Use social title field as antibot Honeypot in the registration form (new account)

[elly63]

Good morning everyone,
since my site continues to have BOT registrations, I wanted to ask you if by modifying the controller of the registration form it is possible to transform the "social title" field, which I have hidden using CSS, into a "honeypot" since it is only filled in by BOTs.
Thanks to anyone who can help me, I don't think it's difficult with some "if statements" in the controller but I'm relatively new to PHP.
Thanks in advance.
I attach the customer section of BO (only bots compile the social tile)

[Prestashop Addict]

Hi @elly63 Why don't you use a reCaptcha?

[elly63]

Hi, because I think honeypot will work better than captcha, I don't want to use other scripts, I prefer that the client doesn't have to interact with
spit boxes or puzzles.

(ps sorry for my googleT english)

[Prestashop Addict]

reCaptcha V3 is invisible for human 😉

[Pvivient]

Hello

I have same problem on a presta 8.1 , the V3 captcha is not efficiency for bots

I have tried to install a recaptcha V2 but the file authcontroller.php is not updated to make recaptcha V2 ok ( IF somebody have an idea)

@ elly63  I have found a module  that limit well the ghosts accounts but not all 

[elly63]

the solution with the fake field (honeypot) is old but in my opinion it would be effective; unfortunately I don't know how to implement it in the registration form controller... and here I was looking for help.

[Paul C]

What version of PrestaShop are you using?

[elly63]

1.7.8.11(last 1.7)

[elly63]

I know a bit of php, just a few if statements....I'm not a programmer, but an amateur

[Paul C]

Your best option would just be to use css. The difficulty is that by default the form groups don't have any selectors that you could easily use. 
In your theme you should have a file (for classic it's  templates/_partials/form-fields.tpl) containing the line:

 <div class="form-group row {if !empty($field.errors)}has-error{/if}">

The $field array is described here on this page of the developer documentation.

If you modify the above line to be:

<div class="form-group row {if !empty($field.errors)}has-error{/if}" id="field-{$field.name}">

Then every "form-group" (which contains the label and the field) will have its own id which you can style with css. You might, for example, just use the following css somewhere in your theme:

div#field-id_gender {
    display: none;
}

Have fun

[elly63]

hi  Paul C,

I have already hidden the social title field with CSS because I didn't need it;
however, the bots fill it in and register by entering it;
from this I clearly distinguish them (see my first image of the topic with the table of registered customers);
For this reason I was asking if an if statement can be implemented via controller (I think) so that if the social title is chosen (like only bots do) registration with the creation of an account does not occur.

[Prestashop Addict]

With reCaptch V3 you can determine the threshold from 1 to 10 to validate a humain interaction. If you are strict let say 5 or 6, it should work.

[Paul C]

Ah OK. I thought you just wanted to be able to identify them so you could delete them. Apologies.

You would be best to write a simple module and hook to 'displayCustomerAccountForm' to add a new honeypot field. Your module's 'validateCustomerFormFields' hook will be called when the form is submitted and thus given an opportunity to fail the registration if your honeypot field has been filled in by a bot.

I don't have time right now to throw an example together but I will if you're interested.

The above would work up to 8.1.4 (and likely a decent way beyond) so it won't prevent you from upgrading. The update to PrestaShop 8 from 1.7 is pretty painless (nothing like the mess going from 1.6 to 1.7) and I would highly recommend it. Minimal changes required to your theme.

[elly63]

Paul c

thanks, if you have time it would be a big help... but I don't want to make you work for free so only if you have time and do it with pleasure, to help me.

Again sorrY for my googleENGLISH

[elly63]

I have already built a personal module to insert videos on the homepage (this is one of my website https://www.calze-carezza-shop.it/online) via tutorial, but now I don't have time to study a more complex one, like the one you propose... I'm mainly a graphic designer (PS-AI-ID-autocad) , and a vba-EXCEL. I chew a bit of html, styleshhet CSS (but that is very simple), some JAVASCRIPT but always with the help of tutorials....

[Paul C]

26 minutes ago, elly63 said:

Paul c

thanks, if you have time it would be a big help... but I don't want to make you work for free so only if you have time and do it with pleasure, to help me.

Again sorrY for my googleENGLISH

Naturally. I don't go looking for paid work - I have more than enough of that

Will have a look when I get some free time. It's fairly simple I believe (you should never underestimate your own skills!). Once you see the code I'm confident you would be able to maintain it.

I know some people get annoyed at users giving away free stuff, but I am continually appalled to see so many blatant cash grabs on here. The original community was much better at mutual support than nowadays  

[elly63]

Paul

"Mala tempora currunt sed peiora parantur"

[Paul C]

5 minutes ago, elly63 said:

Paul

"Mala tempora currunt sed peiora parantur"

My father was a Latin teacher

Sad but true.

[elly63]

If your father was a Latin teacher, then you already know almost everything (the indispensable, not the superfluous)

[Andrei H]

Hello,

@elly63, my solution should hopefully work on both 1.7 and 8 (I have tested it only with 8, but if you are trying it with 1.7 and it does not work, I can look into that)

The hook that's called before the registration process is called 'hookActionSubmitAccountBefore'

You can either register it in your current module or create a new one only for it, that's up to you.

