kittycat01 Posted August 17, 2011 Share Posted August 17, 2011 Hi there, Can anyone please give me any tips as to what to do? There seems to be some sort of spambot online since yesterday, creating multiple customer accounts, using similar names, but say, about 20-30 of each name... it's still going on despite me deleting the multiple accounts. I have the IP address, it's 61.152.188.195. I am guessing I'll need a captcha on my sign-up page, but does anyone have any other ideas, and does anyone know if this is a danger to my site, other than being an annoyance. Thanks in advance, Kitty Link to comment Share on other sites More sharing options...
♥kymation Posted August 17, 2011 Share Posted August 17, 2011 Looks like a forum spammer from China. Block the IP in your .htaccess if it's causing that many problems. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
Taipo Posted August 17, 2011 Share Posted August 17, 2011 If you do not already have it installed, try the very latest version of osC_Sec addon. I have added an optional feature called osCSpamTrap which is designed specifically to deal with mass registration type attacks without having to put your site registrants through the hassle of captcha. Although it is not enabled on install, in the readme.htm there are instructions for how to activate it. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
leegend Posted September 16, 2011 Share Posted September 16, 2011 Is there any indication of why this would happen? I can't see great benefit to scammers in creating a couple of hundred accounts considering I can't see other database activity (like scam orders for instance) Link to comment Share on other sites More sharing options...
germ Posted September 16, 2011 Share Posted September 16, 2011 If they create accounts they can use the "Tell a friend" feature to spam everyone and their brother... If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
leegend Posted September 21, 2011 Share Posted September 21, 2011 If they create accounts they can use the "Tell a friend" feature to spam everyone and their brother... So disable tell a friend? Or is there more to do to prevent this type of activity? I've installed osc_sec Link to comment Share on other sites More sharing options...
germ Posted September 21, 2011 Share Posted September 21, 2011 On the site I manage I added an "anti robot" question to the create account page. If they can't register they can't spam anyone. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
leegend Posted September 21, 2011 Share Posted September 21, 2011 On the site I manage I added an "anti robot" question to the create account page. If they can't register they can't spam anyone. Sigh. Thanks for the feedback. Link to comment Share on other sites More sharing options...
MrPhil Posted September 24, 2011 Share Posted September 24, 2011 Forums face these problems all the time (members signing up merely to spam with nonsense posts). Look at various forum discussion sites (e.g., simplemachines.org/community/ ) for the code and mods used to make it hard for spambots to sign up. These include CAPTCHAs and "are you human?" questions for the registrants. That would be a good start, rather than spending time trying to invent your own. Note that spammers are frequently employing farms of humans just to do the signups and solve the puzzles/questions, so some of these methods are becoming less effective. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.