Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Removing fake customers


Snarg

Recommended Posts

  • Replies 69
  • Created
  • Last Reply

There are several threads regarding this on this subject. There's no simple way to remove them in a stock shop. You can do one of the following:

  • If there are not too many, you can manually delete them in admin->Customers.
  • If there are too many to delete manually, you can delete them by editing the database. How easy this is depends on when the accounts were created and if there is something in common with them, like the same in each.

To prevent it from happening again,

  • If you can determine the country that the accounts are being added from and if you won't sell to that country, then remove the country from the countries list in admin or install an addon or package that blocks countries if your host doesn't provide that option.
  • If you can determine the IP of those that created the account, you could block those IP's. There are addons meant to store the IP if you don't have one installed.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

@Snarg same here, very similar to what you show. About 1 or 2 a day. I've been manually deleting.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

Fake accounts are usually opened for the purpose of either spamming you, or using the store as a platform for spamming others via tell-a-friend, messaging, etc. Thus, it is good to keep them under control. I don't know if removing a country from the list will do any good -- they'll simply pick another country. In the (presumably made up?) example, they would just pick some other random country than Angola. That would be like playing whack-a-mole until you're down to one last country. I suppose you could do something to publish a list of countries you will (or won't) sell to, and silently automatically trash any account signed up for the banned countries. The fake account will simply vanish into the memory hole.

Something more productive might be to put new accounts' outputs (tell-a-friend, etc.) on preview of some sort, where nothing actually goes out until you've reviewed it. That's more work for you, of course. To avoid running afoul of privacy laws, you'd probably have to tell the "customer" that you're reading their posts and mailings, and even then, there might be trouble. However, it might be enough to discourage those looking to abuse your system (unless you simply turn off t-a-f etc.).

Forums and blogs face the same problem. If you can't stop them at the border (CAPTCHAs, etc. on signup to stop bots), you have to monitor what they're outputting to others and clamp down if they appear to be abusive. At least, on a forum or blog posting no one can claim a right to privacy in their communications. Almost anything you can do to stop spamming is going to create more work for you or more work for a real customer. Welcome to the Real World.

Can tell-a-friend, etc. be disabled until a customer has purchased something? Can tell-a-friend mailings be checked that they have a legitimate link to one of your products or categories, otherwise they're silently trashed? Just some ideas.

Link to comment
Share on other sites

here's one:  from ip: 

188.138.188.34
 
IP Location Moldova, Republic Of Moldova, Republic Of Chisinau Starnet Solutii Srl
ASN Moldova, Republic Of AS31252 STARNET-AS, MD (registered Mar 31, 2004)
Resolve Host

188-138-188-34.starnet.md

Will be blocking 188.138.188.0 - 188.138.188.255 via my cp

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

1 minute ago, JcMagpie said:

I had to clean a db of old customers a few months ago and found this add-on very useful.

You may want to look at my Database Optimizer.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

3 minutes ago, MrPhil said:

Something more productive might be to put new accounts' outputs (tell-a-friend, etc.) on preview of some sort, where nothing actually goes out until you've reviewed it.

That is a good idea but won't help in this case since it the creation of accounts causing a problem. And if that is put on hold for approval, the shop would probably lose sales.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Sorry about that I mistakenly uploaded the old code! This is what I used to clean the db. The plus was I could filter the large db by date  and do a delet between dates or delet individual customers.

As Jack said using the optimizer will probably help tidy up the db. Also not wating too long before cleaning would also help ? a little weekly house keeping would have avoided me having to clean 10 year old unused accounts!

image.thumb.png.d37376aa0d2e294d0ef396f70d5d9ef8.png

 

inactiveuser_CE_2_4.zip

 

Link to comment
Share on other sites

41 minutes ago, douglaswalker said:

Would the Honey pot work

Assuming you mean my addon,  it uses javascript for the create account page and javascript can be bypassed by spammers.  It can't be bypassed on the contact us page because that also uses php code. 

What could be done is to add code to store the IP and the date of account creation and then refuse new accounts if it is from the same IP and within XX amount of time. That won't stop it but it should cut it down quite a bit. I already have the code for that in the Pro version of View Counter. I'll see about adding it to the next Honey Pot version.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I have found that my main issue on my osC test site is the contact_us page! I have it set so you can only resend after 30 miniutes but the sod's get round this by just using different emails.

