Snarg Posted January 13, 2019 Share Posted January 13, 2019 For reasons I don't understand, some bot, script or person with *WAY* to much time on their hands is making fake accounts on my site. How do I go about deleting those accounts? Thank you for your time. Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 14, 2019 Share Posted January 14, 2019 There are several threads regarding this on this subject. There's no simple way to remove them in a stock shop. You can do one of the following: If there are not too many, you can manually delete them in admin->Customers. If there are too many to delete manually, you can delete them by editing the database. How easy this is depends on when the accounts were created and if there is something in common with them, like the same in each. To prevent it from happening again, If you can determine the country that the accounts are being added from and if you won't sell to that country, then remove the country from the countries list in admin or install an addon or package that blocks countries if your host doesn't provide that option. If you can determine the IP of those that created the account, you could block those IP's. There are addons meant to store the IP if you don't have one installed. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥altoid Posted January 14, 2019 Share Posted January 14, 2019 @Snarg same here, very similar to what you show. About 1 or 2 a day. I've been manually deleting. I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
MrPhil Posted January 14, 2019 Share Posted January 14, 2019 Fake accounts are usually opened for the purpose of either spamming you, or using the store as a platform for spamming others via tell-a-friend, messaging, etc. Thus, it is good to keep them under control. I don't know if removing a country from the list will do any good -- they'll simply pick another country. In the (presumably made up?) example, they would just pick some other random country than Angola. That would be like playing whack-a-mole until you're down to one last country. I suppose you could do something to publish a list of countries you will (or won't) sell to, and silently automatically trash any account signed up for the banned countries. The fake account will simply vanish into the memory hole. Something more productive might be to put new accounts' outputs (tell-a-friend, etc.) on preview of some sort, where nothing actually goes out until you've reviewed it. That's more work for you, of course. To avoid running afoul of privacy laws, you'd probably have to tell the "customer" that you're reading their posts and mailings, and even then, there might be trouble. However, it might be enough to discourage those looking to abuse your system (unless you simply turn off t-a-f etc.). Forums and blogs face the same problem. If you can't stop them at the border (CAPTCHAs, etc. on signup to stop bots), you have to monitor what they're outputting to others and clamp down if they appear to be abusive. At least, on a forum or blog posting no one can claim a right to privacy in their communications. Almost anything you can do to stop spamming is going to create more work for you or more work for a real customer. Welcome to the Real World. Can tell-a-friend, etc. be disabled until a customer has purchased something? Can tell-a-friend mailings be checked that they have a legitimate link to one of your products or categories, otherwise they're silently trashed? Just some ideas. Link to comment Share on other sites More sharing options...
♥altoid Posted January 14, 2019 Share Posted January 14, 2019 here's one: from ip: 188.138.188.34 IP Location Moldova, Republic Of Chisinau Starnet Solutii Srl ASN AS31252 STARNET-AS, MD (registered Mar 31, 2004) Resolve Host 188-138-188-34.starnet.md Will be blocking 188.138.188.0 - 188.138.188.255 via my cp I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 14, 2019 Share Posted January 14, 2019 1 minute ago, JcMagpie said: I had to clean a db of old customers a few months ago and found this add-on very useful. You may want to look at my Database Optimizer. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 14, 2019 Share Posted January 14, 2019 3 minutes ago, MrPhil said: Something more productive might be to put new accounts' outputs (tell-a-friend, etc.) on preview of some sort, where nothing actually goes out until you've reviewed it. That is a good idea but won't help in this case since it the creation of accounts causing a problem. And if that is put on hold for approval, the shop would probably lose sales. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
MrPhil Posted January 14, 2019 Share Posted January 14, 2019 Well, the idea is that if the spammer knows that you will be previewing their mailings and weeding out spam (for a while, anyway), hopefully they won't sign up in the first place. Link to comment Share on other sites More sharing options...
