Jump to content
René H4

Fake accounts

Recommended Posts

I just had about 25 fake accounts with http:// addresses instead of the last name. Is there any easy way of blocking it?

 

Share this post


Link to post
Share on other sites

I've installed honey pot but still get 20-30 a day.

Share this post


Link to post
Share on other sites

20-30 from different people or the same one? If the former, it depends on what page they are using. If the latter then your settings are probably not correct.

Share this post


Link to post
Share on other sites

I have been monitoring this crap for a number of months now and have installed honey pot on a number of site and it works for nearly all  but some still get in. The vast majority of these are from .ru and they are relentless in there attacks. In the end I have had to change the settings in admin to limit the form submtions to every 50-60 miniute I did this in incraments of 10min and the attacks reduces in line with the increese in time. Now with the resubmit set to 60 minutes they are down to 3 or 4 per email address per day.

I guess they just give up after a few hours!

From what I have seen on the 4 test sites that have been under attack these are not bots but actual people, they are clearly using some sort of script to generate the user names as they follow a pattern but all the emails used are real and clearly stolen and most are real.

In my sites they all appere to be attacking the customer account form. From what I can tell so far they are attempting to inject scripts into the address fileds.

Why? Who knows I've yet to find a sucsessfull injection! I simply deleat the accounts every so often.


 

Share this post


Link to post
Share on other sites
Posted (edited)

I'm sorry, I have to rescind what I said - I am getting 2-3 a day after installing honey pot. I just had a flourish of them in a short while the other day which made me think I was getting that many. (if I sound like an idiot, in this case, I am one)

two to three ain't too bad. Blocking the countries or each single spammer's IP didn't really do anything.

Are the maybe using this process to test emails to use for spamming?

Thanks

Edited by fiodh

Share this post


Link to post
Share on other sites

On my create account page, I have a question "how did you find us" and some radio button style options. (google, bing, friend, repeat visit). When the spammers submit their accounts, this question is always blank. I assume this is because the bots/spammers are accessing the create account function script directly.

Question - Is there a way to prevent someone from creating an account if they don't provide answer to this "referral" question?  This might give the spammers an error and send them on their way?

 

 

Share this post


Link to post
Share on other sites
7 hours ago, fiodh said:

Are the maybe using this process to test emails to use for spamming?

Someone posted a thread to an article about why this is increasing. I don't know if it was in this thread or not but the article basically said companies were paying spammers to test how to get into sites. I suspect that is the case. Honey Pot can stop all accounts, as it is written, because a spammer account is not any different than a regular account. It is possible to code it to detect certain words and stop them. I do that in my View Counter (unreleased version) and it stops 100% of them. But for now, cutting down the number of them is the best it can do.

3 hours ago, fiodh said:

Is there a way to prevent someone from creating an account if they don't provide answer to this "referral" question? 

There should be a sitting that requires the referral. I think it is in admin->Configuration->Customer Details but some versions of How Did You Hear might have it elsewhere, like in a module.

Share this post


Link to post
Share on other sites

I am really getting pounded with these, even with the honey pot add on, I am now getting 8-10 accounts a day. Doesn't seem like much until you have spend a couple minutes every morning deleting these.

Share this post


Link to post
Share on other sites
1 hour ago, fiodh said:

I am really getting pounded with these, even with the honey pot add on

Options

Add google captcha to the form. It makes a big difference


 

Share this post


Link to post
Share on other sites
3 hours ago, fiodh said:

I am now getting 8-10 accounts a day

Are the IP's different for each of them? Do the IP's repeat from day to day? What are the settings for Honey Pot?

Share this post


Link to post
Share on other sites

Yes the IPs are different for most of them, I block them and and then more arrive!  I have been a bit lazy about religiously banning every IP,  after a while I just keep deleting and deleting...

Here's the settings:

Email Addresses Allowed
False

Email Addresses Show Message
True

URL's Allowed
False

URL Show Message
True

Create Account Check
True

Create Account Count
2

Create Account Period
480

Create Account Notify
True

Share this post


Link to post
Share on other sites

Hi Jack I just want to say I don't hold you responsible for these problems  - your add on contribution has really helped tremendously. Thanks for all your work.

Share this post


Link to post
Share on other sites

Would it not be a simple solution to rename create_account.php to something else?

I know, all the files that call create_account.php should be changed also.

But if this a real problem, and you will be running your shop for 5-6 years or so, this could be a solution.


  • Gold is EOL
  • Frozen is Sunset
  • Edge is defunct and no longer exists
  • Phoenix is the default recommended download

Share this post


Link to post
Share on other sites

Yes that had occurred to me, to just change the name of the file, but I wasn't sure where all the mentions of create_account.php would be and if that would mess it all up?

Unless, somehow, the spammers are accessing the database directly, as they don't seem to be using my modified page.

I've been running this shop for 15 years so far and expect to continue!

Share this post


Link to post
Share on other sites

"Agent Ransack " can be used to find the calls to create_account.php. I do not have a test environment at the moment, otherwise I could try.

Mind that you would need to change core-code.


  • Gold is EOL
  • Frozen is Sunset
  • Edge is defunct and no longer exists
  • Phoenix is the default recommended download

Share this post


Link to post
Share on other sites
27 minutes ago, fiodh said:

I just want to say I don't hold you responsible for these problems

I appreciate the thought but I didn't think that was the case. :)

11 minutes ago, René H4 said:

Would it not be a simple solution to rename create_account.php to something else?

When a page on the site is visited, the name of the file is displayed in url so how would changing the name help? Initially the scripts would fail since they are looking for create_account.php but they most likely use link checkers to search for all pages with forms so I doubt it would work for long.

Share this post


Link to post
Share on other sites

Woke up this morning to 60 honey pot messages, but only 3 fake accounts made.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×