From look into this I think that the only solution is to install Google captcha to this and any other forms like make account and reviews, basickly any submit saving to db should have it applied.

Only problem is this requires quite a lot of core changes in osC to implament fully.

 

Link to comment
Share on other sites

27 minutes ago, JcMagpie said:

From look into this I think that the only solution is to install Google captcha to this and any other forms like make account and reviews, basickly any submit saving to db should have it applied.

See the Honey Pot addon. There are only a few changes needed. It stops 100% of spam by bots on the contact us page and is completely transparent to the customer.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

5 minutes ago, puddlec said:

are they using the same IP address?
if they are you could block them, that way.

That will work but there's isn't any code in place to capture the IP unless something was added.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I have used a basic image captcha on that page but they get round it somehow! IP's are all over the place  so that's not an option.

I've just installed the Google reCAPTCHA found this add-on by @Demitry in the apps! must have missed it before!

https://apps.oscommerce.com/f2UI4&recaptcha-2-form-validation-for-bs-edge

Install needed a small edit to core files and to each page you need it on. Did not work for contactus page was a small error in code, Not found a support thread linked to the app

but the change was easy fix,

simply change in install instructions all cases of

require(DIR_WS_CLASSES . 'recaptcha.php');
 
to
require('includes/classes/recaptcha.php');
So let's see if the sod's get past this one.

 

Link to comment
Share on other sites

Action Recorder

Could not create_account be protected with an action recorder module ?

Recaptcha

Protect create_account with a Recapcha as well?

IP Address

Store IP address as part of account creation.  Isn't everyone doing that anyway per GDPR ? 😂

Back End

What about a backend page that allows shopowner to drill down customers [and delete them], eg show me;

  • customers who registered between X date and Y date
  • and/or have not logged in since
  • and/or have made no orders

Self Approve

How about getting customer to approve themselves (rather than be admin approved).  
IE, they create account & immediately logged out.  They have to check their email to access a page which "open sesame" their account and access to checkout procedure.  Obviously not right for all shops, but some shops that might be suitable for.

That's 5 ideas that spring to mind immediately...

 

Link to comment
Share on other sites

35 minutes ago, Jack_mcs said:

It stops 100% of spam by bots on the contact us

Just checked Jack and it looks as if I have honypot on all the sites that have no spam! the few that have spam problems did not have it! So I guess problem solved! Note to self, stop beeing stupid and use what already works 😂. HoneyPot beeing installed now.

 

Link to comment
Share on other sites

7 hours ago, MrPhil said:

...In the (presumably made up?) example...

Nope, not made up :)

 

Thank you for the advise. We only sell in the United States, so I guess I'll turn all the other countries off.

Link to comment
Share on other sites

3 hours ago, burt said:

Back End

What about a backend page that allows shopowner to drill down customers [and delete them], eg show me;

  • customers who registered between X date and Y date
  • and/or have not logged in since
  • and/or have made no orders

 

The options, or lack of, for sorting and displaying customers seems to be...lacking...at best.

Link to comment
Share on other sites

37 minutes ago, MrPhil said:

Exactly what osC version? What PHP version? Yes, you should worry about such errors.

osCommerce Online Merchant v2.3.4
PHP Version 5.6.39

Please note, I *only* get those errors when clicking on the name of  a fake account. Never for a real account. I am concerned it's some kind of hacking thing.

Link to comment
Share on other sites

I presume that's the "official" osC 2.3.4? I'm not sure it will properly run at PHP 5.6. The community-supported osC 2.3.4.1BS "Frozen" (see link in my signature) will go to at least PHP 7.1, so you should strongly consider upgrading your shop. As for why only "fake" accounts exhibit this behavior, I have never heard of this behavior. I suppose it's somewhat possible that there is some fishy data stored with these accounts, but offhand I can't think of what it could be. Maybe you could go into phpMyAdmin and take a look at one of these problem-causing fake accounts, and compare them with a normal real account, and see if there is anything in the customer data that looks like a script (HTML tags) or something else odd. Are you sure it's only fake accounts, or are those the only ones you tried this operation on? This is only selecting the account, and you haven't pressed Delete yet?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...