Once the hook is registered by the module, you just need to add the following lines of code inside the module's main class:

public function hookActionSubmitAccountBefore()
{
    if (Tools::getIsset('id_gender')) {
        Tools::redirect('/');
    } 

    return true;
}

As you can see, the logic is fairly simple. This code checks if the 'id_gender' field was set. If it was set, it will redirect the customer to the home page. Otherwise just return true so that the registration process can continue.

You should test this in a non-prod environment first.

If you have any troubles with registering the hook or you want to execute a different logic inside it, just let me know and I'll have a look into it.

Edited March 5 by Andrei H (see edit history)

[elly63]

hi Andrei,

sorry but for me your

"You can either register it in your current module or create a new one only for it, that's up to you."

is "Arabic" ....

can you be more specific (files where I have to add the code you have written), possibly without creating a new module but directly ("in your current module")

Which is the currnt module?

ps ps 1.7.8.11 (the last 1.7)

Edited March 5 by elly63 (see edit history)

[elly63]

MODULE

-----------------------------------------------------------------------------

<?php
/**
 * 2024 Free
 *
 * NOTICE OF LICENSE
 *
 *
 *  @author    free
 *  @copyright 2024 free
 *  @license   This is free addon but you can share, not sell it 
 */

if (!defined('_PS_VERSION_')) {
    exit;
}

class antibothoney extends Module
{
    public function __construct()
    {
        $this->name = 'antibothoney';
        $this->author = 'freeeee';
        $this->version = '1.0.0';
        $this->need_instance = 0;
        $this->bootstrap = true;
        $this->tab = 'others';
        parent::__construct();

        $this->displayName = $this->trans('User verification', [], 'Modules.Antibothoney.Admin');
        $this->ps_versions_compliancy = array(
            'min' => '1.7',
            'max' => _PS_VERSION_
        );
        $this->description = $this->trans('Check user before registration and block bot account', [], 'Modules.Antibothoney.Admin');
    }

    /**
     * Install module
     *
     * @return bool true if success
     */
    public function install()
    {
        if (Shop::isFeatureActive()) {
            Shop::setContext(Shop::CONTEXT_ALL);
        }

        if (!parent::install()
            || !$this->registerHook('actionSubmitAccountBefore')
        ) {
            return false;
        }
        return true;
    }

    public function uninstall()
    {
        return parent::uninstall();
    }

    public function isUsingNewTranslationSystem()
    {
        return true;
    }

    public function hookActionSubmitAccountBefore()
    {
        if (Tools::getIsset('id_gender')) {
            Tools::redirect('/');
        } 

        return true;
    }
}

-------------------------------------------------------------------------------------

I'm on the right way???????

 

Edited March 5 by elly63 (see edit history)

[Andrei H]

Hello,

Sorry, that is my bad. I was not explicit enough.

You mentioned above that you have a custom module that inserts videos into the homepage. I was thinking that you can add this hook in there as well, insetead of creating a module from scratch. But thinking of it again, it will be better to have another module to separate the logic.

Yes, you are on the right way. The code highlighted by you should do the trick once the module is installed.

I also quickly built a module meanwhile. As you can see, the code is really similar to yours 

honeypot.zip

[elly63]

1 minute ago, Andrei H said:

Hello,

Sorry, that is my bad. I was not explicit enough.

You mentioned above that you have a custom module that inserts videos into the homepage. I was thinking that you can add this hook in there as well, insetead of creating a module from scratch. But thinking of it again, it will be better to have another module to separate the logic.

Yes, you are on the right way. The code highlighted by you should do the trick once the module is installed.

I also quickly built a module meanwhile. As you can see, the code is really similar to yours 

honeypot.zip 2.18 kB · 0 downloads

👍

[Paul C]

That looks perfect

Let us know how it works out for you @elly63. I would be interested in how effective it is

[elly63]

2 minutes ago, Paul C said:

That looks perfect

Let us know how it works out for you @elly63. I would be interested in how effective it is

🤞

[elly63]

UPDATE:

THE MODULE SEEMS TO WORK, NO MORE BOTS FOR 4 DAYS
BEFORE INSTALLING THE MODULE THERE WERE ABOUT 4/5 PER DAY;
I WILL MONITOR THE SITUATION.
THANKS TO ALL FOR THE SUGGESTIONS

[Mediacom87]

Hi,

This is one of the techniques I use on my AntiSpam module, and the next version will also integrate IP blocking, knowing that it already blocks thousands of domain names, or any specific email address, and improve the management of SAV threads since you'll be able to add any email address associated with a thread with a single click in the spammer list to block them in future, and delete them directly from the thread without having to select them from the list of all threads.

[Nickz]

that is only a question of time till the bot devs have found a way around it.
Better is to find a suitable way for each shop to manage customer attention. Telegram, Signal offer Group and group admins.