zefeena Posted December 3, 2016 Share Posted December 3, 2016 Hi, I've had a huge amount of 'customers' creating an account. They are not genuine, unless they live in a very very big house, as they generally use the same addresses, They usually put 'apple' or 'Microsoft' as their company and use the surnames: Vigorda, Ken, Olivier, Holland. I have literally deleted around 100 in the last few days. Sometimes they have logged onto their account 400-500 times! I think they are probably Russian as they often use .ru as their email. What on earth are they up to, and how do I stop these people creating an account. I'm not happy about them being on my site, as they are obviously up to no good! Kellie Running a botched up version of osCommerce Online Merchant v2.3.4 bootstrap with the dresscode theme installed, numerous add-ons, terrible coding, terrible website, but will have to make do until I have made up for my losses and can risk shutting down for a couple of weeks while I start all over again. - I did not install my program but am endeavouring to fix it with your help. Link to comment Share on other sites More sharing options...
Mikepo Posted December 3, 2016 Share Posted December 3, 2016 can you block all IPs from Russia? Do you know the IP in question, if so use addon 'View counter' to block them. there may be other addon which could help, but I use view counter and blocking users like these is easy to set up. Hope this helps osC CE live - developing osC Phoenix adding modules with no core changes(awesome and easy!) Link to comment Share on other sites More sharing options...
zefeena Posted December 3, 2016 Author Share Posted December 3, 2016 Hi, I don't know how to see the ip's, or block russia. I will try the 'view counter' and see if i can install that. thanks kellie Running a botched up version of osCommerce Online Merchant v2.3.4 bootstrap with the dresscode theme installed, numerous add-ons, terrible coding, terrible website, but will have to make do until I have made up for my losses and can risk shutting down for a couple of weeks while I start all over again. - I did not install my program but am endeavouring to fix it with your help. Link to comment Share on other sites More sharing options...
♥Gyakutsuki Posted December 3, 2016 Share Posted December 3, 2016 You can install this contribution : http://addons.oscommerce.com/info/824 also when a customer create an account you can take this IP and also when it create an order. Al the end, you can also insert a button in relation with google map. With this element, you can identify "good" customer or not and after you take the decision to increase the functionnalities inside your store. Regards ----------------------------------------- Loïc Contact me by skype for business Contact me @gyakutsuki for an answer on the forum Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 3, 2016 Share Posted December 3, 2016 I think they are probably Russian as they often use .ru as their email. What on earth are they up to, and how do I stop these people creating an account. I'm not happy about them being on my site, as they are obviously up to no good! They are probably doing it because creating an account allows a hacker a little more room to play around in. If you will never sell to anyone from Russia, then you should block the whole country. You can do that with View Counter, as mentioned. If you just want to stop them from creating accounts, then you can delete those countries from your database (in admin). But since they are most likely hackers trying to get in, that won't prevent them from trying so stopping them completely is the better way. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
zefeena Posted December 3, 2016 Author Share Posted December 3, 2016 Is there a way to block 'Russia' through my control panel - i.e a super quick way without adding any code. Rather worried something might go wrong in the interim! Running a botched up version of osCommerce Online Merchant v2.3.4 bootstrap with the dresscode theme installed, numerous add-ons, terrible coding, terrible website, but will have to make do until I have made up for my losses and can risk shutting down for a couple of weeks while I start all over again. - I did not install my program but am endeavouring to fix it with your help. Link to comment Share on other sites More sharing options...
