - blocked, 2 - never block private $_block_email = 0; // 0 - not blocked, 1 - blocked, 2 - never block public function hookActionSubmitAccountBefore($params) { $this->_redirect = $this->_action = 'registration'; $this->checkAuthAndReg(); if (!$this->_errors) { return true; } } private function checkAuthAndReg() { .... if (!$this->checkIsBlocked()) { $this->checkIsBot(); $this->_attempt = $this->getAttemptsCount(); if (($this->_attempt .... { if ($this->_block_ip !== 2 && $this->_block_email !== 2) { $this->_errors[] = $this->l('Temporarily prohibited. Please try again in a few minutes.'); } $this->_detected[] = 'warn'; } if ($this->_attempt ....) { if ($this->_block_ip !== 2 && $this->_block_email !== 2) { $this->_errors[] = $this->l('Prohibited. Please contact site administrator.'); $this->_block_ip = 1; } $this->_detected[] = 'ban'; } $this->storeData(); } if (!$this->_errors) { return; } else { ... } } Function store data runs only if not blocked. private function storeData() { if ($this->_block_ip === 2 || $this->_block_email === 2) { return; } and storeData self checks for witelisting.... About newsletter is just a bug, just my themes not used ajax for newsletter and I missed this moment. Now it fixed. Edited April 17 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
biker1947 Posted April 18 Share Posted April 18 (edited) PS 1.8.3 Classic theme Module v1.06 Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. Not to alarm or frustate customers, for the time being, I disabled register for newsletter, Edited April 18 by biker1947 (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted April 18 Author Share Posted April 18 (edited) 19 hours ago, biker1947 said: PS 1.8.3 Classic theme Module v1.06 Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited. Not to alarm or frustate customers, for the time being, I disabled register for newsletter, PS 1.8.3 please write correct version No bugs on PS 1.7.8.3. Tested. Edited April 19 by metacreo (see edit history) Link to comment Share on other sites More sharing options...
biker1947 Posted April 19 Share Posted April 19 Correction on previous my note: PS 8.1.3 module 1.0.6 classic theme Link to comment Share on other sites More sharing options...
metacreo Posted April 20 Author Share Posted April 20 15 hours ago, biker1947 said: Correction on previous my note: PS 8.1.3 module 1.0.6 classic theme @biker1947 Hi, As can you see, no problem on PS 8.1.3 with Classic theme. Check your module config. Maybe wrong settings stored. test_1.mp4 Link to comment Share on other sites More sharing options...
chrono Posted June 25 Share Posted June 25 (edited) On 4/8/2024 at 2:43 PM, chrono said: Hi, is it possible to downgrade the requirements for the 1.7.6.5 version? Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click Can you tell me whats the best way to get rid off any leftovers? Im still having issues with this, I see the SS trigger and Action again and everytime a customer tries to create an account it gives error 500. Thanks for your time edit: tried even reinstalling with the updated version but it doesn't let me. its also causing issues with payments other than registering customers (its the only new module ive added since the customers complaints) Edited June 25 by chrono (see edit history) Link to comment Share on other sites More sharing options...
metacreo Posted June 29 Author Share Posted June 29 On 6/25/2024 at 6:31 PM, chrono said: Im still having issues with this, I see the SS trigger and Action again and everytime a customer tries to create an account it gives error 500. Thanks for your time edit: tried even reinstalling with the updated version but it doesn't let me. its also causing issues with payments other than registering customers (its the only new module ive added since the customers complaints) Can you provide php server error.log at 500 error ? 1.7.6.5 have other, different auth and reg code and maybe other hooks... How to you use 1765 version? this version is seriously vulnerable. https://www.cybersecurity-help.cz/vdb/prestashop/prestashop/1.7.6.5/ I don’t try to make it compatible with such versions, but when I have free time, I can rewrite the module. and yet for this I need to install the old and vulnerable 1765. Link to comment Share on other sites More sharing options...
Netagent Posted July 30 Share Posted July 30 Hello, it seems as if the "hasStopWord" function (blocking bad words in contact forms) no longer works in Prestashop version 8.1.x. I have no problems in version 8.0.x. Tested with module versions 1.0.4 and 1.0.6. Can anyone confirm this? Link to comment Share on other sites More sharing options...
metacreo Posted August 4 Author Share Posted August 4 On 7/31/2024 at 1:34 AM, Netagent said: Hello, it seems as if the "hasStopWord" function (blocking bad words in contact forms) no longer works in Prestashop version 8.1.x. I have no problems in version 8.0.x. Tested with module versions 1.0.4 and 1.0.6. Can anyone confirm this? Checked, work fine. PS 8.1.6 contactform v 4.4.2 Check your overrides probably disabled via admin. or maybe you use custom contact module? Link to comment Share on other sites More sharing options...
metacreo Posted August 4 Author Share Posted August 4 Same, no problem on PS 8.1.7 with native contactform v 4.4.2 Link to comment Share on other sites More sharing options...
Netagent Posted August 4 Share Posted August 4 ok, I think I know why it doesn't work... I also have the module "CAPTCHA - reCAPTCHA - Anti spam - Anti fake account" (ets_advancedcaptcha) running. This module also uses an override with the "sendMessage" function and uses a hook in the contact form template. As soon as the hook is set, it doesn't work. If the hook isn't set, it works. Link to comment Share on other sites More sharing options...
metacreo Posted Wednesday at 10:27 AM Author Share Posted Wednesday at 10:27 AM @Netagent Did you succeed to combine the modules? If not, it would be good to look at the overwrite of other modules. Maybe I will make them compatible. Link to comment Share on other sites More sharing options...
helsinkisisu Posted 9 hours ago Share Posted 9 hours ago (edited) My 1.7.8.11 site suddenly started being hit by a registration bot three days ago (the upper and lower case random letter names one) and I gave your module a try. It has worked a charm and has caught 140 bot attempts in just over two days. 🙂👍 Is there a way to change the default to ban email as well as IP for these? They frequently use the same email address. My site has no newsletter and an embedded third-party contact form (a solution which allows zero spam submissions). So it's just registrations, and, in this country, it is pretty unlikely that we'll have any registrations with the email names being used. Edited 9 hours ago by helsinkisisu (see edit history) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now