Difference between revisions of "X-Cart:Image Verification"

From X-Cart 4 Classic
Jump to: navigation, search
(What Image Verification module does)
m
 
(6 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
The problem of automated form filling and submission is caused by spam robots (spambots) - software programs that impersonate human beings and imitate their online activities for various malicious purposes. In an X-Cart based store not using <u>Image Verification</u> module, spambots are likely to attempt to take advantage of the following forms:
 
The problem of automated form filling and submission is caused by spam robots (spambots) - software programs that impersonate human beings and imitate their online activities for various malicious purposes. In an X-Cart based store not using <u>Image Verification</u> module, spambots are likely to attempt to take advantage of the following forms:
  
* '<u>Profile details</u>' form (customer registration page);
+
* 'Profile details' form (customer registration page);
* '<u>Authentication</u>' form (any pages from which existing customers can log in);
+
* 'Authentication' form (any pages from which existing customers can log in);
* '<u>Send to friend</u>' form (product details page);
+
* 'Send to friend' form (product details page);
* '<u>Customer reviews</u>' form (product details page);
+
* 'Customer reviews' form (product details page);
* '<u>Contact us</u>' form (one of the help pages available through X-Cart's '<u>Help</u>' menu);
+
* 'Contact us' form (one of the help pages available through X-Cart's '<u>Help</u>' menu);
* '<u>Subscribe to newslists</u>' form (news subscription page for anonymous customers);
+
* 'Subscribe to newslists' form (news subscription page for anonymous customers);
* <u>'Survey forms'</u> (any pages on which surveys can be completed/submitted).
+
* Survey forms (any pages on which surveys can be completed/submitted);
 
+
* 'Password recovery' forms ('Forgot password?' pages);
The damage induced by automated submissions of the above forms by spambots may vary from insignificant to serious, but, in the most general case, is likely to include automated registrations of customer accounts (up to thousands of accounts every minute), dictionary/brute force attacks aiming to defeat the store's password system by continuously submitting to it various words/combinations of characters making the server iterate through the entire space of passwords, sending spam messages to the email addresses of the store owner/company ('<u>Contact us</u>' form) and email addresses of other Internet users ('<u>Send to friend</u>' form), distortion of survey statistics and posting annoying messages as product reviews.
+
* 'Ask a question about this product' form (product details page).
 +
The damage induced by automated submissions of the above forms by spambots may vary from insignificant to serious, but, in the most general case, is likely to include automated registrations of customer accounts (up to thousands of accounts every minute), dictionary/brute force attacks aiming to defeat the store's password system by continuously submitting to it various words/combinations of characters making the server iterate through the entire space of passwords, sending spam messages to the email addresses of the store owner/company ('Contact us' form) and email addresses of other Internet users ('Send to friend' form), distortion of survey statistics and posting annoying messages as product reviews.
  
 
<u>Image Verification</u> module generates tests that allow X-Cart system to determine whether it is dealing with a human or with a program pretending to be human (a spambot). Tests are designed in such a way that they can be easily passed by most humans, but cannot be passed by current computer programs. A test is pretty simple: the user is required to type a sequence of characters (letters, digits or both) that is displayed to him or her as an obscured, distorted image on the screen:
 
<u>Image Verification</u> module generates tests that allow X-Cart system to determine whether it is dealing with a human or with a program pretending to be human (a spambot). Tests are designed in such a way that they can be easily passed by most humans, but cannot be passed by current computer programs. A test is pretty simple: the user is required to type a sequence of characters (letters, digits or both) that is displayed to him or her as an obscured, distorted image on the screen:
Line 29: Line 30:
 
== Roles in Image Verification module management ==
 
== Roles in Image Verification module management ==
  
If you are an X-Cart GOLD administrator/provider or an X-Cart PRO administrator:
+
If you are an X-Cart GOLD or GOLD PLUS administrator/provider or an X-Cart PLATINUM or PRO administrator:
  
* You can enable/disable the module <u>Image Verification</u> and adjust its configuration settings (See [[#Enabling and Configuring 'Image Verification']]).
+
* You can enable/disable the module <u>Image Verification</u> and adjust its configuration settings.
  
