I'm using Drupal 7 with Drupal Commerce for my e-commerce website.
I'm not a new programmer and I can pick up on skills relatively quickly, but I do not do it for a living, so bear with me if this seems like a stupid question.
I'm having difficulty with spam bots filling out my form "Commerce Checkout". Commerce creates a new customer profile (one each for shipping and billing information).
Shipping and Billing information each have the following fields:
First Name
Last Name
Address 1
Address 2
City
State
Zip Code
Country
It's pretty easy to determine which profiles are created by spam bots and which are real. The bot-created profiles have the same string of data in EACH of the above fields.
I'm trying to create a rule using Rules and Rules Form Support modules to BLOCK the creation of the profile or progression through the checkout process if any two of these fields contain the same data, but I'm running into a wall. How can I set up rules in Drupal 7 to accomplish this (i.e. if Address1/Address2 are the same or FirstName/LastName are the same or FirstName/Address1 are the same....)
If there's another way to accomplish this I am open to suggestions. From what I understand, CAPTCHA and Honeypot are really not options for the checkout-process forms because they will not block the progression to the next step. Unless someone is willing to show me how to incorporate one of those as well, that would be great or possibly even easier...
There are lots of modules which can protect your website like
Spam Detect: https://www.drupal.org/project/spam_detect
Spambot: https://www.drupal.org/project/spambot
Simple Anti-spam: https://www.drupal.org/project/simpleantispam
User Ip Log: https://www.drupal.org/project/uiplog
Restrict Ip: https://www.drupal.org/project/restrict_ip
IP Ranges: https://www.drupal.org/project/ip_ranges
Ban an Ip address: https://www.drupal.org/documentation/modules/ban
and many more.
Use any or any set of such modules to prevent your site from spammers. You can choose which suits you better.
Thanks
Just require login with Commerce Checkout Redirect:
https://www.drupal.org/project/commerce_checkout_redirect
It will require anonymous users to set up an account first before proceeding.
If you still need more security, you should also be able to follow this suggestion to enable CAPTCHA on your user registration form:
https://drupal.stackexchange.com/questions/95979/add-captcha-to-registration-form
That should make it possible to reduce the number of spam submissions through your checkout system.
Related
I have a two sided marketplace website( WordPress) for rental properties and I was trying to use websites like MailChimp to segment the users and vendors and send different emails to both sides.
However, I can segment just a certain options and it doesn’t really work for marketplaces.
I’ve been advised that I have to create from scratch the emails corresponding to the certain group of users , because there is no email solutions for two sides marketplaces.
For example: an email send to user who is looking for house to rent, sent one day after with suitable properties.
Another example: user who submits listing with room for rent will receive an email 6 hrs later prompting them to consider to purchase the featured add options because of ect….
I’ve been told that these emails are transactional ( because they are triggered by an action in the website) and they need to be coded from scratch using PHP programming ( word press system).
Can you give me any advice on resources and examples of how it is done for the listings hive theme, and a link to developers that can do it
Thanks
I've tried to add more email templates for a certain actions in the website ( when user is registered it receives the welcome email)
I want to add another email 6 hours after the user is registered, but only one email can be sent for each action ( trigger).
Any advice on how to over ride this and be able to add more templates with more trigger functions.
How is going? Well, I'm facing a subscription spam problem in my Magento Store, but this post is not to find some solution, but so, to understand somethings.
Well, this is what I'm facing:
Question 1:
What is the objective of this?
Question 2:
How (probably) this thing are being made?
Question 3:
How they are able to subscribe using a Australia address, if Australia is not a allowed country in my store?
Question 4:
My subscription pages form inputs deny any non-latin character, how these subscriptions are being made anyway?
I'm deeply curious about this, thanks a lot in advance!
Question 1: What is the objective of this?
They use this subscription to receive emails and then navigate through your website.
Question 2: How (probably) this thing are being made?
There are a spam bots. They are so extended around Internet.
Question 3: How they are able to subscribe using a Australia address,
if Australia is not a allowed country in my store?
Because those bots are able to manipulate your front code and avoid the JS native validation from Magento.
Question 4: My subscription pages form inputs deny any non-latin
character, how these subscriptions are being made anyway?
As I told in 3, they can manipulate front code.
I suggest you to put a reCaptcha validation. I used the Google one. Putting this you will reduce a lot of this spam.
As an alternative you can add a backend validation when processing the form in the controller.
Kind Regards
spamming I guess your magento will send email confirmation to this people
bots
and 4. you need to check your access logs it will give you and idea what URL they are using.
so I need to ask a question, I need to setup a simple paypal express checkout system, that one can allow users to change currencies, and two can then update the page with the updated currencies.
Then I need a way for me to get the order information. As I will be selling website templates so I need a way for me to get their email address, so I can then email them with the link to the template file download.
