Fake accounts

[René H4 110]

Hi,

In my shop I receive a lot of fake account creations at the moment, around 20 a day.

They look like:

Loans For Bad Credit Loans For Bad Credit
Paydayloan Direct Lender Loans PC
RobertNus RobertNusIR
Loans Online Loan Cash PC

Is there a way to get rid of these creations? It is quite annoying.

Installed Version: osCommerce Online Merchant v2.3.4.1

Regards, Rene

 

[Jack_mcs 1,070]

This has come up a few times here but there isn't a good solution so far since it is difficult to distinguish such an account from a legitimate one. If you can find some common characteristic, like "Loans" in the name, then you could block based on that.

[bonbec 122]

Take a look in the server logs to see if all registrations are made from the same IP.
If so, then block the IP in the .htaccess

[René H4 110]

Bonbec, I have started to record the IP's, but I am sure is will be a tremendous job to maintain that.

I'd hoped that there would be a simple Captcha for this problem that I could implement.

Something like a question, of which everybody knows the answer, which would the have to be typed in a box.

If the answer is correct, the proces of creation would continue.

 

 

[René H4 110]

Just checked: These guys can just pass the .htaccess. So that does not help......

[René H4 110]

4 hours ago, Jack_mcs said:

This has come up a few times here but there isn't a good solution so far since it is difficult to distinguish such an account from a legitimate one. If you can find some common characteristic, like "Loans" in the name, then you could block based on that.

Is there an easy way to block certain names that are used?

 

[ArtcoInc 368]

You mean like this:

(this was taken just now off of one of my live shops)

M

[Jack_mcs 1,070]

42 minutes ago, honda4 said:

Is there an easy way to block certain names that are used?

If you mean a common name, in the create_account.php file, find the line that reads $error = false and add this below it. Be sure to change the names used in the code.

    $error = false;
    
    if (strtolower($firstname) == 'bob' || strtolower($lastname) == 'hacker') {
     $error = true;
    } 

If you mean to block them for each name, you would need to use the IP as Fred mentioned.

[a123 2]

comment out this line:
https://github.com/osCommerce/oscommerce2/blob/de9e922377cbfd0678c9e4b9e8eb51123f3e230a/catalog/create_account.php#L249

and will no reason to attack with email bombs something and after ask developer to fix it. The best way to use unique account page against well known general page. GDPR rules could be a good choice..

[Jack_mcs 1,070]

If the accounts are being created to send out spam emails, then a better approach would be to install the Honeypot addon. But I've seen this happen before and, as mentioned, there have been other threads on it here and in those cases, the accounts are being created many times by regular people, albeit hackers, as opposed to spammers. The reason is not clear but I suspect it is to give them more access to the database, or something like that.

[puggybelle 30]

7 hours ago, ArtcoInc said:

You mean like this:

My Admin looks just like yours every day!

My question for you is:  why aren't you deleting these fake accounts as they roll in?

You've got fake accounts dating back for days or weeks in that screenshot of yours.  I whack 'em as soon as I see them.

Leaves me feeling that this software is a popular target for hackers.  I never saw this, on this scale, in my old 2.2 shop which I had for over a decade.

Heck, I even removed all Contact Us links in my site and renamed the file to...anything but contact_us.php

Didn't delete it, but...no one will ever guess what it is.  And that was AFTER installing Honeypot Captcha!

- Andrea

[Jack_mcs 1,070]

Spammers have always tried to use forms to send emails. That's why the cpatcha-type code was created in the first place. But this creating fake accounts is a relatively new thing (last few years), to my knowledge. They have always created such accounts but lately they do it much, much more, when they start in on a site. And it isn't just oscommerce. There are many posts on the web about this for other platforms.

As for deleting them, you may not have had too many and I don't know how many the op had but I had a client recently where new accounts were being added at about 30 per day. The shop owner couldn't keep up with the deletions.

To be clear about what Honeypot does, it stops spammers from using scripts to submit emails. And if you have the settings to not allow emails and url's, it will stop spammers from adding them manually. If won't stop anyone else since that would render the form useless.

[René H4 110]

13 hours ago, Jack_mcs said:

If you mean a common name, in the create_account.php file, find the line that reads $error = false and add this below it. Be sure to change the names used in the code.

    $error = false;
    
    if (strtolower($firstname) == 'bob' || strtolower($lastname) == 'hacker') {
     $error = true;
    } 

If you mean to block them for each name, you would need to use the IP as Fred mentioned.

Nicely resolved!

[Rwe 35]

The registration is commonly made by robots who look at the right form fields. firstname, lastname , email etcetera.