==Enabling and Configuring 'Image Verification'==
+
==Enabling the Image Verification module==
 +
 
 +
<u>Image Verification</u> is available as a built-in module in all X-Cart editions. It does not require installation and can be enabled in the <u>Modules</u> section of X-Cart Admin area.
  
 
X-Cart's '<u>Image Verification</u>' module requires GDLib (GD extension for PHP). Before enabling the module, please ensure that GDLib is installed and properly configured on your system.
 
X-Cart's '<u>Image Verification</u>' module requires GDLib (GD extension for PHP). Before enabling the module, please ensure that GDLib is installed and properly configured on your system.
  
To begin using the module enable <u>Image Verification</u> module (<u>Administration menu->Modules</u>). When the module is enabled, a section titled <u>Image Verification options</u> is added to <u>General settings/Modules options</u>.
+
To enable the module, follow these steps:
 
+
# In Admin area, go to the Modules section (Settings menu->Modules).
Adjust the module settings via <u>General settings/Modules options->Image Verification options</u>.
+
# Locate the entry for 'Image Verification' module.<br />{{Note1|'''Note''': In X-Cart versions 4.6 and later, the Image Verification module would be found on the 'Built-in and installed modules' tab under the 'Security' tag.}}
 
+
# ''X-Cart versions 4.6 and later:'' Select the '''Enable''' check box to the left of the module name.<br />''X-Cart versions prior to 4.6:'' Select the check box to the left of the module name and click the '''Apply changes''' button.<br />The module will be activated.<br />
: [[Image:imgverif_opts.gif|488px]]
 
 
 
1. Adjust the options affecting the module in general ('<u>Image generator options</u>' subsection):
 
 
 
* <u>Image generator</u>: Select the type of image generator that you wish to use. At present, the only available option is the default generator.
 
* <u>Type of string that should be used for the image</u>: Select the type of characters that should be displayed in the image (Numbers only, Letters only, Numbers and letters).
 
  
{{Note|Please be aware that image verification tests using letters are case-sensitive. If a distorted image displayed on the screen includes any letters, the user needs to enter them in the appropriate case. If you think that might represent a difficulty for your customers, disable use of letters for your image verification tests.}}
+
==Configuring the Image Verification module==
 +
After the Image Verification module has been enabled in your store, you should check and adjust its configuration:
 +
# In the Modules section (Settings menu->Modules), click the <u>Configure</u> link opposite the module name ('Image Verification').<br />The module configuration page (titled by the name of the module) opens.<br />[[File:Img_verification.png|border]]
 +
# Adjust the settings on the module configuration page. Detailed information regarding the [[#ImageVerificationConfigurationSettings | Image Verification module configuration settings]] is available below.
 +
# Click the '''Apply changes''' button to save the changes.
  
* <u>Length of string</u>: Specify the number of characters that should be displayed in the image.
+
<div id="ImageVerificationConfigurationSettings"> </div>
* <u>The code must be case sensitive</u>: Select the check box if you wish the code to be case-sensitive.
+
===Image Verification module configuration settings===
 
+
Here is an explanation of the Image Verification module configuration settings:
2. Specify, what forms should be protected by image verification. To do so, select the check box opposite the name of each location in which you wish the protecting image to be displayed ('<u>Where to display</u>' subsection):
+
# '''Image generator options''' section:
 
