[FREE MODULE] Simple Security

[metacreo]

Anti-Spam, Anti-Bot, Anti-Brute-Force, Block Unwanted Bot and Spammer Traffic

The module allows you to protect registration and login forms from bots. Limit the number of login attempts and registration attempts.
Module protect and limits the use of contact form, newsletter registration form and modules 'productcomments', 'iqitreviews'.
Also, the module detects and ban more than 90% of the simplest bots.
It is possible to manually block an IP and Email addresses, as well as exclude blocking.
The module keeps a log of connection attempts and a log of entered data.

After install, module creates 2 tabs in BO Customers tab.

SS Triggers - phrases and words for contact form and 'productcomments', 'iqitreviews' modules (empty table after install and create own list).
SS Actions - attempts log table with controls (view, edit, delete).

Developed for 8.X but may work with 1.7.8+ (Reported: works on 1.7.8.3)

 

Download simplesecurity.zip (Always latest version.)

~=DONATIONS ARE WELCOME=~

About updates please read this topic.

Edited February 27 by metacreo
Try to no more editing topic start. (see edit history)

[metacreo]

Module updated.

Fixed AdminSimpleSecurityActionController search filters.

Also fixed registration bug. 🙂

Edited January 11 by metacreo (see edit history)

[vietnamdulich]

Have anyone take tests with this ?

[metacreo]

Module upgrade.

Added support for newsletter registration (check bot, limit attempts).

[metacreo]

Admins. Why I see "Hidden - This content must be approved before it can be edited"? What is wrong with this post?

[torbho]

The module is indeed excellent and appears to function well. Thank you!

However, I'm concerned about the security implications of storing passwords in plain text, especially for non-bot users.

As a solution, I've modified it to store passwords as hashed values, aligning with data protection regulations.

In this case my Prestashop version is 1.7.8.3

[metacreo]

Thank you.
What hashes mechanism you want use (md5, sha, etc....)? I can add variable like

protected $pwd_use_clear_text = 0;

and rewrite passwords to use hashes by default for non-bots.

[Antti]

I installed this yesterday to my store and already it has blocked over 30 spam accounts from registering - so thank you for solving my problem with this module! However, I too am a little concerned about the passwords showing in plain text. Hopefully this can be resolved with the next update - keep up the great work and thanks again!

[metacreo]

Thank you Antti.
Module updated. New version 1.0.2
Added configuration page.
Added hash passwords option (on config page you may choose how to keep passwords).
For new install no need any action. For update you need to go to module config page and enter values.

Thanks All for donation.

Edited February 22 by metacreo (see edit history)

[Antti]

What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily.

[metacreo]

37 minutes ago, Antti said:

What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily.

by default:
all warn 3
all ban 5

Edited February 22 by metacreo (see edit history)

[metacreo]

Upgraded. Actual version 1.0.3.
Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install.
Added function checkConfig for each action.
Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.
Warn values (default 3) must be always less than Ban values (default 5).

simplesecurity.zip   <-  download v 1.0.3

1 hour ago, Antti said:

What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily.

In your case you can just uninstall and install. config fill auto on install. in new version on update too.

[Antti]

2 hours ago, metacreo said:

Upgraded. Actual version 1.0.3.
Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install.
Added function checkConfig for each action.
Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.
Warn values (default 3) must be always less than Ban values (default 5).

simplesecurity.zip   <-  download v 1.0.3

In your case you can just uninstall and install. config fill auto on install. in new version on update too.

Great, thank you again! 🙏

[metacreo]

Updated to v 1.0.4

Small improve contact form checks.

Convert all chars in Simple Security Triggers to lowercase.
Automatic conversion to lowercase during checks and addition to table.

simplesecurity.zip   <-  download v 1.0.4 (also the same version in start of topic)

[metacreo]

Module updated. No version up. Same version 1.0.4.

Small fix in contact form checker. Fixed error if customer sent empty email.

Also processing form access counter if email is empty.

[joe ramires]

I can't install it on 1.7.8.8

Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version.

 

Edited March 19 by joe ramires (see edit history)

[metacreo]

10 hours ago, joe ramires said:

I can't install it on 1.7.8.8

Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version.

 

Hi joe ramires. You can try to install again. I downgraded PS version requirements to 1.7.8.3.

[joe ramires]

Everything works normally now. Thank you.

[chrono]

Hi, is it possible to downgrade the requirements for the 1.7.6.5 version?

Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click
Can you tell me whats the best way to get rid off any leftovers?

Edited April 8 by chrono (see edit history)

[metacreo]

On 4/8/2024 at 3:43 PM, chrono said:

Hi, is it possible to downgrade the requirements for the 1.7.6.5 version?

Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click
Can you tell me whats the best way to get rid off any leftovers?

Hello,

What PHP version your PS used?

And can you publish error from http  server log and from PS_DIR/var/log?

Unfortunately I'm very busy at the moment. Maybe later I will launch the old version of PS and adapt the module.

1.7.6 and 1.7.8 have different auth controllers and hooks. So... need to rewrite much code to work with 1.7.6 correctly.

1.7.8+ have separate auth and reg controllers. 1.76 have one auth controller, 1.7.6 email subscribe module different of 1.7.8 too.

Simple rewrite PS_VERSION requirements not help you to module work with 1.7.6

Edited April 10 by metacreo (see edit history)

[BlackCrow]

I have tried your module, it is really good and works according to my first tests.

You write that it should be possible to manually block IP's or e-mail addresses.

