Recaptcha V3.x

[JRR]

Anyone else working on installing this? I don't see much chatter here, so I am putting in these two links - from osCommerce you need something called Hook System (no idea if compatible with osCmax) Recaptcha V3

[JRR]

looks like V3 may not work at all with osCmax, so will try to set up V2 reCaptcha...

[ridexbuilder]

I'm still popping in here, periodically.
Thanks for pursuing this!

[Markcm]

Heads up, in my experience V2 is now updated. Although I've moved to opencart, I was getting blasted with bots creating accounts. V2 no longer slowed them down. V3 stopped the bot accounts 100%.

[ridexbuilder]

Thanks for the heads up!

[JRR]

I have found a relatively easy way to purge the database of these annoying registrations.

I am NOT going into details publicly (who knows who reads this?) but I can give you this for free: Do NOT log into your data base with permissions stronger than r/w as you don't want to break the data base! Logging in with r/w privileges should only allow you to EDIT the data only, but not able to create or edit the structure. I made that mistake and it took me longer than it should have (I forgot to backup prior to editing - idiot!) to restore the database.

Anyway, once you are in the DB (in r/w mode only) take a look at what the unwanted folks are filling in. You should see a pattern you can use in the Customers DB. With luck purging the customers first will delete the listings in address_book!

I too am planning on moving to OpenCart, but stalled with everything else that is happening with Covid-19...

Make you you have turned off Comments, Reviews, and anything else the 'customer' can do that might compromise your site!

DO NOT POST IN CLEAR HERE WHAT YOU ARE DOING! THAT MAY TEACH THE BOTS HOW TO MAKE IT HARDER TO PURGE THE CUSTOMER LIST!

I hope this helps some folks purge these bot generated 'customers'.

[ridexbuilder]

I put a very simple question in the registration form, such as "what colour is an orange" or "what's 10 + 1" and that amazingly stops all of them so far.

[JRR]

Good solution!
Hmm, how did you add that? I assume a wee bit of code...
Thanks!

[ridexbuilder]

Good solution!
Hmm, how did you add that? I assume a wee bit of code...
Thanks!

5-10 minutes should see it added. Remember to take a copy of your files before editing though.
catalog/create_account.php
About line 100..

Code:

    // end modification for reCaptcha

    $antirobot = tep_db_prepare_input($_POST['antirobot']);

Once added, then about line 213..

Code:

    // end modification for reCaptcha
    
    if ( ($antirobot == 'no') OR ($antirobot == 'No') ) {
       $error = false;
       } else {
       $error = true;
       $messageStack->add('create_account', ENTRY_SECURITY_CHECK_ERROR);
     }

The condition to check for could be a word, a phrase, a number etc. but keep it simple, to avoid frustration - hence the check allowing for lowercase or capital. (You need to also consider '1' or 'one' or 'One' if you request a number.) Not the most elegant bit of code but appears to do what's required.

Then,
catalog/includes/languages/english/create_account.php
Add before the last ?>

Code:

define('ENTRY_ANTI_ROBOT','Anti-robot question');
define('ENTRY_ANTI_ROBOT_TEXT','<- Are you a robot');

Of course, you can word the prompt to whatever you want ("what letter comes after r") but try to consider all possible (sensible) answers - preferably with no variants. Also consider your market, not everyone calls nappies, diapers!

Finally,
catalog/templates/your_template/content/create_account.tpl.php
Just after the Recaptcha..

Code:

<!-- reCAPTCHA - end -->

      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td>      
          <table border="0" width="100%" cellspacing="1" cellpadding="2">
            <tr>
             <td class="main" width="150">
                <?php echo ENTRY_ANTI_ROBOT; ?>
             </td>
             <td class="main">
                <?php echo tep_draw_input_field('antirobot') .  '&nbsp;' . (tep_not_null(ENTRY_ANTI_ROBOT_TEXT) ? '<span  class="inputRequirement">' . ENTRY_ANTI_ROBOT_TEXT . '</span>':  ''); ?>
             </td>
            </tr>
         </table>
       </td>
      </tr>

If you use an additional eg.mobile, template then remember to add it there too.
Job Done.

If it doesn't stop 'em or only works for a while, just change the question and response. I've not needed to do so yet and it's been active for many months. Touch wood.

[JRR]

That worked! Just as advertised! I made it a simple math question...

(example question)

define('ENTRY_ANTI_ROBOT_TEXT','<- 1+1= ?');

(example answer)

if ( ($antirobot == '2') OR ($antirobot == 'two') )

Thanks for saving me endless hours of poking at the code!

Do you have a PayPal tip jar??

John :-#)#