Jump to content
Latest News: (loading..)
honda4

Fake accounts

Recommended Posts

Hi,

In my shop I receive a lot of fake account creations at the moment, around 20 a day.

They look like:

Loans For Bad Credit Loans For Bad Credit
Paydayloan Direct Lender Loans PC
RobertNus RobertNusIR
Loans Online Loan Cash PC

Is there a way to get rid of these creations? It is quite annoying.

Installed Version: osCommerce Online Merchant v2.3.4.1

Regards, Rene

 


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

This has come up a few times here but there isn't a good solution so far since it is difficult to distinguish such an account from a legitimate one. If you can find some common characteristic, like "Loans" in the name, then you could block based on that.

Share this post


Link to post
Share on other sites

Take a look in the server logs to see if all registrations are made from the same IP.
If so, then block the IP in the .htaccess


Live   : OsC 2.2, php 5.4 & UTF-8  |  Local : OsC 234BS php7.2 Edge for future shop

Share this post


Link to post
Share on other sites

Bonbec, I have started to record the IP's, but I am sure is will be a tremendous job to maintain that.

I'd hoped that there would be a simple Captcha for this problem that I could implement.

Something like a question, of which everybody knows the answer, which would the have to be typed in a box.

If the answer is correct, the proces of creation would continue.

 

 


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

Just checked: These guys can just pass the .htaccess. So that does not help......


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites
4 hours ago, Jack_mcs said:

This has come up a few times here but there isn't a good solution so far since it is difficult to distinguish such an account from a legitimate one. If you can find some common characteristic, like "Loans" in the name, then you could block based on that.

Is there an easy way to block certain names that are used?

 


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

You mean like this:

1137460431_ScreenCapture10-12-2018.jpg.7bf2ff5fabc348eb111a2432fa89ac9a.jpg

(this was taken just now off of one of my live shops)

M


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Frozen" release here

Share this post


Link to post
Share on other sites
42 minutes ago, honda4 said:

Is there an easy way to block certain names that are used?

If you mean a common name, in the create_account.php file, find the line that reads $error = false and add this below it. Be sure to change the names used in the code.

    $error = false;
    
    if (strtolower($firstname) == 'bob' || strtolower($lastname) == 'hacker') {
     $error = true;
    } 

If you mean to block them for each name, you would need to use the IP as Fred mentioned.

Share this post


Link to post
Share on other sites

comment out this line:
https://github.com/osCommerce/oscommerce2/blob/de9e922377cbfd0678c9e4b9e8eb51123f3e230a/catalog/create_account.php#L249

and will no reason to attack with email bombs something and after ask developer to fix it. The best way to use unique account page against well known general page. GDPR rules could be a good choice..

Share this post


Link to post
Share on other sites

If the accounts are being created to send out spam emails, then a better approach would be to install the Honeypot addon. But I've seen this happen before and, as mentioned, there have been other threads on it here and in those cases, the accounts are being created many times by regular people, albeit hackers, as opposed to spammers. The reason is not clear but I suspect it is to give them more access to the database, or something like that.

Share this post


Link to post
Share on other sites
7 hours ago, ArtcoInc said:

You mean like this:

My Admin looks just like yours every day!

My question for you is:  why aren't you deleting these fake accounts as they roll in?

You've got fake accounts dating back for days or weeks in that screenshot of yours.  I whack 'em as soon as I see them.

Leaves me feeling that this software is a popular target for hackers.  I never saw this, on this scale, in my old 2.2 shop which I had for over a decade.

Heck, I even removed all Contact Us links in my site and renamed the file to...anything but contact_us.php

Didn't delete it, but...no one will ever guess what it is.  And that was AFTER installing Honeypot Captcha!

- Andrea

Share this post


Link to post
Share on other sites

Spammers have always tried to use forms to send emails. That's why the cpatcha-type code was created in the first place. But this creating fake accounts is a relatively new thing (last few years), to my knowledge. They have always created such accounts but lately they do it much, much more, when they start in on a site. And it isn't just oscommerce. There are many posts on the web about this for other platforms.

As for deleting them, you may not have had too many and I don't know how many the op had but I had a client recently where new accounts were being added at about 30 per day. The shop owner couldn't keep up with the deletions.

To be clear about what Honeypot does, it stops spammers from using scripts to submit emails. And if you have the settings to not allow emails and url's, it will stop spammers from adding them manually. If won't stop anyone else since that would render the form useless.

Share this post


Link to post
Share on other sites
13 hours ago, Jack_mcs said:

If you mean a common name, in the create_account.php file, find the line that reads $error = false and add this below it. Be sure to change the names used in the code.


    $error = false;
    
    if (strtolower($firstname) == 'bob' || strtolower($lastname) == 'hacker') {
     $error = true;
    } 

If you mean to block them for each name, you would need to use the IP as Fred mentioned.

Nicely resolved!


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

The registration is commonly made by robots who look at the right form fields. firstname, lastname , email etcetera.

I had this problem too the last weeks of fake accounts exactly as mentiont earlyer.

