X-Cart:Image Verification

From X-Cart 4 Classic
Revision as of 16:35, 28 January 2010 by Admin (talk | contribs) (What Image Verification module does)
Jump to: navigation, search

What Image Verification module does

X-Cart's Image Verification module is a solution designed to prevent automated form submissions in your store. The problem of automated submissions is caused by spam robots (spambots) - software programs that impersonate human beings and imitate their online activities for various malicious purposes. In an X-Cart based store not using Image Verification module, spambots are likely to attempt to take advantage of the following forms:

  • 'Profile details' form (customer registration page);
  • 'Authentication' form (any pages from which existing customers can log in);
  • 'Send to friend' form (product details page);
  • 'Customer reviews' form (product details page);
  • 'Contact us' form (one of the help pages available through X-Cart's 'Help' menu);
  • 'Subscribe to newslists' form (news subscription page for anonymous customers);
  • 'Survey forms' (any pages on which surveys can be completed/submitted).

The damage induced by automated submissions of the above forms by spambots may vary from insignificant to serious, but, in the most general case, is likely to include automated registrations of customer accounts (up to thousands of accounts every minute), dictionary/brute force attacks aiming to defeat the store's password system by continuously submitting to it various words/combinations of characters making the server iterate through the entire space of passwords, sending spam messages to the email addresses of the store owner/company ('Contact us' form) and email addresses of other Internet users ('Send to friend' form), distortion of survey statistics and posting annoying messages as product reviews.

Image Verification module generates tests that allow X-Cart system to determine whether it is dealing with a human or with a program pretending to be human (a spambot). Tests are designed in such a way that they can be easily passed by most humans, but cannot be passed by current computer programs. A test is pretty simple: the user is required to type a sequence of characters (letters, digits or both) that is displayed to him or her as an obscured, distorted image on the screen:


Imgverif.gif


While the disguised code cannot be read by a computer program, it is easily read by a human. As a result, only human beings are allowed to submit forms.

It should be said that, although most code strings can be read by humans without problems, as a result of image distortion, certain combinations of characters may be poorly legible. You should not worry about that, as there is a link 'Get a different code' displayed below each distorted image, which allows the user to choose a different image at any time he or she wishes to do so.

The module is rather flexible in that you can adjust the type of characters (letters, digits or both) and the length of string that may appear in images protecting the store forms. It is also possible to choose, which of the forms that can be protected by image verification should actually be protected (all the forms or just some of the forms).

Roles in Image Verification module management

If you are an X-Cart GOLD administrator/provider or an X-Cart PRO administrator:

  • You can enable/disable the module Image Verification and adjust its configuration settings (See [#Enabling and Configuring 'Image Verification']).

Enabling and Configuring 'Image Verification'

X-Cart's 'Image Verification' module requires GDLib (GD extension for PHP). Before enabling the module, please ensure that GDLib is installed and properly configured on your system.

To begin using the module enable Image Verification module (Administration menu->Modules). When the module is enabled, a section titled Image Verification options is added to General settings/Modules options.

Adjust the module settings via General settings/Modules options->Image Verification options.

Imgverif opts.gif

1. Adjust the options affecting the module in general ('Image generator options' subsection):

  • Image generator: Select the type of image generator that you wish to use. At present, the only available option is the default generator.
  • Type of string that should be used for the image: Select the type of characters that should be displayed in the image (Numbers only, Letters only, Numbers and letters).
Note: Please be aware that image verification tests using letters are case-sensitive. If a distorted image displayed on the screen includes any letters, the user needs to enter them in the appropriate case. If you think that might represent a difficulty for your customers, disable use of letters for your image verification tests.
  • Length of string: Specify the number of characters that should be displayed in the image.
  • The code must be case sensitive: Select the check box if you wish the code to be case-sensitive.

2. Specify, what forms should be protected by image verification. To do so, select the check box opposite the name of each location in which you wish the protecting image to be displayed ('Where to display' subsection):

  • On Registration page: Select this to prevent automated registrations of new customer accounts.
  • On pages with an authentication form (after 3 unsuccessful attempts to log in): Select this to prevent multiple log-in attempts by spambots trying to fit passwords to customer accounts. When this option is enabled, the protecting image appears in the form only after a user makes three unsuccessful attempts to sign in.
  • On Contact us page: Select this to prevent spam being sent through the 'Contact us' help section of your store.
  • On Send to friend page: Select this to prevent spam being sent through the 'Send to friend' section of the product details page.
  • On customer reviews page: Select this to prevent automated postings of reviews.
  • On survey page: Select this to prevent automated submissions of survey forms aiming to distort survey results.
  • On news subscription page: Select this to prevent automated subscriptions of emails to your store's news.

3. Click the Save button to save the changes.