Jump to content

Recommended Posts

Anti-Spam, Anti-Bot, Anti-Brute-Force, Block Unwanted Bot and Spammer Traffic

The module allows you to protect registration and login forms from bots. Limit the number of login attempts and registration attempts.
Module protect and limits the use of contact form, newsletter registration form and modules 'productcomments', 'iqitreviews'.
Also, the module detects and ban more than 90% of the simplest bots.
It is possible to manually block an IP and Email addresses, as well as exclude blocking.
The module keeps a log of connection attempts and a log of entered data.

After install, module creates 2 tabs in BO Customers tab.

SS Triggers - phrases and words for contact form and 'productcomments', 'iqitreviews' modules (empty table after install and create own list).
SS Actions - attempts log table with controls (view, edit, delete).

Developed for 8.X but may work with 1.7.8+ (Reported: works on 1.7.8.3)

sssecurity.thumb.jpg.5517ac9de155b33bb6f37e4a3a00973e.jpg

 

Download simplesecurity.zip (Always latest version.)

~=DONATIONS ARE WELCOME=~

About updates please read this topic.

Edited by metacreo
Try to no more editing topic start. (see edit history)
Link to comment
Share on other sites

  • 3 weeks later...

The module is indeed excellent and appears to function well. Thank you!

However, I'm concerned about the security implications of storing passwords in plain text, especially for non-bot users.

As a solution, I've modified it to store passwords as hashed values, aligning with data protection regulations.

In this case my Prestashop version is 1.7.8.3

  • Thanks 1
Link to comment
Share on other sites

I installed this yesterday to my store and already it has blocked over 30 spam accounts from registering - so thank you for solving my problem with this module! However, I too am a little concerned about the passwords showing in plain text. Hopefully this can be resolved with the next update - keep up the great work and thanks again!

  • Thanks 1
Link to comment
Share on other sites

Thank you Antti.
Module updated. New version 1.0.2
Added configuration page.
Added hash passwords option (on config page you may choose how to keep passwords).
For new install no need any action. For update you need to go to module config page and enter values.

Thanks All for donation.

Edited by metacreo (see edit history)
Link to comment
Share on other sites

Upgraded. Actual version 1.0.3.
Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install.
Added function checkConfig for each action.
Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.
Warn values (default 3) must be always less than Ban values (default 5).

simplesecurity.zip   <-  download v 1.0.3

1 hour ago, Antti said:

What should the values be? The module now blocks even real accounts, including my own....😅 so I had to switch it off temporarily.

In your case you can just uninstall and install. config fill auto on install. in new version on update too.

Link to comment
Share on other sites

2 hours ago, metacreo said:

Upgraded. Actual version 1.0.3.
Fixed update issues. Now no need additional actions on update. Config must be filled with default values by default on update and on install.
Added function checkConfig for each action.
Added small description in module config. Warn - count attempts to before warning, Ban - count attempts to before ban.
Warn values (default 3) must be always less than Ban values (default 5).

simplesecurity.zip   <-  download v 1.0.3

In your case you can just uninstall and install. config fill auto on install. in new version on update too.

Great, thank you again! 🙏

Link to comment
Share on other sites

  • 3 weeks later...

Module updated. No version up. Same version 1.0.4.

Small fix in contact form checker. Fixed error if customer sent empty email.

Also processing form access counter if email is empty.

Link to comment
Share on other sites

10 hours ago, joe ramires said:

I can't install it on 1.7.8.8

Installation of the simplesecurity module failed. Your module version is not compatible with your PrestaShop version.

 

Hi joe ramires. You can try to install again. I downgraded PS version requirements to 1.7.8.3.

Link to comment
Share on other sites

  • 3 weeks later...

Hi, is it possible to downgrade the requirements for the 1.7.6.5 version?

Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click
Can you tell me whats the best way to get rid off any leftovers?

Edited by chrono (see edit history)
Link to comment
Share on other sites

Posted (edited)
On 4/8/2024 at 3:43 PM, chrono said:

Hi, is it possible to downgrade the requirements for the 1.7.6.5 version?

Edit: I checked my bo after trying to install earlier and now i have SS Trigger and Action which gives error 500 everytime i try to click
Can you tell me whats the best way to get rid off any leftovers?

Hello,

What PHP version your PS used?

And can you publish error from http  server log and from PS_DIR/var/log?

Unfortunately I'm very busy at the moment. Maybe later I will launch the old version of PS and adapt the module.

1.7.6 and 1.7.8 have different auth controllers and hooks. So... need to rewrite much code to work with 1.7.6 correctly.

1.7.8+ have separate auth and reg controllers. 1.76 have one auth controller, 1.7.6 email subscribe module different of 1.7.8 too.

Simple rewrite PS_VERSION requirements not help you to module work with 1.7.6

Edited by metacreo (see edit history)
Link to comment
Share on other sites

I have tried your module, it is really good and works according to my first tests.


You write that it should be possible to manually block IP's or e-mail addresses.

I can't find this option anywhere. Can you help me further?


Otherwise: really nice, great👍

Link to comment
Share on other sites

3 hours ago, BlackCrow said:

I have tried your module, it is really good and works according to my first tests.


