ocularmagic Posted November 18, 2002 Share Posted November 18, 2002 Over the past couple of days our shop got a couple of accounts that had xxxxxx for the name, address, etc. or just some random characters like djflsjdflkj. My question is, why would someone do this? What is the point in creating these accounts on live shops? Or placing fake orders for that matter? Why not just e-mail the shop owner and ask questions. If anyone out there creates fake accounts on live osC shops, can you please explain to me the reasoning behind it? Thanks. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1???? Link to comment Share on other sites More sharing options...
burt Posted November 18, 2002 Share Posted November 18, 2002 We also get 3 or 4 fake signups a day...I'm going to implement some better (check DNS and MX) email address validation for signups and see if that helps to stop it... If it does I'll contribute it. Link to comment Share on other sites More sharing options...
Guest Posted November 18, 2002 Share Posted November 18, 2002 We also get 3 or 4 fake signups a day...I'm going to implement some better (check DNS and MX) email address validation for signups and see if that helps to stop it... Theres already a DNS check made in osCommerce. Enable it in the Administration Tool: http://www.oscommerce.com/osCommerce/admin...=96&action=edit Link to comment Share on other sites More sharing options...
ocularmagic Posted November 18, 2002 Author Share Posted November 18, 2002 Thanks, I would appreciate it. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1???? Link to comment Share on other sites More sharing options...
mattice Posted November 18, 2002 Share Posted November 18, 2002 IMHO It can be two things... either an osCommerce user that wants to see your checkout procedure (I've ocassionally done that but I with my own name and e-mail and stating something like 'JUST TESTING') or it is a competitor checking things out / trying to annoy you. On the other hand he could then more easily create a nice little script that does about 500 account creations in a batch... Can be someone/ scriptkiddie looking for a cgi-door as well... Check your webservers logfiles for url manipulation attempts (?blabla=duhdoh) and cgi-bin scans, that might be it. See it on non-osc shops as well, daily. (check DNS and MX) email address validation for signups and see if that helps to stop it... That will not work. If I punch in info@some_big_site.com it will pass your test. HTH Mattice "Politics is the art of preventing people from taking part in affairs which properly concern them" Link to comment Share on other sites More sharing options...
burt Posted November 18, 2002 Share Posted November 18, 2002 Theres already a DNS check made in osCommerce. Enable it in the Administration Tool Well there we are. Here is me using/coding Osc stuff for over 6 months and I never knew that existed. Excellent and Kudos to the Osc team! :) 8) Link to comment Share on other sites More sharing options...
burt Posted November 18, 2002 Share Posted November 18, 2002 (check DNS and MX) email address validation for signups and see if that helps to stop it... That will not work. If I punch in info@some_big_site.com it will pass your test. All the fake ones are always something like [email protected] so it would work well for me. But see as above DNS checking already exists :) Link to comment Share on other sites More sharing options...
Harald Ponce de Leon Posted November 18, 2002 Share Posted November 18, 2002 I've made this topic "sticky" to generate a good discussion :) If anything on my side can be done to minimize this then please post suggestions as I've had to unfortunately remove some shops from the list due to this very issue. , osCommerce Link to comment Share on other sites More sharing options...
Ian Posted November 18, 2002 Share Posted November 18, 2002 Guilty your Honor. I sometimes delve into the live shops and run thru their whole system, just to see what they are doing. Unlike mattice I do not use a real name/email address. I've been stung buy UCE in the past because of this. If people made their privacy policy a little clearer and abided by it, things would be much better. (This is not a pop at oscommerce sites, but e-commerce sites in general) Trust me, I'm an Accountant. Link to comment Share on other sites More sharing options...
ocularmagic Posted November 18, 2002 Author Share Posted November 18, 2002 For me it's really more of an annoyance than anything. I mean it takes two seconds to go to the admin and delete the account, but my feeling is that if you are going to go through someones whole shop and want to see what they are doing, a heads up would be nice. Which would take a few seconds also. The fact that Ian does it let's me know that there is a legitimate reason that people would really want to see what's going on. Ian, can you elaborate on what you are really looking at when you say just to see what they are doing Are you just looking at the mods they made, style changes, etc.? Thanks. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1???? Link to comment Share on other sites More sharing options...