ecommunlimited Posted December 3, 2016 Share Posted December 3, 2016 @@zefeena If you don't have an add-on installed that can do it for you, you can put this in your root .htaccess file to block Russia. <IfModule mod_geoip.c> GeoIPEnable ON # add one line for each country you wish to block #Russia SetEnvIF GEOIP_COUNTRY_CODE RU BlockThese Deny from env=BlockThese</IfModule> There's more countries below. <IfModule mod_geoip.c> GeoIPEnable ON # add one line for each country you wish to block #AFGHANISTAN SetEnvIF GEOIP_COUNTRY_CODE AF BlockThese #China SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese #Germany SetEnvIF GEOIP_COUNTRY_CODE DE BlockThese #Iran SetEnvIF GEOIP_COUNTRY_CODE IR BlockThese #LIBYA SetEnvIF GEOIP_COUNTRY_CODE LY BlockThese #Nigeria SetEnvIF GEOIP_COUNTRY_CODE NG BlockThese #North Korea SetEnvIF GEOIP_COUNTRY_CODE KP BlockThese #Romania SetEnvIF GEOIP_COUNTRY_CODE RO BlockThese #Russia SetEnvIF GEOIP_COUNTRY_CODE RU BlockThese #SOMALIA SetEnvIF GEOIP_COUNTRY_CODE SO BlockThese #SYRIA SetEnvIF GEOIP_COUNTRY_CODE SY BlockThese #Turkey SetEnvIF GEOIP_COUNTRY_CODE TR BlockThese #UKRAINE SetEnvIF GEOIP_COUNTRY_CODE UA BlockThese #Venezuela SetEnvIF GEOIP_COUNTRY_CODE VE BlockThese #Vietanm SetEnvIF GEOIP_COUNTRY_CODE VN BlockThese Deny from env=BlockThese</IfModule> This is for Yandex it's a Russian search engine # Yandex from Russiadeny from .yandex.comdeny from 5.255.192.0/18deny from 37.140.128.0/18deny from 100.43.64.0/19deny from 141.8.128.0/18deny from 199.21.96.0/22 Take care Bill Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 3, 2016 Share Posted December 3, 2016 To be clear, you can only use the SetEnvIF GEOIP_COUNTRY_CODE statements if the GEO IP mod is installed on the server, which it isn't for many hosts. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ecommunlimited Posted December 3, 2016 Share Posted December 3, 2016 It seemed to work fine for me. Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 3, 2016 Share Posted December 3, 2016 That would be because your server has that package installed. It is the better choice, if available, since it is more efficient than code added in the shop. But it is not available on all servers. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
frankl Posted December 3, 2016 Share Posted December 3, 2016 @@zefeena I've had thousand of those over the years with the same surnames and company names as you mentioned. I believe it's just some script which runs, it's not an actual hacker sitting in a bedroom registering new customers on osCommerce sites! They never did anything on my site, just created accounts which are laborious to remove. For some reason I haven't had any of those since late 2015. I don't think I did anything to get rid of them. There is a reCaptcha module available for the Contact Us, Login and Create Account pages which forces people to enter a code before they can register, contact you or login which would stop bots. Not sure if it will work with 2.3.4BS, try it and if it doesn't work I'll try and knock up a module for you. You won't need it for the contact_us page, it's protected by action_recorder; you probably wouldn't need it for the login either, so no need to install those bits of code. osCommerce user since 2003! Link to comment Share on other sites More sharing options...
zefeena Posted December 4, 2016 Author Share Posted December 4, 2016 So Jack, I'm presuming I don't have the GEO IP installed on my server then, seen as you are the host? And thank you frankl, that's actually reassuring. I did wonder what sadsack had logged on over 400 times! it does seem more likely that it s robot or scritp rather than a person, though it makes one wonder what the scritpt is for. Maybe just likes to use up bandwidth and just be generally annoying and worrysome!! thank you Running a botched up version of osCommerce Online Merchant v2.3.4 bootstrap with the dresscode theme installed, numerous add-ons, terrible coding, terrible website, but will have to make do until I have made up for my losses and can risk shutting down for a couple of weeks while I start all over again. - I did not install my program but am endeavouring to fix it with your help. Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 4, 2016 Share Posted December 4, 2016 @@zefeena I'm sorry but I don't have a way to identify forum members as hosting members so I didn't realize you host with us. Yes, we have that package installed. See the Blocking Countries announcement in the members area for the details or contact me via email. It doesn't matter whether the accounts are being created by a person or a script - they are not legitimate accounts. When an account is created, the database is accessed. If a hacker is able to tack his code onto that request then he gains access to your database. That's usually the reason they create the accounts. But whatever the reason, you can be sure that they are not doing just because they can. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.