+
#* <u>Image generator</u>: At present, the only available option is the default generator.
* <u>On Registration page</u>: Select this to prevent automated registrations of new customer accounts.
+
#* <u>Type of string that should be used for the image</u>: The type of characters that you wish to be displayed in the image (Numbers only, Letters only, Numbers and letters).<br />{{Note|Please be aware that image verification tests using letters are case-sensitive. If a distorted image displayed on the screen includes any letters, the user needs to enter them in the appropriate case. If you think that might represent a difficulty for your customers, disable use of letters for your image verification tests.}}
* <u>On pages with an authentication form (after 3 unsuccessful attempts to log in)</u>: Select this to prevent multiple log-in attempts by spambots trying to fit passwords to customer accounts. When this option is enabled, the protecting image appears in the form only after a user makes three unsuccessful attempts to sign in.
+
#* <u>Length of string</u>: The number of characters that should be displayed in the image.
* <u>On Contact us page</u>: Select this to prevent spam being sent through the '<u>Contact us</u>' help section of your store.
+
#* <u>The code must be case sensitive</u>: Select the check box if you wish the code to be case-sensitive.
* <u>On Send to friend page</u>: Select this to prevent spam being sent through the '<u>Send to friend</u>' section of the product details page.
+
# '''Where to display''' section (Here you can specify what forms should be protected by image verification):
* <u>On customer reviews page</u>: Select this to prevent automated postings of reviews.
+
#* <u>On Registration page</u>: Select this to prevent automated registrations of new customer accounts.
* <u>On survey page</u>: Select this to prevent automated submissions of survey forms aiming to distort survey results.
+
#* <u>On pages with an authentication form (after 3 unsuccessful attempts to log in)</u>: Select this to prevent multiple log-in attempts by spambots trying to fit passwords to customer accounts. When this option is enabled, the protecting image appears in the form only after a user makes three unsuccessful attempts to sign in.
* <u>On news subscription page</u>: Select this to prevent automated subscriptions of emails to your store's news.
+
#* <u>On Contact us page</u>: Select this to prevent spam being sent through the '<u>Contact us</u>' help section of your store.
 
+
#* <u>On Send to friend page</u>: Select this to prevent spam being sent through the '<u>Send to friend</u>' section of the product details page.
3. Click the '''Save''' button to save the changes.
+
#* <u>On customer reviews page</u>: Select this to prevent automated postings of reviews.
 +
#* <u>On ask about product form</u>: Select this to prevent automated submission of messages through the '<u>Ask a question about this product</u>' form on the product details page.
 +
#* <u>On survey page</u>: Select this to prevent automated submissions of survey forms aiming to distort survey results.
 +
#* <u>On news subscription page</u>: Select this to prevent automated subscriptions of emails to your store's news.
 +
#* <u>On password recovery page</u>: (This option is available in X-Cart versions 4.5.5 and later.) Select this to prevent automated submissions of password reset requests via the form on the password recovery page.
  
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart user manual]]
Line 69: Line 74:
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart modules]]
 
[[Category:X-Cart modules]]
 
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart modules]]
 
[[Category:X-Cart modules]]
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart modules]]
 
[[Category:X-Cart modules]]

Latest revision as of 21:03, 26 June 2013

What Image Verification module does

X-Cart's Image Verification module is a solution designed to prevent your store's forms from being automatically filled and submitted. Such solutions are also commonly known as CAPTCHA.

The problem of automated form filling and submission is caused by spam robots (spambots) - software programs that impersonate human beings and imitate their online activities for various malicious purposes. In an X-Cart based store not using Image Verification module, spambots are likely to attempt to take advantage of the following forms:

  • 'Profile details' form (customer registration page);
  • 'Authentication' form (any pages from which existing customers can log in);
  • 'Send to friend' form (product details page);
  • 'Customer reviews' form (product details page);
  • 'Contact us' form (one of the help pages available through X-Cart's 'Help' menu);
  • 'Subscribe to newslists' form (news subscription page for anonymous customers);
  • Survey forms (any pages on which surveys can be completed/submitted);
  • 'Password recovery' forms ('Forgot password?' pages);
  • 'Ask a question about this product' form (product details page).

The damage induced by automated submissions of the above forms by spambots may vary from insignificant to serious, but, in the most general case, is likely to include automated registrations of customer accounts (up to thousands of accounts every minute), dictionary/brute force attacks aiming to defeat the store's password system by continuously submitting to it various words/combinations of characters making the server iterate through the entire space of passwords, sending spam messages to the email addresses of the store owner/company ('Contact us' form) and email addresses of other Internet users ('Send to friend' form), distortion of survey statistics and posting annoying messages as product reviews.