I can't find this option anywhere. Can you help me further?

Otherwise: really nice, great👍

[metacreo]

3 hours ago, BlackCrow said:

I have tried your module, it is really good and works according to my first tests.

You write that it should be possible to manually block IP's or e-mail addresses.

I can't find this option anywhere. Can you help me further?

Otherwise: really nice, great👍

Thank you for warm words.

To block IP, go to SS Actions in customer section. Find (last by date) IP you need in table and click Edit (not VIEW). Set ban IP or email or both and save.

[BlackCrow]

Hi @metacreo , ty for your help.

Can you explain to me which criteria are used to block an ip?
I don't quite understand this process yet.
I can register accounts, but then there is nothing under Customers > SS Action.
However, some bots have already been successfully blocked there.
I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.
So it is no longer possible to register for the newsletter. However, the account registration and login work fine.

[biker1947]

Module installed. Installation without issues. Bots are blocked at contact form! Great!

However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never',  IP still is blocked on second attempt to signup for newsletter.  

Edited April 16 by biker1947 (see edit history)

[Antti]

Same here with the newsletter signup issue -  it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. 

[metacreo]

please write ps version, this module (1.0.4 latest) version and ps_emailsubscription module version. because as I see this bug is possible only on 1.7
to temporary disable this part of functionality just unhook this module from actionNewsletterRegistrationBefore hook

just tested on 1.7.8.11 and 8.x ps and not found any bug with newsletter

Edited April 16 by metacreo (see edit history)

[metacreo]

Version UP 1.0.5

Fixed newsletter registration failure bug on classic theme.

Fixed bot check process for newsletter via ajax call on classic theme or themes used ajax.

[Antti]

I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you!

[metacreo]

4 minutes ago, Antti said:

I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you!

Hook back again and up module ver. to 1.0.5  I found the problem and fixed it.

Edited April 16 by metacreo (see edit history)

[metacreo]

10 hours ago, biker1947 said:

Module installed. Installation without issues. Bots are blocked at contact form! Great!

However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never',  IP still is blocked on second attempt to signup for newsletter.  

 

8 hours ago, Antti said:

Same here with the newsletter signup issue -  it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. 

fixed in 1.0.5

[metacreo]

On 4/12/2024 at 12:50 PM, BlackCrow said:

Hi @metacreo , ty for your help.

Can you explain to me which criteria are used to block an ip?
I don't quite understand this process yet.
I can register accounts, but then there is nothing under Customers > SS Action.
However, some bots have already been successfully blocked there.
I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.
So it is no longer possible to register for the newsletter. However, the account registration and login work fine.

Your SS Actions table is always empty or just on registration? Probably your PS version too old and not have separate registration controller.

Try new 1.0.6 with small corrections of logic.

If IP or Email is blocked or is set to never, no more records in table. Checked last record only for blocked or whitelisted conditions.
If IP or Email have zero condition in table, all related checks performed always and if detected bot (for example), IP is blocked.

    private $_block_ip = 0; // 0 - not blocked, 1 - blocked, 2 - never block
    private $_block_email = 0; // 0 - not blocked, 1 - blocked, 2 - never block

    public function hookActionSubmitAccountBefore($params)
    {
        $this->_redirect = $this->_action = 'registration';
        $this->checkAuthAndReg();
        if (!$this->_errors) {
            return true;
        }
    }

    private function checkAuthAndReg()
    {
        ....
        if (!$this->checkIsBlocked()) {
            $this->checkIsBot();
            $this->_attempt = $this->getAttemptsCount();
            if (($this->_attempt .... {
                if ($this->_block_ip !== 2 && $this->_block_email !== 2) {
                    $this->_errors[] = $this->l('Temporarily prohibited. Please try again in a few minutes.');
                }
                $this->_detected[] = 'warn';
            }
            if ($this->_attempt ....) {
                if ($this->_block_ip !== 2 && $this->_block_email !== 2) {
                    $this->_errors[] = $this->l('Prohibited. Please contact site administrator.');
                    $this->_block_ip = 1;
                }
                $this->_detected[] = 'ban';
            }
            $this->storeData();
        }
        if (!$this->_errors) {
            return;
        } else {
            ...
        }
    }

Function store data runs only if not blocked.

    private function storeData()
    {
        if ($this->_block_ip === 2 || $this->_block_email === 2) {
            return;
        }

and storeData self checks for witelisting....

About newsletter is just a bug, just my themes not used ajax for newsletter and I  missed this moment. Now it fixed.

Edited April 17 by metacreo (see edit history)

[biker1947]

PS 1.8.3
Classic theme
Module v1.06

Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.

Not to alarm or frustate customers, for the time being, I disabled register for newsletter, 

Edited April 18 by biker1947 (see edit history)

[metacreo]

19 hours ago, biker1947 said:

PS 1.8.3
Classic theme
Module v1.06

Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.

Not to alarm or frustate customers, for the time being, I disabled register for newsletter, 

PS 1.8.3 please write correct version

No bugs on PS 1.7.8.3. Tested.

 

 

Edited April 19 by metacreo (see edit history)

[biker1947]

Correction on previous my note: 

PS 8.1.3

module 1.0.6

classic theme

 

[metacreo]

15 hours ago, biker1947 said:

Correction on previous my note: 

PS 8.1.3

module 1.0.6

classic theme

 

@biker1947

Hi,

As can you see, no problem on PS 8.1.3 with Classic theme.

Check your module config. Maybe wrong settings stored.