So my question is what data do I get if I set up an express checkout system. And what code do I need, Do i need to create a database to get the returned data back from paypal? Or do I just get an email or can i see that when i log into my paypal account and check orders and see their details that way, but the main important detail i need is their email address?
Can I also say that this is the first time I have looked into express shopping carts. So I am a complete novice in this field, So I will struggle with the coding aspect. But I think it is the route I need to go down.
Also I want to make it all in php as well. But also I don't want to use ready made systems. I just need the back-end code so that I can then just implement it into my current design. Not sure if paypal give you the code when you click the express shopping cart option in All tool section. I did notice though it redirects to a page that lists many partner sites. I couldn't find anywhere for any implementation advice or tips or code.
EDIT: Also I know I will also need to use either IPN or PDT but the documentation I read is highly confusing and just is making me unsure if I can even set a system up. I also read that you should implement both systems, but I also read that that had a risk of doing the payment twice. So yeah i am kinda a bit unsure how to even go about implementing a system I need.
Thanks in advance.
Dear Stackoverflow Community,
I am an Online Marketer and I am facing a problem: People are not converting when visiting my page through a smartphone. My interpretation is: they are lazy, as I am too.
I am not too terrible deep into programming Wordpress, but I thought about something and seeking advise:
I want to to build a Opt-In Form, which uses Facebooks "Social Login"
to process the Lead.
I need to find a way to get the "E-Mail-Adress" through the Facebook open graph API.
I generated a lead with one simple click.
I guess Online Marketers are graving for a feature like this!
So my question is:
Do you think it is possible to build a Wordpress Opt-In Form which uses Social Login (Facebook, Google) to receive E-Mail-Adresses from my users?
Maybe someone has some experience with this.
Best wishes
Dennis
I don't think there is a way to capture user's email address from facebook without permission of that user. However, there are a number of plugins that show popups and widgets to get users to subscribe to your newsletter etc.
https://wordpress.org/plugins/optin-forms/screenshots/
Also, if your content is good and if you create a catchy Call to Action, then it's possible to get more people to subscribe to your blog.
Isn't the process of opting into a subscription more involved than simply entering a name and email? Personally, I will ignore an optin form that requires me to do a social login.
Using a regular WordPress opt-in form plugin would suffice.
By the way, do you have any data that shows conversion is low because social login isn't present?
recently I helped some friends ship an invite system in their website that works like this: A user creates an account, we send a verification email and when he verifies the e-mail he gets one free credit to spend on the website. In addition to that, he has personalized links he can share on social networks or via e-mail and when people register using this link (e-mail verified accounts again) he gets one credit per invite. Much like the invite system on thefancy.com or any other reward driven invite system on the web.
Lately we see elevated rates of fake user account which probably are automated. The registration page features a CAPTCHA but we're aware this can be bypassed. We also see elevated rates of users creating disposable email addresses to create accounts following specific invite links thus crediting one legit users that onwards uses the free credits he earns.
I am looking for an automated way to prevent such kind of abuse. I currently investigating putting rate limits on invites/registrations that come from the same ip address but this system itself has it own flaws.
Any other production tested ideas?
Thank you
Edit:
I've also proposed 2 factor registration via SMS but was turned down due to budget shortage.
It seems you need to require more than just a verified email address before a user can send invites, ideally something that shows the user has participated in your site in some way. Without knowing what your site is it's hard to give specifics, but the StackOverflow equivalent would be requiring users to have at least X reputation before they can invite others. If you're running a forum you could require that they've made at least X posts.
I'd also suggest a small time limit before new accounts can invite - e.g. they have to have been a member for at least X days. This complicates automated invites somewhat.
An extremely simple method that I have used before is to have an additional input in the registration form that is hidden using CSS (i.e. has display:none). Most form bots will fill this field in whereas humans will not (because it is not visible). In your server-side code you can then just reject any POST with the input populated.
Simple, but I've found it to be very effective!
A few ideas:
Ban use of emails like 'mailinator'.
Place a delay on the referral reward, allowing you to extend fraud detection time period, giving you more time to detect bogus accounts and respond accordingly.
Require the referred user to create a revenue generating transaction before you give out any referral rewards (I know that might not be a shift you can make) - possibly in turn increasing the reward to account for the inconvenience to the referrer (you should be saving money through decreased fraud so not a hard sell).
Machine learning. Ongoing observations and tuning with your fraud detection. The more data you have the better you will be able to identify these cases. (IP addresses as you mention.) Shipping / billing info even more telling if it applies - beware adjacent PO boxes.
Add a CAPTCHA test to the confirmation page. I would be wondering if your CAPTCHA is sturdy enough if it is getting bypassed somehow. You might consider using the (hateful) reCaptcha which seems popular. A CAPTCHA on the confirmation page would reduce the risk that a 'bot is submitting the confirmation page. In other words, it would implement the idea of client interaction with the site after registration. A similar method would be to ask for the registrant's password.