Informatik MP Posted February 28, 2013 Share Posted February 28, 2013 (edited) Hi there, A new version of reCaptcha, compatible with PS 1.5.x is needed in urgence... My store is beginning to receive robot-made subscriptions and the email contact is being targetted by spam since I put my PS store online... The module reCaptcha should even be mandatory in PS registration form, that is a major security leak! The reCaptcha module shouldn't be hard to make, they are giving the libraries and plugins for developpement on their site, http://recaptcha.net ... There is an outdated module already made: link PS REALLY need this security protection... Thanks, A worried user... Edited March 1, 2013 by InformatikMP (see edit history) Link to comment Share on other sites More sharing options...
Informatik MP Posted March 1, 2013 Author Share Posted March 1, 2013 Really? nobody has the same point of view as me? Link to comment Share on other sites More sharing options...
Dh42 Posted March 1, 2013 Share Posted March 1, 2013 reCaptcha won't solve your problem. You need to edit the form so the robots cannont use it. Wikipedia has a very good article on it. Link to comment Share on other sites More sharing options...
Informatik MP Posted March 2, 2013 Author Share Posted March 2, 2013 I'm not going to edit any files of my shop... I don't see how the form could be edited to forbid a Bot to spam the registrations... The only way to prevent Bot-registrations is with reCaptcha... I tried many other CMS-Shop and all had a reCaptcha module included by default! Everything is available on the reCaptcha website for free why a module should be paying then? Link to comment Share on other sites More sharing options...
Frevab Posted March 10, 2013 Share Posted March 10, 2013 My webshop was taken offline on Friday as the server was used for spam email sending using our domain. They found a lot of infected files on our domain. I have to spend a lot of time now to sort it out before the ISP want to put it back online. In the PS bug site I saw a few bug reports pointing at the "telllafriend" module and the option of customers sending messages from the webshop to the customer service. Some people also asked for a Captcha protection of these forms. Link to comment Share on other sites More sharing options...
Dh42 Posted March 10, 2013 Share Posted March 10, 2013 InformatikMP, You apparently know nothing about spam and how its generated. If you want a reCapcha module, buy it. Then what do you do if your spammers use something like thing http://www.deathbycaptcha.com/user/order this forum has a captcha and still gets a good amount of spam. Freveb, disable that module and all should be fine. Link to comment Share on other sites More sharing options...
Dh42 Posted March 10, 2013 Share Posted March 10, 2013 For more information on spam control, you can read this also http://devseon.com/en/website-security/prevent-spam-on-your-site-the-ultimate-guide/ Link to comment Share on other sites More sharing options...
Frevab Posted March 10, 2013 Share Posted March 10, 2013 I don't receive the spam emails but spammers get accesss through the Prestashop files on the server. Our ISP has blokked our website to stop spammers to use it to send out spam. Since I put the webshop online in January this is the third time. First time files were injected with a code after adding Google Verify. The second time was Tuesday Mar 5 my ISP informed we our site was hacked and on friday the ISP blocked our domein completely after the discovered their servers were used to send out spam relating to our domain. So I have to look at all angles to find out how I can prevent this as this is not why I have a webshop to habe it taken offline al the time! I have checked my systems for virus as I suspect FileZilla as there is a lot online about the unprotected save on the ftp access password. I also searched on the PS bug website and saw some comment on the google verify of "tellafriend" module and contactform. I also wonder if the option to upload file to the server by customers through the contact form is a possible open door? I have added a list of infected files that our ISP has compiled for their own info. Any ideas or simular experiences anyone? I have looked at the release notes of 1.4.10 to see if any issues relating to safety has been fixed but the list is long and does not give a lot of details, only bug numbers. I have to sort it out untill the will put my site back online. infectedfiles.txt Link to comment Share on other sites More sharing options...
PrestaHeroes USA Posted March 10, 2013 Share Posted March 10, 2013 ticketmaster just dropped recaptcha...why? it sucked...why? customers when they buy want to get it done....what do customers hate? recaptcha Link to comment Share on other sites More sharing options...
Dh42 Posted March 10, 2013 Share Posted March 10, 2013 What happened is someone more than likely got your ftp through either guessing it or lax security on your part there are no known bugs that can breach you shop that way. Change your password, and read this http://blog.dh42.com/best-e-commerce-security/ and implement a many of those things as you can. Link to comment Share on other sites More sharing options...
Bill Dalton Posted March 11, 2013 Share Posted March 11, 2013 I just uninstalled "Send to a friend", and deleted the code from the server. It just doesn't seem to offer anything that can justify the potential trouble. Even if you make it safe, it really is just the type of code that BOTS look for and when found keeps them banging on your server. I've never used a "Send to a friend module in the past. I have no idea if the benefit is there. But I think the Facebook like button has pretty much taken its place, ... hopefully ... Link to comment Share on other sites More sharing options...
Informatik MP Posted March 11, 2013 Author Share Posted March 11, 2013 The main concern i have is that I have to manually verify every registrations to find out which one are BOTS... I don't understand why this is so hard to have at least the registration form protected from BOTS... Link to comment Share on other sites More sharing options...
Frevab Posted March 11, 2013 Share Posted March 11, 2013 I think the Honeypot method described in http://devseon.com/en/website-security/prevent-spam-on-your-site-the-ultimate-guide/ is probably the best option available. I hate it when I visit websites using captcha so I don't want it on my webshop. I have deleted the "Send to a friend" module as well. I also want to disable to option for customers to upload files to the webshop server but cannot find where I can do this. Only the size settings of the upload file I found. About Facebook like button. There are so many modules for this. Which one do you use/prefer? I read somewhere that the Facebook module enables customers also to use the Facebook login on the webshop account which will make it easier and more friendly to open up an account on our webshop but how secure is this. Does it store the facebook login user+password of people in our database? Link to comment Share on other sites More sharing options...
Informatik MP Posted March 11, 2013 Author Share Posted March 11, 2013 I just made an improvement in my store, I activated the Geolocation and unchecked all countries but canada. I seen on some forums that BOTS are veryfew located in canada. Anyway, i won't sale outside, I wasn't using geolocation to let my store as much accessible as possible. Thanks to all for your answers. Link to comment Share on other sites More sharing options...
tuk66 Posted July 17, 2013 Share Posted July 17, 2013 reCaptcha is overestimated in my opinion. Link to comment Share on other sites More sharing options...
PrestaHeroes USA Posted December 2, 2013 Share Posted December 2, 2013 reCaptcha is overestimated in my opinion. I agree totally. US websites can't drop it fast enough. Link to comment Share on other sites More sharing options...
Recommended Posts