search

magento-hackathon / HoneySpam

Spam protection module for customer registration, product review form and contact form.
Open Software License 3.0
102 stars 36 forks source link

Not send 404 as response status #42

Closed TKlement closed 6 years ago

TKlement commented 6 years ago

We are integrating your extension and so far everything works fine. Thank you for that extension.

But I wonder why you always throw an exception when the honeypot check fails. Ok we are fighting bots, but what happens if the bot "creator" is waiting for an response status code?

Schrank commented 6 years ago

I'm not sure I understand.

What is the alternative? Just close the connection? Send 200?

TKlement commented 6 years ago

It's just a suggestion. Yes, send a 200 status code but only as fake answer for the bot.

Hm...ok but that won't reduce the incoming traffic. Ok, sorry never mind. I just thought if I was the bot creator I would like to know if my attempts are successful before I fire 10.000 fake customers against that shop.

TKlement commented 6 years ago

Maybe I'm also not sure what should happen when a bot filled the honeypot. In my shop the "prepareForward" redirects me to "customer/account/createpost" instead of "honeyspam/error/index" and that results in an 404 page.

TKlement commented 6 years ago

Found the problem. We had strange rewrites so that a 404 nearly never showed up. Ok, now I've changed the prepareForward to a redirect and everything is fine.

    /**
     * validate honeypot field
     * @param Varien_Event_Observer $observer
     */
    protected function _checkHoneypot($observer)
    {
        /* @var $helper Hackathon_HoneySpam_Helper_Data */
        $helper = Mage::helper('hackathon_honeyspam');
        if (strlen(Mage::app()->getRequest()->getParam($helper->getHoneypotName()))) {
            Mage::log('Honeypot Input filled. Aborted.',Zend_Log::WARN);

            $controller = $observer->getControllerAction();
            $controller->getRequest()->setDispatched(false);
            $controller->setFlag(
                '',
                Mage_Core_Controller_Front_Action::FLAG_NO_DISPATCH,
                true
            );

            $url = Mage::getUrl('honeyspam/error/index');
            Mage::app()->getFrontController()->getResponse()->setRedirect($url);
        }
    }
Schrank commented 6 years ago

@TKlement Do we need to fix something? I can't follow your thinking :)

TKlement commented 6 years ago

There is nothing more to do. Thank you. I guess I ran into the same problem like the issue #21. So I fixed it with above code and now everything is working.