How is going? Well, I'm facing a subscription spam problem in my Magento Store, but this post is not to find some solution, but so, to understand somethings.
Well, this is what I'm facing:
Question 1:
What is the objective of this?
Question 2:
How (probably) this thing are being made?
Question 3:
How they are able to subscribe using a Australia address, if Australia is not a allowed country in my store?
Question 4:
My subscription pages form inputs deny any non-latin character, how these subscriptions are being made anyway?
I'm deeply curious about this, thanks a lot in advance!
Question 1: What is the objective of this?
They use this subscription to receive emails and then navigate through your website.
Question 2: How (probably) this thing are being made?
There are a spam bots. They are so extended around Internet.
Question 3: How they are able to subscribe using a Australia address,
if Australia is not a allowed country in my store?
Because those bots are able to manipulate your front code and avoid the JS native validation from Magento.
Question 4: My subscription pages form inputs deny any non-latin
character, how these subscriptions are being made anyway?
As I told in 3, they can manipulate front code.
I suggest you to put a reCaptcha validation. I used the Google one. Putting this you will reduce a lot of this spam.
As an alternative you can add a backend validation when processing the form in the controller.
Kind Regards
spamming I guess your magento will send email confirmation to this people
bots
and 4. you need to check your access logs it will give you and idea what URL they are using.
Related
First I wanted to clarify that this is neither a recommendation question nor a problem. I am making a PWA and in general I am new to coding/html/php based stuff. So my concern is if there is a way to make this thing work out. I have already managed to make a login system that someone has to create an account in order to login etc etc. I'm currently thinking that since I have already managed that, if there is a way for someone else (other than the customers that already have accounts), to join the app, by scanning a QR Code that when scanned will ask for a small fee payment in order to join the PWA based website, or even download the app.
The only thing I know and have tried is the QR code creation but I don't think that helps in my request.
Expected results: A QR-code that when scanned, asks for a fee payment, either paypal or whatever in order to gain access to the PWA through a limited time account (say like 3 days).
Is there a way this could be done with php tokens ?
A QR code is just a means of encoding some text so it can be scanned easily.
It has no mechanisms for taking payment or embedding any kind of software.
For that, you'll need to look to traditional approaches such as having the QR code contain a URL pointing to a "Login or buy an account" page.
so I need to ask a question, I need to setup a simple paypal express checkout system, that one can allow users to change currencies, and two can then update the page with the updated currencies.
Then I need a way for me to get the order information. As I will be selling website templates so I need a way for me to get their email address, so I can then email them with the link to the template file download.
So my question is what data do I get if I set up an express checkout system. And what code do I need, Do i need to create a database to get the returned data back from paypal? Or do I just get an email or can i see that when i log into my paypal account and check orders and see their details that way, but the main important detail i need is their email address?
Can I also say that this is the first time I have looked into express shopping carts. So I am a complete novice in this field, So I will struggle with the coding aspect. But I think it is the route I need to go down.
Also I want to make it all in php as well. But also I don't want to use ready made systems. I just need the back-end code so that I can then just implement it into my current design. Not sure if paypal give you the code when you click the express shopping cart option in All tool section. I did notice though it redirects to a page that lists many partner sites. I couldn't find anywhere for any implementation advice or tips or code.
EDIT: Also I know I will also need to use either IPN or PDT but the documentation I read is highly confusing and just is making me unsure if I can even set a system up. I also read that you should implement both systems, but I also read that that had a risk of doing the payment twice. So yeah i am kinda a bit unsure how to even go about implementing a system I need.
Thanks in advance.
I'm using Drupal 7 with Drupal Commerce for my e-commerce website.
I'm not a new programmer and I can pick up on skills relatively quickly, but I do not do it for a living, so bear with me if this seems like a stupid question.
I'm having difficulty with spam bots filling out my form "Commerce Checkout". Commerce creates a new customer profile (one each for shipping and billing information).
Shipping and Billing information each have the following fields:
First Name
Last Name
Address 1
Address 2
City
State
Zip Code
Country
It's pretty easy to determine which profiles are created by spam bots and which are real. The bot-created profiles have the same string of data in EACH of the above fields.
I'm trying to create a rule using Rules and Rules Form Support modules to BLOCK the creation of the profile or progression through the checkout process if any two of these fields contain the same data, but I'm running into a wall. How can I set up rules in Drupal 7 to accomplish this (i.e. if Address1/Address2 are the same or FirstName/LastName are the same or FirstName/Address1 are the same....)
If there's another way to accomplish this I am open to suggestions. From what I understand, CAPTCHA and Honeypot are really not options for the checkout-process forms because they will not block the progression to the next step. Unless someone is willing to show me how to incorporate one of those as well, that would be great or possibly even easier...
There are lots of modules which can protect your website like
Spam Detect: https://www.drupal.org/project/spam_detect
Spambot: https://www.drupal.org/project/spambot
Simple Anti-spam: https://www.drupal.org/project/simpleantispam
User Ip Log: https://www.drupal.org/project/uiplog
Restrict Ip: https://www.drupal.org/project/restrict_ip
IP Ranges: https://www.drupal.org/project/ip_ranges
Ban an Ip address: https://www.drupal.org/documentation/modules/ban
and many more.
Use any or any set of such modules to prevent your site from spammers. You can choose which suits you better.
Thanks
Just require login with Commerce Checkout Redirect:
https://www.drupal.org/project/commerce_checkout_redirect
It will require anonymous users to set up an account first before proceeding.
If you still need more security, you should also be able to follow this suggestion to enable CAPTCHA on your user registration form:
https://drupal.stackexchange.com/questions/95979/add-captcha-to-registration-form
That should make it possible to reduce the number of spam submissions through your checkout system.
I am finishing a website in which I have incorporated collections with IPN, and the truth, I'm very happy because I works great.
The question or problem I find is that I need to also pay users in certain cases from the website itself.
Someone could give an example of a payment function specific email? ... In PHP with Paypal Premium account.
I assume that when payment is ordered I also enter my ipn.php to be processed in the same way that happens when my page becomes ... is not it?
Thank you very much in advance for your help.
Greetings to all.
I'm designing a database system, which sells courses to students. This is all done within PHP. I want to take Paypal payments on my website and having done some research I need IPN.
I've been reading docs/guides on how to achieve this from www.x.com but its quite confusing to find info I need as there seems to be more than one way of doing something. The IPN stuff looks pretty straight forward, paypal just needs the unique Invoice number, which the notify script uses to retrieve the record and post the appropriate response into a database and if all goes well, redirect page to a thank you.
The thing is which method do I initially send my values across to Paypal, I don't really want to pass on quantity and shipping data as all of these pieces of data are irrelevant I don't want my end user to see. Do I have to start looking at using the paypal api?
Thanks for the advice
Since your question seems to be "where should i start looking for a good paypal integration with php" i'll give you some general "advice". I had the same problem just a couple of months ago.
Yes you've to read paypal docs, and unfortunatly they don't have the gift of clarity.. very complete but i didn't find them very clear.
However this php class has been very helpful for my similar project: https://github.com/Quixotix/PHP-PayPal-IPN hope can help you too.
Also these articles/classes/docs has been helpful (but at the end i'm not using them) to clear my mind about PP integration:
http://drewjoh.com/wiki/code/classes/phppaypal
http://www.geekality.net/2011/05/28/php-tutorial-paypal-instant-payment-notification-ipn/
set up a sandbox account https://developer.paypal.com/
then go through some of the tutorials
you will also need to set up some test accounts, pay attention to the nav on the left (from the developers page). It has everything you need