Image Verification module generates tests that allow X-Cart system to determine whether it is dealing with a human or with a program pretending to be human (a spambot). Tests are designed in such a way that they can be easily passed by most humans, but cannot be passed by current computer programs. A test is pretty simple: the user is required to type a sequence of characters (letters, digits or both) that is displayed to him or her as an obscured, distorted image on the screen:


Imgverif.gif


While the disguised code cannot be read by a computer program, it is easily read by a human. As a result, only human beings are allowed to submit forms.

It should be said that, although most code strings can be read by humans without problems, as a result of image distortion, certain combinations of characters may be poorly legible. You should not worry about that, as there is a link 'Get a different code' displayed below each distorted image, which allows the user to choose a different image at any time he or she wishes to do so.

The module is rather flexible in that you can adjust the type of characters (letters, digits or both) and the length of string that may appear in images protecting the store forms. It is also possible to choose, which of the forms that can be protected by image verification should actually be protected (all the forms or just some of the forms).

Roles in Image Verification module management

If you are an X-Cart GOLD or GOLD PLUS administrator/provider or an X-Cart PLATINUM or PRO administrator:

  • You can enable/disable the module Image Verification and adjust its configuration settings.

Enabling the Image Verification module

Image Verification is available as a built-in module in all X-Cart editions. It does not require installation and can be enabled in the Modules section of X-Cart Admin area.

X-Cart's 'Image Verification' module requires GDLib (GD extension for PHP). Before enabling the module, please ensure that GDLib is installed and properly configured on your system.

To enable the module, follow these steps:

  1. In Admin area, go to the Modules section (Settings menu->Modules).
  2. Locate the entry for 'Image Verification' module.
    Note: In X-Cart versions 4.6 and later, the Image Verification module would be found on the 'Built-in and installed modules' tab under the 'Security' tag.
  3. X-Cart versions 4.6 and later: Select the Enable check box to the left of the module name.
    X-Cart versions prior to 4.6: Select the check box to the left of the module name and click the Apply changes button.
    The module will be activated.

Configuring the Image Verification module

After the Image Verification module has been enabled in your store, you should check and adjust its configuration:

  1. In the Modules section (Settings menu->Modules), click the Configure link opposite the module name ('Image Verification').
    The module configuration page (titled by the name of the module) opens.
    Img verification.png
  2. Adjust the settings on the module configuration page. Detailed information regarding the Image Verification module configuration settings is available below.
  3. Click the Apply changes button to save the changes.

Image Verification module configuration settings

Here is an explanation of the Image Verification module configuration settings:

  1. Image generator options section:
    • Image generator: At present, the only available option is the default generator.
    • Type of string that should be used for the image: The type of characters that you wish to be displayed in the image (Numbers only, Letters only, Numbers and letters).
      Note: Please be aware that image verification tests using letters are case-sensitive. If a distorted image displayed on the screen includes any letters, the user needs to enter them in the appropriate case. If you think that might represent a difficulty for your customers, disable use of letters for your image verification tests.
    • Length of string: The number of characters that should be displayed in the image.
    • The code must be case sensitive: Select the check box if you wish the code to be case-sensitive.
  2. Where to display section (Here you can specify what forms should be protected by image verification):
    • On Registration page: Select this to prevent automated registrations of new customer accounts.
    • On pages with an authentication form (after 3 unsuccessful attempts to log in): Select this to prevent multiple log-in attempts by spambots trying to fit passwords to customer accounts. When this option is enabled, the protecting image appears in the form only after a user makes three unsuccessful attempts to sign in.
    • On Contact us page: Select this to prevent spam being sent through the 'Contact us' help section of your store.
    • On Send to friend page: Select this to prevent spam being sent through the 'Send to friend' section of the product details page.
    • On customer reviews page: Select this to prevent automated postings of reviews.
    • On ask about product form: Select this to prevent automated submission of messages through the 'Ask a question about this product' form on the product details page.
    • On survey page: Select this to prevent automated submissions of survey forms aiming to distort survey results.
    • On news subscription page: Select this to prevent automated subscriptions of emails to your store's news.
    • On password recovery page: (This option is available in X-Cart versions 4.5.5 and later.) Select this to prevent automated submissions of password reset requests via the form on the password recovery page.