Jump to content
René H4

Fake accounts

Recommended Posts

Even with the honeypot add on, now I am getting 15 fake accounts in less than 24 hours.

Share this post


Link to post
Share on other sites

@fiodh Could you please supply the snippets of code to add to get Company Name to appear as you have above. It will help big time in finding the Google accounts.
I already have the sort by options

Share this post


Link to post
Share on other sites

That's not the company names, thats the "how did you find us? question count.

Share this post


Link to post
Share on other sites
Posted (edited)

oh, sorry, that bit, I have no idea about that. We haven't used company names in our customer account form since the very beginning. If you can tell me where I can find that code, I'll have a look.

Edited by fiodh

Share this post


Link to post
Share on other sites

admin/customers.php

If you could attach that file I will use a compare program to locate the changes else it's starts some where around lines 667 - 778

 

 

Share this post


Link to post
Share on other sites

Honestly I'd prefer not to post my entire customers.php file to the forum, plus my site is sort of a hacked together non-standard old mess that will likely only cause confusion.

Share this post


Link to post
Share on other sites

Here is an interesting description of why these accounts are being created:

 

https://webmasters.stackexchange.com/questions/61291/why-do-registration-bots-exist-what-do-they-gain-from-registering-on-my-site

 

TLDR: They use your site confirmation email along with many others to hide online scams or purchases made with hacked accounts. They also use spam text in the email to spam to customers.

The only solution so far is to install google captcha. If you don't mind google having their fingers on every account created at your site.

One major issue from these accounts is that the email addresses are often valid, so when people receive a robots spammy customer welcome email, they likely will mark it as SPAM. If this happens enough, your site will be blacklisted on junk lists.

Edited by fiodh

Share this post


Link to post
Share on other sites

Some people say the slider captcha is not in compliant with the ADA regulations. So you may want to use it with care, 😄  but who is going to protect the site owner anyway😉

Share this post


Link to post
Share on other sites

They say if one is using a page reader program, for the blind, it won''t be able to pass the slider.

Share this post


Link to post
Share on other sites

Slider , puzzle , numbers or images, a spammer will always find a way.

Google recaptcha is one of the few that still works most of the time.

The slider capatcha was overcome some time ago, not going to post the link but it's not hard to find the code to overcome slider!

How to bypass “slider CAPTCHA” with JS and Puppeteer


 

Share this post


Link to post
Share on other sites

That sucks!

The google captcha is complicated for me to install, I don't get it. Something about server side code verifying in the database, as well as editing the php files... I am at the edge of my understanding when it gets to database bits so am going to have to look into this. But it's a shame the only solution is to go worship at the altar of google, and give them access to everyone who registers.

Edited by fiodh

Share this post


Link to post
Share on other sites
1 hour ago, fiodh said:

The google captcha is complicated for me to install,

Google capatch is very easy to install, and if your using Phoinex then it's a simple 1,2,3 setp process. With phoinex the contact us and account forms have site wide hooks so you can just use those to install, if not just dump the verfiy code in next to the site wide hook for form verfiy and the display code next to the display hook. The just tsake the google verfy class and dump in in your includes/classes/recaptcha.php folder, go get you secret key and your open key from google and put them into the places in the code where it askes for them, add a couple of defines to your langage file and your done.

contact_us form verifiy line 30

 $OSCOM_Hooks->call('siteWide', 'injectFormVerify');

contact_us from display around line 130

echo $OSCOM_Hooks->call('siteWide', 'injectFormDisplay');

It's the same for the other form's if you use them.

Google verify code is free to use you can get it from guithub here is one that easy to use.

https://github.com/geordyjames/google-Invisible-reCAPTCHA/blob/master/Recaptcha.php

Not sure pm me and I'll show you how to do it for Phoinex. Or perhaps ask in th Phoinex club as I'm sure that with the hooks beeing in place an add-on to use them must be kicking around, but it's just as easy to add the code to the forms.


 

Share this post


Link to post
Share on other sites

on the phoenix test site.

