Unwanted Registrations

[Kleijn36]

The last few days i have a lot of unwanted customer registrations. It  looks that there are some registration bots running, i blocked the IP's but stil new unwanted registrations. In the last name they register a www. domain, how to block this? Is there a solution too not accept "www." in the last name registration?

[Traumflug]

Yes, see

 

[basix101]

I have the same unwanted Customer Registrations from the same spammer.

I'm not a coder, just a copy and paster! Can you please tell me which is the correct code to alter as I am confused?

1: https://github.com/thirtybees/thirtybees/commit/7ad147d991861e498e586f4dfc8ad1ff

2: https://github.com/thirtybees/thirtybees/commit/c733d5360d5292c12bb6a899748d9094bc608e05

3: https://github.com/thirtybees/thirtybees/commit/f04f1ded917b702465b2da6adfb7d573fdb974ad

Thank you

Edited April 22, 2019 by basix101
found another github link

[DRMasterChief]

I think a good  To-Do-List for this is necessary,  @Traumflug  maybe you can arrange some advice for this?   Seems not to be that easy to find out what to do with these Github things,  i have also some difficulties with it. 

[wakabayashi]

Its very easy to make github changes: 

1. Open the file (you see it beside the green and red sqaures. for example: classes/Validate.php)
2. You remove all the red lines in the code
3. You add all the green lines in the code.

[DRMasterChief]

Yep, but in all 3 Github links is the same file which should be changed, but with different changes  (classes/Validate.php)  , think this is very strange for some people.  Or am i wrong, hopefully not  :)  regarding i will do this changes in 1-2 days.

btw. will there be an update for this  (i think it will be included in the next, but not sure when this will come)? 

[colorful-ant]

i made backup/rename from old file (validate.php) - insert new file, all is good

[basix101]

OK, I think I got it.

The two GitHub validate.php files looked different because one was an update of the other. Once I found the one that matched my own validate.php file and saw the 'updated' link to the other GitHub validate.php file it made sense.

I also changed the validate.js files in my shop.

Thanks for all your time and input, it is sincerely appreciated.

[Guest]

19 hours ago, DRMasterChief said:

Yep, but in all 3 Github links is the same file which should be changed, but with different changes  (classes/Validate.php)  , think this is very strange for some people.  Or am i wrong, hopefully not  🙂 regarding i will do this changes in 1-2 days.

btw. will there be an update for this  (i think it will be included in the next, but not sure when this will come)? 

I was getting hit with these too.

Fix was really easy to implement.
Thanks a lot for releasing this so quickly.

You do all 3 of these.
Do this one first:
https://github.com/thirtybees/thirtybees/commit/c733d5360d5292c12bb6a899748d9094bc608e05

Then this one:

https://github.com/thirtybees/thirtybees/commit/7ad147d991861e498e586f4dfc8ad1ff

Then this one: (also edit the .js file here)

https://github.com/thirtybees/thirtybees/commit/f04f1ded917b702465b2da6adfb7d573fdb974ad

Edited April 23, 2019 by Purity

[datakick]

also coreupdater can be used to fix this

[Guest]

The patch of course works, but it seems to also disable the phrase c/o, which is a very valid and common way to ship in the USA when you're shipping to an address that isn't yours. Although it still works in the company box.

Edited April 24, 2019 by Purity

[Traumflug]

You mean forward slashes as part of the name? Yes, they were disallowed to avoid names like "cat /etc/passwd".

Looks like there's another commit needed. Dealing with names is a tricky matter, see https://shinesolutions.com/2018/01/08/falsehoods-programmers-believe-about-names-with-examples/

[Traumflug]

Here we go: https://github.com/thirtybees/thirtybees/commit/1818e2aca9b90dbee0553272e45956b275fda334

 

[vsn]

why you guys don't use a TB native module called reCaptcha? You can set up a reCaptcha validation during the registration process. I faced the same spam-registration problem, installed the module, since that no unwanted registration anymore.

[wakabayashi]

I use the captcha module for contact form. But I wouldnt do that for registration. For me its too risky, that it fails or people cant manage it 

[Kleijn36]

On 4/23/2019 at 5:44 PM, datakick said:

also coreupdater can be used to fix this

Manual fixed the problem in Validate.php. Coreupdater doesn't fix the problem, after update (1.0.8) problem is back.

[Traumflug]

13 hours ago, Kleijn36 said:

after update (1.0.8) problem is back

@datakick probably means an update not to 1.0.8, but to Bleeding Edge / 1.0.x. That's currently pretty stable.

[DRMasterChief]

On 4/24/2019 at 12:16 PM, Traumflug said:

Here we go: https://github.com/thirtybees/thirtybees/commit/1818e2aca9b90dbee0553272e45956b275fda334

 

This should fix the  c/o  problem?   It does not for me,  i have used this php file and  can not register with a  c/o in the name. 

[DRMasterChief]

Would like to raise the topic,  is this now implemented in an newer version of tb ? 

I cant find the changes from @Traumflug in the actual validate.php ,  but maybe this can be very helpful.

[the.rampage.rado]

Those changes are included:



If you get spam registrations install 


Or 


I'm using both, Cloudflare for front office forms and No Captcha for my BO.

[DRMasterChief]

hmm,  ok thank you,  but i can not find these changes in my  validate.php

Cloudflare Turnstile is the free version?  Is it a good choice? 

[the.rampage.rado]

I have them, so probably you're not looking for the proper strings or your install is ages old.

https://github.com/eschiendorfer/genzo_turnstile , thanks to @wakabayashi

[DRMasterChief]

with the update to 1.5.1  a few minutes ago i now have the 2 acutal   validate files  ,   Notepad++ says   🙂

[the.rampage.rado]

Reduce them to just one... 😄

[DRMasterChief]

ahhh yes,  i mean the .php and the .js   = 2  🤠