Anti Hacker Login (security) for osComme

for osCommerce Online Merchant v2.2

Spammers, robots, harvesters and other vermin are becoming more of a problem on the Web. For osC, there are several contributions that want to eliminate sending spam from HTML input forms, for example. For this purpose, the contributions 'Visual Verify Code (VVC) security', 'AntiRobotRegistrationValidation-3.2', 'anti_spambot_contact_us', 'Human confirmation V2.0' and 'Sam's_anti-hacker_account_mods_V1.6' use captchas. This is a state of the art technology that accomplishes this mission quite reliable. The disadvantage of visual verification is, that customers with visual impairments are kept out of the online store. The entire customer group of visually impaired and blind people can not buy in shops that use captchas. By adding one of the contributions above, the osC HTML input forms are protected against spam. But none of the contributions currently protects existing customer accounts from being hacked and prevents the misuse of customer data. I offer a different solution to both of these problems. 1. My contribution 'httpbl4osc' works with an IP-blacklist of the 'Project Honeypot' and keeps spammers, robots and harvesters away from osC HTML input forms. A visual verification is not necessary, customers will not notice the IP check. 2. The contribution 'Anti Hacker Login' offered here, protects existing customer accounts against hacker attacks. No visual verification is used, as well. The login function is temporarily blocked when an incorrect password is entered several times. The blocking time is extended by another false input. This prevents a large number of automated trial and error attacks of login name - password combinations. The Contribution 'Anti Hacker Login' can be installed independently from my contribution 'httpbl4osc'. The combination with the contributions above, using visual verification is also possible, but not tested now. Detailed installation instructions are included (quick and easy to do).