Ajeh Posted November 18, 2002 Share Posted November 18, 2002 I kinda wish folks would put in their real names when testing out some of my code or my site features so I know who or at least where in the world you are. It helps a lot in debugging when there is an issue. I make these contributions based on ideas I have or ideas I hear from the group and hope they save a considerable amount of time and money for people. But maintaining them, as I feel if I wrote it, it should work forever, that it would be nice to know who is actually getting things and if they are updating when I release a new version. I try to put a lot of contributions here and just have the large contributions or the ones that are in a constant state of change on my site. But I do appreciate hearing if it works for you, or if you need more/less features, etc. Besides, it's nice to know who is coming and going :shock: Link to comment Share on other sites More sharing options...
mattice Posted November 18, 2002 Share Posted November 18, 2002 We could have a test-account in the CVS version, have that login in the top frame whenever you visit live-shops. Then in osCommerce make a switch that kills TEST orders immediately if they are placed. I know it is silly but it might help some listed shopkeepers. OFF TOPIC NOTE: Ian, check out www.mailwasher.net (for Windows) Reduced my spam within 2 months to 30% of what it was by bouncing UCE / matching it across several black lists. Fantastic program. And it's free. "Politics is the art of preventing people from taking part in affairs which properly concern them" Link to comment Share on other sites More sharing options...
Ian Posted November 19, 2002 Share Posted November 19, 2002 James, How do you define a head up. If i checkout a site, and make sure I set the newsleter to not sign up, I do not expect to receive any emails/spam. James, from your other posts, I'm sure you would run an 'ethical' website. This can't be said of all live sites. I always used to sign up with full details, but after being burned I now sign up with something like [email protected] You are always going to get people just looking. The nature of the internet is that people will browse for no better reason than they want to browse. Why do I browse live sites, I'm a sad nerd. No really, Checking out live sites provides invaluable feedback as to what real life shops are doing to meet their needs. One of my roles as a member of the osCommerce team is to support the users. I can do this better if I have more understanding of how others have implemented their shops. Trust me, I'm an Accountant. Link to comment Share on other sites More sharing options...
sw45859 Posted November 19, 2002 Share Posted November 19, 2002 the only way i see to truly stop it is to have a code that tries to send an e-mail to the e-mail address, but then again you can just put in an e-mail and it might be a correct one but not belong to you, kinda impossible to stop i would guess. Link to comment Share on other sites More sharing options...
ocularmagic Posted November 19, 2002 Author Share Posted November 19, 2002 How do you define a head up. I would say an e-mail to the shop owner saying that you are going to be creating a temporary account with fake information just to see how the checkout and other things are implemented or handled would be good. But like you said, you may be digging your own spam grave by just sending that e-mail. I know some people that have their own web sites create an e-mail address called [email protected] and then just never check it, or have it automatically empty every couple of days. That's one solution I guess. James, from your other posts, I'm sure you would run an 'ethical' website. Yes, we don't sell any information, nor send out spam and mass e-mailings. I hate them as equally as much as pop-ups. Why do I browse live sites, I'm a sad nerd. At least I can say I'm part of a club now. :wink: No really, Checking out live sites provides invaluable feedback as to what real life shops are doing to meet their needs. One of my roles as a member of the osCommerce team is to support the users. I can do this better if I have more understanding of how others have implemented their shops. But if you're browsing as an unknown user, you may miss some of the things that certain customers get, that the retail customers don't. For example, we have modified our shop to only allows customers we choose to us P.O.'s. You obviously can't see it unless we allow it, so it would get passed over by someone just browsing around. Just something to think about. Thanks for you're input and I really value your opinion. I hope no one get's the feeling that I'm saying you're wrong, I'm right. I just want to hear the other side. Thanks for responding. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1???? Link to comment Share on other sites More sharing options...
tobz Posted November 19, 2002 Share Posted November 19, 2002 The only way you can get people to enter a correct e-mail address is to have the sign-up process automatically e-mail a password or validation code to the address they enter and then have a page where they either log-in using the password they receive or enter the code. I run a community-type portal based on phpNuke and use a system like this to stop random people who just want to post annoymous abuse from doing so. tobz osCommerce Links osCommerce Templates osCommerce UK <-- This site is for sale! Link to comment Share on other sites More sharing options...
Harald Ponce de Leon Posted November 19, 2002 Share Posted November 19, 2002 The only way you can get people to enter a correct e-mail address is to have the sign-up process automatically e-mail a password or validation code to the address they enter and then have a page where they either log-in using the password they receive or enter the code. I run a community-type portal based on phpNuke and use a system like this to stop random people who just want to post annoymous abuse from doing so. That might be fine for a community board, but it could mean loss of a sale if network congestion is the cause of a delayed email (which contains the user password). , osCommerce Link to comment Share on other sites More sharing options...
burt Posted November 19, 2002 Share Posted November 19, 2002 That might be fine for a community board, but it could mean loss of a sale if network congestion is the cause of a delayed email (which contains the user password). Definately. Osc mustn't go down the route of emailing a password in order to purchase items. I think that DNS checking is enough. Although, maybe also a "on/off" in Admin to accept (or deny) @hotmail and @yahoo addresses might be an idea? With a nice simple way to add in more @addresses to deny also ? Link to comment Share on other sites More sharing options...