Burt created two different  modules (Maths, and Captcha) which uses the hook system for both create account and contact us.

example 
https://template.me.uk/phoenix/create_account.php

which he made available to "supporters"

both are super easy to install


App created for phoenix
TinyMCE editor for admin

 

Share this post


Link to post
Share on other sites
17 hours ago, puddlec said:

which he made available to "supporters"

Good to see progress,

It can also be done using the free add-on's in the apps market, a few you can use. I have installed and used this one and it works fine on Phoienex 1.0.2.2

https://apps.oscommerce.com/f2UI4&recaptcha-2-form-validation-for-bs-edge

This sort of thing needs to be a default install as it is in most populer carts, just click and install! Hopefully @Harald Ponce de Leon will take note and include this in Official V3.0 when it's comes out.

image.thumb.png.f629436546934b0e7780001c1fd7106d.png

image.thumb.png.195a81b43765aec82b2362038bc4f31a.png

Edited by JcMagpie

 

Share this post


Link to post
Share on other sites

Hi guys.

A client's old 2.2 store have been attacked for the past couple of days with over 1000 fake accounts in a couple of hours! I disabled the create_account.php and it stopped. I re-enabled it and not too long after over 400 accounts were created again! All accounts have different names and addresses, several had the same IP, mostly from 45.XX.XX.XX, so I blocked all IPs starting with 45.
This store uses 2 extra fields for address number and I noticed these 2 fields have the same information for all fake accounts. Also all of them have the same DOB.
Is anyone else having this problem?

They were able to place 3 orders from different accounts using a custom credit card payment method so that can be where the hacker's interest lies.

Do you recommend to install both Honeypot and View Counter contributions to mitigate and maybe even stop this? Or just one of them would be enough? In this case, which one?

Also which Google captcha contribution will work for an old 2.2 store? (I know, it needs to be updated, but it's a big store that's been on for many years already, it's very customized, and we need time and planning to do it right).

 

TIA for your help.

 


Patty

Share this post


Link to post
Share on other sites

Long thread so shan't read through it and apologies if it has been mentioned already.

Same problem, tried a few things, turned out that adding all sign up options in configuration - customer details did the trick, I have not had a single fake account since I enabled all the options, I tried them one by one but in the end left them all there as taking one or the other out meant more fake accounts.

Also to do with customer contact us emails, implemented the simple math code in the file and nothing since.

Pretty sure I found that on here :)

 

 

 

Share this post


Link to post
Share on other sites
On 9/29/2019 at 8:21 PM, Shed said:

Same problem, tried a few things, turned out that adding all sign up options in configuration - customer details did the trick, I have not had a single fake account since I enabled all the options, I tried them one by one but in the end left them all there as taking one or the other out meant more fake accounts.

I did this now also, and it worked, no fake accounts for the last three days!  Thanks for mentioning it, you've saved me several minutes each morning.

Share this post


Link to post
Share on other sites

No problem, I reckon that the scripts being used for fake customers sign up do not encompass all sign up options. They are simple algorithms filling in name and address, not eg state. 

 

 

Share this post


Link to post
Share on other sites
16 hours ago, BAOBABOUTIQUE said:

where can we get this module for create account ?

Become a supporter of Phoenix.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

Hi Y'all,

 A while ago we had a problem with bots filling in the contact_us page.

I cured this with an adaption of a simple maths test found somewhere. (Generates a simple random maths question). It worked a treat, stopped all the fake store emails, once I changed for eg. 'What is 3+4' to 'what is the sum of 3 & 4'. Clever bots...

Recently though (Last 3 weeks) a new problem has emerged.

About 5 times a day currently, a store contact_us email is sent with rubbish text and at the same time a new store account is created.

I have previously added code to the create_account to stop the bots we had a while ago, (Ones that used Google as the company name), this worked well.

I noticed that the new accounts created recently always used the first country in the country list (Algeria), so I added some code to error out if that country was selected. (We hardly ever sell to Algeria). I tested this by trying to set up an account and it worked well, I could not create a new customer with Algeria as the country.

To my surprise this did NOT stop accounts being created with that country. Not only that but I was then then unable to delete the customer via the customer admin page.

I removed the code I added and now I can delete them from Admin again if they were added after I removed it.

To me this indicates they are not using the create_account page in a normal way. My code seemed to break the a Db customer index (so it couldn't be deleted from admin) when they tried an insert but didn't stop the customer being inserted into the Db.

I am now suspicious this is a new exploit so far undiscovered.

The originating IP's are all over the world according to the server logs so no IP blocking is going to work.

My version is 2.3.4 fully up to date.

I'm going to change the create_account file name to something random but I am not confident this will be a cure as they could easily find the proper URL if they looked.

Server logs don't seem to tell me much apart from the pages visited and originating IP.

I have also checked there are no extra files anywhere, seems ok.

Anyone else with this issue or any suggestions?
 

 

 

 

 

 

 

Edited by yahalimu

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×