Jump to content
René H4

Fake accounts

Recommended Posts

22 minutes ago, kingshazz13 said:

Is Honey Pot addon effective against fake accounts?

Yes, it is very good at stopping them. It checks a number of things that are common in fake accounts. As long as the account fails one of those tests, the account will not be created. It also has a list of known bad IP's, supplied by an external site, that it checks. 

Share this post


Link to post
Share on other sites
1 hour ago, kingshazz13 said:

Is Honey Pot addon effective against fake accounts? 

It worked for me, so yes!


osC CE live - developing osC Phoenix adding modules with no core changes(awesome and easy!)

Share this post


Link to post
Share on other sites
On 1/26/2021 at 2:53 AM, Jack_mcs said:

Or just install Honey Pot and stop them automatically. :)

 

On 1/26/2021 at 12:05 AM, Managing Director said:

The previous post was be-on-the-lookout information after over two hundred fake new accounts using blacklisted IP  addresses, were added to one customer's web site in a very short period of time. Adding a "customers_ip_address" field to the 'Customers" table and modifying "create_account.php" to save it helps us weed them out.

@Jack_mcs 

Please can you share hwo to modify the create_account.php file to submit IP address to the added customers_ip_address" field? This makes things a lot easier. I've added captcha (Google and Match Captcha) but still get fake accounts. So an escalation to deleting as well as blocking IP address will certainly help. Thanks

Share this post


Link to post
Share on other sites
3 hours ago, KenSO said:

Please can you share hwo to modify the create_account.php file to submit IP address to the added customers_ip_address" field?

That's outside of the scope of this support thread. You can post the question in the general forum and someone may help. But it probably isn't needed if you install Honey Pot. I've not heard of anyone having such a problem after it was installed.

Share this post


Link to post
Share on other sites
24 minutes ago, Jack_mcs said:

That's outside of the scope of this support thread. You can post the question in the general forum and someone may help. But it probably isn't needed if you install Honey Pot. I've not heard of anyone having such a problem after it was installed.

Thanks for reply but I still get loads of fake accounts after honey pot, sorry but that's the truth. Way forwayd for me is to have IP address inserted in database so I can ban IP after looking at account. I have to find what works for me.

Share this post


Link to post
Share on other sites
7 hours ago, KenSO said:

I still get loads of fake accounts after honey pot

It is most likely the settings are not correct. Please post your Honey Pot settings and the details of one of the fake accounts here and I will take a look.

Share this post


Link to post
Share on other sites

These fake russian accounts are suddenly back with a vengeance. I've got honeypot installed and also am requiring company name, gender, date of birth.  That seemed to help for the last couple of years but now they are bypassing it.  Anyone else having this problem again?

Share this post


Link to post
Share on other sites

It depends on what details are in the account. Honey Pot can only check for invalid entries so an account can be created as long as it doesn't violate one of the rules, like numbers in the name. 

I ran across a recent problem where fake accounts were being created. All of the data in the account was valid except for the post code. However, the countries used didn't have zones (states or provinces) in the database so Honey Pot couldn't check the post code since there is nothing defined for those countries.

If that isn't the problem then please post the details of one of the fake accounts so I can see if there is any way to stop them.

Share this post


Link to post
Share on other sites

Searching for "http" in new account form submission has helped me the most with fake accounts. For the rest, I block ASN's and cloud servers.


The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Share this post


Link to post
Share on other sites

Hello Jack, - here's what the typical fake customer looks like. The company is always google.  Any idea how would I go about filtering for that?

 

Smoky how did you block cloud services and ASN's?

Edited by fiodh

Share this post


Link to post
Share on other sites
1 hour ago, fiodh said:

The company is always google. 

Enter google into the bad words setting of Honey Pot and it will stop them. Ukraine is one of the countries without zones in the database so that prevents Honey Pot from checking other things, like the post code. But if you never sell to that country, you can also add it to the bad word list.

Share this post


Link to post
Share on other sites
7 hours ago, fiodh said:

Hello Jack, - here's what the typical fake customer looks like. The company is always google.  Any idea how would I go about filtering for that?

 

Smoky how did you block cloud services and ASN's?

I lookup the offending IP asn using this tool.

https://asn.cymru.com/

Then I block the asn using Cloudflare CDN firewall tool.

https://www.cloudflare.com/


The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Share this post


Link to post
Share on other sites

Thanks for the thoughts.  Forgive my ignorance but where is the honeypot control panel? I am sure I've seen it before but now I can't seem to find it, even though I definitely have honeypot installed and receive honeypot emails about accounts being made too quickly.

 

I guess I really should do the captcha I just didn't want to involve google in my website.

Share this post


Link to post
Share on other sites
6 hours ago, fiodh said:

Forgive my ignorance but where is the honeypot control panel?

admin->Modules->Header Tags

 

6 hours ago, fiodh said:

I guess I really should do the captcha I just didn't want to involve google

There is a capatcha option in Honey Pot. But it, and googles, is controlled by javascript which hackers can get around.Plus, in my opinion, it is a bother to your customers.

Adding to my earlier way to catch these, if you don't sell to the countries that don't have zones then delete that country from the list in admin->Locations/Taxes. The hackers will just use a different country but if that country has zones, Honey Pot should catch them.

You can also install my View Counter and use the country blocking option to stop them from being able to use the site at all.

Share this post


Link to post
Share on other sites

Thanks Jack.

I must have an older honeypot as I don't have captcha. I'l delete those countries though!

Share this post


Link to post
Share on other sites

reCAPTCHA uses minimal JavaScript and though any script can be bypassed, it is one of the most challenging to get around.

Although version 2 does require user input, it's now considered a standard for protecting online forms, which makes it not so much of a "bother."

More so, reCAPTCHA version 3 works in the background and doesn't require user interaction. It's the invisible reCAPTCHA.

It is a Google owned product and therefore, has dedicated resources.

https://www.google.com/recaptcha/about/

 

 

Edited by Demitry

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites
9 hours ago, fiodh said:

I must have an older honeypot as I don't have captcha.

That option was added quite a few versions ago so you really should update since there are other, more important, changes and fixes in the newer versions.

Share this post


Link to post
Share on other sites

As a matter of interest,  I tightened up my repeat account honeypot settings to 1 per sec it would get kicked back. ...  this evening, 8 hours later, I received 618 emails from honeypot advising of blocked attempts! Only two actual new fake accounts though!

Share this post


Link to post
Share on other sites
20 minutes ago, fiodh said:

I tightened up my repeat account honeypot settings to 1 per sec

If you mean the "Create Account Period" setting, that is in minutes, though I never tested with fractions of a minute. But either way, the lower the setting means the more chances the hackers have to create accounts so your results seem wrong. It might be that the code is seeing the low setting as invalid and is using a higher value?

As you probably know, hackers use scripts to create accounts so they retry immediately on failure. real people can't go that fast. So a low setting  allows retries more often. A high setting, like 20, would mean the person, or script, would have to wait 20 minutes before creating a new account. That may block real customers in some cases.

Share this post


Link to post
Share on other sites

I had it set at 480 but this morning set it at 1.

Share this post


Link to post
Share on other sites

Then that makes more sense to me. The 480 would prevent a second account from being created for 480 minutes. Some customers like to have an account for home and one for business so such a large number could cause a failure for them. Which is the correct value depends on your customers and how badly the site is being hit by hackers.

Share this post


Link to post
Share on other sites

strangley though setting it at 1 reduced the amount of fake accounts.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×