You write that it should be possible to manually block IP's or e-mail addresses.

I can't find this option anywhere. Can you help me further?


Otherwise: really nice, great👍

Thank you for warm words.

To block IP, go to SS Actions in customer section. Find (last by date) IP you need in table and click Edit (not VIEW). Set ban IP or email or both and save.

Link to comment
Share on other sites

Hi @metacreo , ty for your help.

Can you explain to me which criteria are used to block an ip?
I don't quite understand this process yet.
I can register accounts, but then there is nothing under Customers > SS Action.
However, some bots have already been successfully blocked there.
I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.
So it is no longer possible to register for the newsletter. However, the account registration and login work fine.

Link to comment
Share on other sites

Module installed. Installation without issues. Bots are blocked at contact form! Great!

However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never',  IP still is blocked on second attempt to signup for newsletter.  

Edited by biker1947 (see edit history)
Link to comment
Share on other sites

please write ps version, this module (1.0.4 latest) version and ps_emailsubscription module version. because as I see this bug is possible only on 1.7
to temporary disable this part of functionality just unhook this module from actionNewsletterRegistrationBefore hook

just tested on 1.7.8.11 and 8.x ps and not found any bug with newsletter

Edited by metacreo (see edit history)
Link to comment
Share on other sites

I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you!

Link to comment
Share on other sites

4 minutes ago, Antti said:

I had / have the newsletter issue with PS 8.0.4 - I did not realize this before biker1947 mentioned this in their post as only then did I test it. I unhooked from "actionNewsletterRegistrationBefore" as you instructed and that solved it for me. Thank you!

Hook back again and up module ver. to 1.0.5  I found the problem and fixed it.

Edited by metacreo (see edit history)
  • Like 1
Link to comment
Share on other sites

10 hours ago, biker1947 said:

Module installed. Installation without issues. Bots are blocked at contact form! Great!

However all attempts to signup for newsletter are blocked, including my own emailaddresses. Error message: Bot or invalid traffic detected. Connection prohibited. Email addresses are seen as bot, after editing SS actions "ban IP" to 'never', and "ban email" to 'never',  IP still is blocked on second attempt to signup for newsletter.  

 

8 hours ago, Antti said:

Same here with the newsletter signup issue -  it blocks even my own address. I have been successfully using the module for quite a while but only noticed this now. 

fixed in 1.0.5

  • Like 1
Link to comment
Share on other sites

On 4/12/2024 at 12:50 PM, BlackCrow said:

Hi @metacreo , ty for your help.

Can you explain to me which criteria are used to block an ip?
I don't quite understand this process yet.
I can register accounts, but then there is nothing under Customers > SS Action.
However, some bots have already been successfully blocked there.
I also tried to register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.
So it is no longer possible to register for the newsletter. However, the account registration and login work fine.

Your SS Actions table is always empty or just on registration? Probably your PS version too old and not have separate registration controller.

Try new 1.0.6 with small corrections of logic.

If IP or Email is blocked or is set to never, no more records in table. Checked last record only for blocked or whitelisted conditions.
If IP or Email have zero condition in table, all related checks performed always and if detected bot (for example), IP is blocked.

    private $_block_ip = 0; // 0 - not blocked, 1 - blocked, 2 - never block
    private $_block_email = 0; // 0 - not blocked, 1 - blocked, 2 - never block
    public function hookActionSubmitAccountBefore($params)
    {
        $this->_redirect = $this->_action = 'registration';
        $this->checkAuthAndReg();
        if (!$this->_errors) {
            return true;
        }
    }

    private function checkAuthAndReg()
    {
        ....
        if (!$this->checkIsBlocked()) {
            $this->checkIsBot();
            $this->_attempt = $this->getAttemptsCount();
            if (($this->_attempt .... {
                if ($this->_block_ip !== 2 && $this->_block_email !== 2) {
                    $this->_errors[] = $this->l('Temporarily prohibited. Please try again in a few minutes.');
                }
                $this->_detected[] = 'warn';
            }
            if ($this->_attempt ....) {
                if ($this->_block_ip !== 2 && $this->_block_email !== 2) {
                    $this->_errors[] = $this->l('Prohibited. Please contact site administrator.');
                    $this->_block_ip = 1;
                }
                $this->_detected[] = 'ban';
            }
            $this->storeData();
        }
        if (!$this->_errors) {
            return;
        } else {
            ...
        }
    }

Function store data runs only if not blocked.

    private function storeData()
    {
        if ($this->_block_ip === 2 || $this->_block_email === 2) {
            return;
        }

and storeData self checks for witelisting....

About newsletter is just a bug, just my themes not used ajax for newsletter and I  missed this moment. Now it fixed.

Edited by metacreo (see edit history)
Link to comment
Share on other sites

19 hours ago, biker1947 said:

PS 1.8.3
Classic theme
Module v1.06

Register for the newsletter with a normal e-mail address - error message: Bot or invalid traffic detected. Connection prohibited.

Not to alarm or frustate customers, for the time being, I disabled register for newsletter, 

PS 1.8.3 please write correct version

No bugs on PS 1.7.8.3. Tested.

 

 

Edited by metacreo (see edit history)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...