Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Flood of spam customers


kittycat01

Recommended Posts

Hi there,

 

Can anyone please give me any tips as to what to do? There seems to be some sort of spambot online since yesterday, creating multiple customer accounts, using similar names, but say, about 20-30 of each name... it's still going on despite me deleting the multiple accounts. I have the IP address, it's 61.152.188.195.

 

I am guessing I'll need a captcha on my sign-up page, but does anyone have any other ideas, and does anyone know if this is a danger to my site, other than being an annoyance.

 

Thanks in advance,

Kitty

Link to comment
Share on other sites

Looks like a forum spammer from China. Block the IP in your .htaccess if it's causing that many problems.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

If you do not already have it installed, try the very latest version of osC_Sec addon. I have added an optional feature called osCSpamTrap which is designed specifically to deal with mass registration type attacks without having to put your site registrants through the hassle of captcha. Although it is not enabled on install, in the readme.htm there are instructions for how to activate it.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

  • 5 weeks later...

If they create accounts they can use the "Tell a friend" feature to spam everyone and their brother...

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

On the site I manage I added an "anti robot" question to the create account page.

 

If they can't register they can't spam anyone.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Forums face these problems all the time (members signing up merely to spam with nonsense posts). Look at various forum discussion sites (e.g., simplemachines.org/community/ ) for the code and mods used to make it hard for spambots to sign up. These include CAPTCHAs and "are you human?" questions for the registrants. That would be a good start, rather than spending time trying to invent your own. Note that spammers are frequently employing farms of humans just to do the signups and solve the puzzles/questions, so some of these methods are becoming less effective.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...