Announcement

Collapse
No announcement yet.

Someone is creating new fake customers accounts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mike521w
    replied
    Hi lesliekirk - yep it should work fine, correct you would put LOGN in the watched list. Adding Google's ReCaptcha code (html, javascript etc) to the popup is done separately. I haven't tested it for LOGN but I expect it would work fine - let me know if you hit a snag though. My own plan is to eventually add it throughout sites I work on as well.

    About how-to's, at first I was confused by ReCaptcha v3 but after working through it I do understand it better, so I think Google's help pages are ok as far as that goes. But it did take me a couple of reads for whatever reason

    Since there's no built-in way to validate a recaptcha token on a Miva-handled action (like ICST), a how-to from Miva would be a problem. They could explain everything as far as adding the javascript etc, but once it gets to the point of validating the token, we're stuck. The how-to would have to do one (or more) of these:
    • tell users to write a Miva module
    • tell users to contact a 3rd party developer to write the module for them
    • tell users to contact Miva's Professional Services dept (to write the module for them)
    Or I suppose you could tell them to use my free module lol

    Leave a comment:


  • lesliekirk
    replied
    Originally posted by lesliekirk View Post

    Thanks for the module! I'm still trying to wrap my head around version 3. So no checkbox displays? It just sends the form to never-never land if it's a bot?

    I have another question (since this just came up) - will this work on the popup Password Lookup: modal? There is one on the LOGN screen, so would I put LOGN in the Watched Action List?

    Miva Support has told the store owner to add reCaptcha to all the "forms" on her store. I'm thinking if this is the case, should Miva be providing some how-to's for this?

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    It will still require mivascript, and more importantly, a decent level of understanding of the entire Miva system and API so, no. But, the main idea is to make simply modules EASIER for developers to build and distribute instead of having to try to write and explain complex SMT code.

    For example, the last go round of showing products in that belong to sub-categories of a category. That would be a relatively simple modulette.

    That being said, from a performance perspective, I'd use something like that tool to just assign the products to the top level category and then have that tool run daily or something.

    Leave a comment:


  • William Davis
    replied
    Originally posted by Bruce - PhosphorMedia View Post

    Possibly, and its something we've (a couple of module developers) have been working on/experimenting with for the last year...but, its probably a 3 to 6 month investment (schedule time, not calendar) and not being able to know what exactly Miva 10 will bring probably means nothing released till after 10.
    Providing Miva 10 and all the stars align just, would such a module permit even novices like myself to create a simple module, or one would still need Miva script knowledge? Just curious.

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    Bruce, is it possible and is there a market to create a module to help others create their own simple modules for individuals who done know how to create simple modules like Online Miva Merchant Module Builder?
    Possibly, and its something we've (a couple of module developers) have been working on/experimenting with for the last year...but, its probably a 3 to 6 month investment (schedule time, not calendar) and not being able to know what exactly Miva 10 will bring probably means nothing released till after 10.

    Leave a comment:


  • William Davis
    replied
    Originally posted by Bruce - PhosphorMedia View Post

    yea, if i had the time, i'd do that and a bit more...i really like the idea of creating a bunch of 'open source' modules as there are many things that can be simplified with the use of a module, but there is no market for 'simple' modules.
    Bruce, is it possible and is there a market to create a module to help others create their own simple modules for individuals who don't know how to create simple modules like Online Miva Merchant Module Builder?
    Last edited by William Davis; 12-18-19, 02:29 PM.

    Leave a comment:


  • Mike521w
    replied
    yea, I thought there might be a market for this one but I'm not a module developer and I don't want to get into providing support etc. There are some features that can be added though - the admin UI can be adjusted to a table layout like:
    Action Tolerance Status Code on Fail Redirect URL on Fail
    ICST 0.3 200 /whatever.htm
    Then each action can be a new row, and the user can add rows as they wish. That would be smooth and easier to understand. But to begin with I just needed something that worked

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    Originally posted by Mike521w View Post
    Bruce - PhosphorMedia good point - maybe on the next go-round I'll add an option where the user can configure what status code they want to return, and/or a corresponding URL
    yea, if i had the time, i'd do that and a bit more...i really like the idea of creating a bunch of 'open source' modules as there are many things that can be simplified with the use of a module, but there is no market for 'simple' modules.