I did the following to trick them;

 

1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="")

2 rename the original firstname field with a newname ( name ="newfirstname")  + change :  $firstname = tep_db_prepare_input($_POST[newfirstname']);

3 make a rule to give an error when the formfield fistname is being filled up by the robot and place it  in the top somewhere between the other fom check codes:

 if(!empty($_POST['firstname'])) {
  $error = true;
 }

 

Finished.

i can see in the server logs that the robot has been trying but could not make an account. for now this is working for me.

i hope i could help with this .

 

 


:heart: osCommerce?action=AED

I am using osCommerce version 2.3.4.1 CE  Frozen

 

Share this post


Link to post
Share on other sites
On 10/12/2018 at 8:57 PM, Jack_mcs said:

If you mean a common name, in the create_account.php file, find the line that reads $error = false and add this below it. Be sure to change the names used in the code.


    $error = false;
    
    if (strtolower($firstname) == 'bob' || strtolower($lastname) == 'hacker') {
     $error = true;
    } 

If you mean to block them for each name, you would need to use the IP as Fred mentioned.

I have tried this, and changed the names to pay and loan.  It works, but as soon as I try to create an account with the name pay1 or loan1 the account is still created.

Apparantly this is nog the solution then.

 


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites
On ‎10‎/‎13‎/‎2018 at 6:19 AM, Rwe said:

1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="")

That is the idea behind the Honeypot code. You may want to look at that addon since it checks other forms and can limit what is sent via the contact us page.

Share this post


Link to post
Share on other sites
7 hours ago, honda4 said:

I have tried this, and changed the names to pay and loan.  It works, but as soon as I try to create an account with the name pay1 or loan1 the account is still created.

That's because pay and pay1, as well as loan and loan1, are not the same. The following will catch all similar names. However, that it means it will catch names like Payton so you may end up blocking legitimate customers.

    $error = false;
    
    if (strpos($firstname, 'pay') !== false || strpos($lastname, 'loan') !== false {
     $error = true;
    } 

 

Share this post


Link to post
Share on other sites

Protect create_account.php with

  • an Action Recorder module
    perhaps allowing 1 sign up per 96 hour period
  • and a Captcha (or two)
    could be one google capcha and a maths capcha

People should soon get bored of waiting 4 days.
Bots should be stopped in their tracks.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

The solution proposed by Burt is good.

I have a customer in less 1 night, receive 80 000 emails. it's crazy. H had numeric captcha but not dynamic(like 5+four). In this case, a quickly test can be made.

Now, the account form has action recorder, invisible captcha and a dynamic numeric captcha. Pb resolved
The pb is the bot or the hacker change everytime the ip. In this case the recorder is not enough.

Where is the pb ?

I think the big problem come when you hide the state, in this case, it's more simple to fill the field. With the state enable, if you don't know a state, there is an error.

If you decide to hide the states it's better to protect you.

 



Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

Tuto for 2.4 :
- How to Display a new page with app
- How to make Header Tags under app APP
- How to make a
boostrap modal with external element
 

 

Share this post


Link to post
Share on other sites
15 hours ago, burt said:

Protect create_account.php with

  • an Action Recorder module
    perhaps allowing 1 sign up per 96 hour period

People should soon get bored of waiting 4 days.
Bots should be stopped in their tracks.

Nicely said (no offence), but where would I find such a module? It's not in the standard install?

(By the way: I have added .htaccess block on a few IP addresses. The creation of fake accounts has allmost beel eliminated for the moment).

Edited by honda4

Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

Action recorder is in contact form and need also a module. You can use this ewample and update your code



Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

Tuto for 2.4 :
- How to Display a new page with app
- How to make Header Tags under app APP
- How to make a
boostrap modal with external element
 

 

Share this post


Link to post
Share on other sites
1 hour ago, Gyakutsuki said:

Action recorder is in contact form and need also a module. You can use this ewample and update your code

I am looking into this right now. But why inventing the wheel if it already exists? 😉

 


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites
2 hours ago, Gyakutsuki said:

Action recorder is in contact form and need also a module. You can use this ewample and update your code

Is this just the script file and the language file that do the job, of is there more tot it?

If it's only these two, I can upload and test.

Edited by honda4
Like ar_create_account.php (twice)

Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

Contact form is your base to work after you must update in consequence in your account.



Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

Tuto for 2.4 :
- How to Display a new page with app
- How to make Header Tags under app APP
- How to make a
boostrap modal with external element
 

 

Share this post


Link to post
Share on other sites
47 minutes ago, Gyakutsuki said:

Contact form is your base to work after you must update in consequence in your account.

Allthough you have the best meaning, this is not of much help, sorry.

At this moment I have created:

/httpdocs/includes/modules/action_recorder/ar_create_account.php

and

/httpdocs/includes/languages/mylanguage/modules/action_recorder/ar_create_account.php

I am able to install them in the mdules section, but I am at the point where I have to integrate them into the create_account.php file.

That is where it is getting a bit complex for a learner... 🙂

 


Not too experienced, but very willing to learn.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×