mattice Posted November 19, 2002 Share Posted November 19, 2002 Although, maybe also a "on/off" in Admin to accept (or deny) @hotmail and @yahoo addresses might be an idea? With a nice simple way to add in more @addresses to deny also ? In my experience a LOT of people use the free hotmail-alike addresses for placing orders simply because they do not want to 'spoil' their paid address. I would never deny Hotmail accounts, it would cost way more customers then the benefit of not having a few fake orders. In all honesty I don't see what all the fuzz is about. You WILL have fake orders anyway, no matter what you do. As for limiting them: Wouldn't it be better to just have the newly created accounts e-mailed to the webmaster. He/she then immediately sees if it is a fake one and runs a simple db command by punching in the customer_id in the Admin... that in turn deletes the account and all orders placed for that account...? "Politics is the art of preventing people from taking part in affairs which properly concern them" Link to comment Share on other sites More sharing options...
ocularmagic Posted November 19, 2002 Author Share Posted November 19, 2002 Wouldn't it be better to just have the newly created accounts e-mailed to the webmaster. He/she then immediately sees if it is a fake one and runs a simple db command by punching in the customer_id in the Admin... that in turn deletes the account and all orders placed for that account...? Sounds good to me. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1???? Link to comment Share on other sites More sharing options...
burt Posted November 19, 2002 Share Posted November 19, 2002 I would never deny Hotmail accounts, it would cost way more customers then the benefit of not having a few fake orders.That rather depends upon your business. I would never sell to anyone who only has a yahoo or hotmail address...I would rather lose the sale than sell to a hotmail customer...Wouldn't it be better to just have the newly created accounts e-mailed to the webmaster. He/she then immediately sees if it is a fake one and runs a simple db command by punching in the customer_id in the Admin... that in turn deletes the account and all orders placed for that account...?Yes, but it is more work for the webmaster. Link to comment Share on other sites More sharing options...
mattice Posted November 19, 2002 Share Posted November 19, 2002 That rather depends upon your business. I would never sell to anyone who only has a yahoo or hotmail address...I would rather lose the sale than sell to a hotmail customer Serious? I really do not see why not if they provide a full name, address and valid creditcard number... How about all those people that are at work with only http access... I know loads of them that use Hotmail addresses just so they can e-mail/shop from their workspace. But I assume you have your reasons (or you really do not like Microsoft :D ) And as for checking those 'free-email' addresses: my estimate is there are about 3000 different 'free-mail' providers easily PER country TLD. There is no way you can rule them all out. Yes, but it is more work for the webmaster. You could optionally use a .forward script that updates the database whenever you reply the mail. Doesn't seem like too much hassle to me. People that can not use that trick will still have to do it manually though. Mattice "Politics is the art of preventing people from taking part in affairs which properly concern them" Link to comment Share on other sites More sharing options...
jon_l Posted November 19, 2002 Share Posted November 19, 2002 Do the fake accounts actually cause anyone any problems? We get them and I just clear them out as necessary. The ones we get are just from customers who want to go on our mailing list but not give their address (until they place an order). Maybe by adding a mailing list option we could resolve some of the problem? All we would need is an email address, and store it in a new table. It might resolve a lot of the problem. Jon. Link to comment Share on other sites More sharing options...
hobbzilla Posted November 19, 2002 Share Posted November 19, 2002 Do the fake accounts actually cause anyone any problems? Yes. Invalid customer data... Causes me to not sleep at night... Which in turn leads me to the refrigerator... FACT: Ben&Jerry's Chunky Monkey is delicious... FACT: 1 pint has 240mg of cholesterol... My arteries get clogged... I suffer a heart-attack... I die. Is that problem enough for ya' ?? Personally, this is a fact of e-commerce life. Not only fake/bad info but also my biggest peeve in the entire galaxy: Duplicate Customer Data. ohh.. just hearing those words sends a shiver down my spine. You shouldn't get fake orders if you only allow authorized payment methods (paypal, cc#, etc.) If you use address verification on your cc processing it will stop fake orders in their tracks.. I believe paypal sends you their shipping address (not sure.. don't use it - yet). Link to comment Share on other sites More sharing options...
ocularmagic Posted November 19, 2002 Author Share Posted November 19, 2002 Do the fake accounts actually cause anyone any problems? I don't think they cause any major problems, unless the user is trying to be malicious. I just wanted to hear some justifications on why someone would do it. The ones we get are just from customers who want to go on our mailing list but not give their address (until they place an order). Well, I wouldn't consider that a fake account. That's a legitimate account that just hasn't ordered anything. I consider a fake account as one that has no legitimate information at all. If every member of this board donated $1 to the dev team, that would be over $11,000.00. Don't you think this cart is worth at least a $1???? Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.