I had this problem too the last weeks of fake accounts exactly as mentiont earlyer.

I did the following to trick them;

 

1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="")

2 rename the original firstname field with a newname ( name ="newfirstname")  + change :  $firstname = tep_db_prepare_input($_POST[newfirstname']);

3 make a rule to give an error when the formfield fistname is being filled up by the robot and place it  in the top somewhere between the other fom check codes:

 if(!empty($_POST['firstname'])) {
  $error = true;
 }

 

Finished.

i can see in the server logs that the robot has been trying but could not make an account. for now this is working for me.

i hope i could help with this .

 

 

[René H4 110]

On 10/12/2018 at 8:57 PM, Jack_mcs said:

If you mean a common name, in the create_account.php file, find the line that reads $error = false and add this below it. Be sure to change the names used in the code.

    $error = false;
    
    if (strtolower($firstname) == 'bob' || strtolower($lastname) == 'hacker') {
     $error = true;
    } 

If you mean to block them for each name, you would need to use the IP as Fred mentioned.

I have tried this, and changed the names to pay and loan.  It works, but as soon as I try to create an account with the name pay1 or loan1 the account is still created.

Apparantly this is nog the solution then.

 

[Jack_mcs 1,070]

On ‎10‎/‎13‎/‎2018 at 6:19 AM, Rwe said:

1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="")

That is the idea behind the Honeypot code. You may want to look at that addon since it checks other forms and can limit what is sent via the contact us page.

[Jack_mcs 1,070]

7 hours ago, honda4 said:

I have tried this, and changed the names to pay and loan.  It works, but as soon as I try to create an account with the name pay1 or loan1 the account is still created.

That's because pay and pay1, as well as loan and loan1, are not the same. The following will catch all similar names. However, that it means it will catch names like Payton so you may end up blocking legitimate customers.

    $error = false;
    
    if (strpos($firstname, 'pay') !== false || strpos($lastname, 'loan') !== false {
     $error = true;
    } 

 

[burt 5,612]

Protect create_account.php with

• an Action Recorder module
  perhaps allowing 1 sign up per 96 hour period
• and a Captcha (or two)
  could be one google capcha and a maths capcha

People should soon get bored of waiting 4 days.
Bots should be stopped in their tracks.

[♥Gyakutsuki 136]

The solution proposed by Burt is good.

I have a customer in less 1 night, receive 80 000 emails. it's crazy. H had numeric captcha but not dynamic(like 5+four). In this case, a quickly test can be made.

Now, the account form has action recorder, invisible captcha and a dynamic numeric captcha. Pb resolved
The pb is the bot or the hacker change everytime the ip. In this case the recorder is not enough.

Where is the pb ?

I think the big problem come when you hide the state, in this case, it's more simple to fill the field. With the state enable, if you don't know a state, there is an error.

If you decide to hide the states it's better to protect you.

 

[René H4 110]

15 hours ago, burt said:

Protect create_account.php with

• an Action Recorder module
  perhaps allowing 1 sign up per 96 hour period

People should soon get bored of waiting 4 days.
Bots should be stopped in their tracks.

Nicely said (no offence), but where would I find such a module? It's not in the standard install?

(By the way: I have added .htaccess block on a few IP addresses. The creation of fake accounts has allmost beel eliminated for the moment).

Edited October 15, 2018 by honda4

[♥Gyakutsuki 136]

Action recorder is in contact form and need also a module. You can use this ewample and update your code

[René H4 110]

1 hour ago, Gyakutsuki said:

Action recorder is in contact form and need also a module. You can use this ewample and update your code

I am looking into this right now. But why inventing the wheel if it already exists? 😉

 

[René H4 110]

2 hours ago, Gyakutsuki said:

Action recorder is in contact form and need also a module. You can use this ewample and update your code

Is this just the script file and the language file that do the job, of is there more tot it?

If it's only these two, I can upload and test.

Edited October 15, 2018 by honda4
Like ar_create_account.php (twice)

[♥Gyakutsuki 136]

Contact form is your base to work after you must update in consequence in your account.

[René H4 110]

47 minutes ago, Gyakutsuki said:

Contact form is your base to work after you must update in consequence in your account.

Allthough you have the best meaning, this is not of much help, sorry.

At this moment I have created:

/httpdocs/includes/modules/action_recorder/ar_create_account.php

and

/httpdocs/includes/languages/mylanguage/modules/action_recorder/ar_create_account.php

I am able to install them in the mdules section, but I am at the point where I have to integrate them into the create_account.php file.

That is where it is getting a bit complex for a learner... 🙂