    Leave a comment:


  • Mike521w
    replied
    Bruce - PhosphorMedia good point - maybe on the next go-round I'll add an option where the user can configure what status code they want to return, and/or a corresponding URL

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    AFAIK: With "bot holes" the general idea is to not give them any ideas. So, it might be better to then a 200 response to "/you-have-found-the-back-door-to-my-fortune.html. If the bot sees that its getting a 4xx response, it no KNOWS to try other urls or methods.

    Leave a comment:


  • Mike521w
    replied
    No problem : )

    Right - it just gives them a blank page. Basically v3 returns a score from 0 - 1, and Google leaves it up to us to decide what score we're comfortable with. So we decide the lowest score we'll allow, AND we decide what to do if the score is too low.

    So I set the module so we can enter the score we want, but as far as what it does with a low-score, that's coded in the module itself - 403 status and a blank page. Since the source is available you can change that if you want.

    On the sites I manage, the good score returned by Google is almost always 0.9, and bad scores are almost always 0.1 (with a few 0.7's and 0.3's thrown in).

    Leave a comment:


  • lesliekirk
    replied
    Originally posted by Mike521w View Post
    ok I threw together a quick github repo: https://github.com/MWScripts/Miva_GoogleReCaptcha

    Feel free to download and edit the original .mv, or just use the .mvc. Remember, this does not add Google's ReCaptcha code to the front end of your site - that you have to do manually. It just listens for the actions you tell it to listen for, and when found, it validates the token. If good, everything proceeds as normal. If bad, a 403 and a blank page are returned.
    Thanks for the module! I'm still trying to wrap my head around version 3. So no checkbox displays? It just sends the form to never-never land if it's a bot?


    Leave a comment:


  • Mike521w
    replied
    ok I threw together a quick github repo: https://github.com/MWScripts/Miva_GoogleReCaptcha

    Feel free to download and edit the original .mv, or just use the .mvc. Remember, this does not add Google's ReCaptcha code to the front end of your site - that you have to do manually. It just listens for the actions you tell it to listen for, and when found, it validates the token. If good, everything proceeds as normal. If bad, a 403 and a blank page are returned.

    Leave a comment:


  • oliverands
    replied
    I've been seeing the same thing with fake profiles generated for spam purposes on a WordPress discussion forum I run. It's been happening there for well over a year now and increasing over time. Seems like profile creation is a new webspam vector that is continuing to spread.

    I'm using a WordPress plugin called CleanTalk (https://cleantalk.org) that has been doing a really good job of stopping this at the source. As an added feature, it has a firewall function that completely blocks site access to known spammer IP addresses. It's cut my site traffic, too, but in a positive way.

    CleanTalk has plugins available for many, many systems, including e-commerce applications. Perhaps someone could develop a Miva plugin or convince CleanTalk to do it.

    But from what I've seen on my WordPress site, I think we've been lucky in the Miva community that this hasn't been an issue to date. But it's here now and it's only going to get worse. There's a real need here for a solution, either from Miva or a third-party.

    Leave a comment:


  • lesliekirk
    replied
    Originally posted by Mike521w View Post
    [USER="18206"]

    lesliekirk - I didn't think of trying to use the payment screen's ReCaptcha on ACAD - I imagine it would use the same settings. Off the top of my head I'm not sure if it would work, since the ACAD form submits with a different Action than OPAY, so even though the token might be created on ACAD, I don't think it would get validated by merchant.mvc on submit.
    I'm testing the code snippet generated on the OPAY screen instead of using the token. I'll keep you posted as to if it seems to activate displaying the reCaptcha on the OPAY screen.



    Leave a comment:

Working...
X