douglaswalker Posted January 14, 2019 Share Posted January 14, 2019 Would the Honey pot work I have exactly the same issue so i expect a bot Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 14, 2019 Share Posted January 14, 2019 Sorry about that I mistakenly uploaded the old code! This is what I used to clean the db. The plus was I could filter the large db by date and do a delet between dates or delet individual customers. As Jack said using the optimizer will probably help tidy up the db. Also not wating too long before cleaning would also help ? a little weekly house keeping would have avoided me having to clean 10 year old unused accounts! inactiveuser_CE_2_4.zip Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 14, 2019 Share Posted January 14, 2019 41 minutes ago, douglaswalker said: Would the Honey pot work Assuming you mean my addon, it uses javascript for the create account page and javascript can be bypassed by spammers. It can't be bypassed on the contact us page because that also uses php code. What could be done is to add code to store the IP and the date of account creation and then refuse new accounts if it is from the same IP and within XX amount of time. That won't stop it but it should cut it down quite a bit. I already have the code for that in the Pro version of View Counter. I'll see about adding it to the next Honey Pot version. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 14, 2019 Share Posted January 14, 2019 I have found that my main issue on my osC test site is the contact_us page! I have it set so you can only resend after 30 miniutes but the sod's get round this by just using different emails. From look into this I think that the only solution is to install Google captcha to this and any other forms like make account and reviews, basickly any submit saving to db should have it applied. Only problem is this requires quite a lot of core changes in osC to implament fully. Link to comment Share on other sites More sharing options...
puddlec Posted January 14, 2019 Share Posted January 14, 2019 are they using the same IP address? if they are you could block them, that way. Phoenix support now at https://phoenixcart.org/forum/ App created for phoenixTinyMCE editor for admin Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 14, 2019 Share Posted January 14, 2019 27 minutes ago, JcMagpie said: From look into this I think that the only solution is to install Google captcha to this and any other forms like make account and reviews, basickly any submit saving to db should have it applied. See the Honey Pot addon. There are only a few changes needed. It stops 100% of spam by bots on the contact us page and is completely transparent to the customer. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 14, 2019 Share Posted January 14, 2019 5 minutes ago, puddlec said: are they using the same IP address? if they are you could block them, that way. That will work but there's isn't any code in place to capture the IP unless something was added. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 14, 2019 Share Posted January 14, 2019 I have used a basic image captcha on that page but they get round it somehow! IP's are all over the place so that's not an option. I've just installed the Google reCAPTCHA found this add-on by @Demitry in the apps! must have missed it before! https://apps.oscommerce.com/f2UI4&recaptcha-2-form-validation-for-bs-edge Install needed a small edit to core files and to each page you need it on. Did not work for contactus page was a small error in code, Not found a support thread linked to the app but the change was easy fix, simply change in install instructions all cases of require(DIR_WS_CLASSES . 'recaptcha.php'); to require('includes/classes/recaptcha.php'); So let's see if the sod's get past this one. Link to comment Share on other sites More sharing options...
burt Posted January 14, 2019 Share Posted January 14, 2019 Action Recorder Could not create_account be protected with an action recorder module ? Recaptcha Protect create_account with a Recapcha as well? IP Address Store IP address as part of account creation. Isn't everyone doing that anyway per GDPR ? 😂 Back End What about a backend page that allows shopowner to drill down customers [and delete them], eg show me; customers who registered between X date and Y date and/or have not logged in since and/or have made no orders Self Approve How about getting customer to approve themselves (rather than be admin approved). IE, they create account & immediately logged out. They have to check their email to access a page which "open sesame" their account and access to checkout procedure. Obviously not right for all shops, but some shops that might be suitable for. That's 5 ideas that spring to mind immediately... Link to comment Share on other sites More sharing options...
♥JcMagpie Posted January 14, 2019 Share Posted January 14, 2019 35 minutes ago, Jack_mcs said: It stops 100% of spam by bots on the contact us Just checked Jack and it looks as if I have honypot on all the sites that have no spam! the few that have spam problems did not have it! So I guess problem solved! Note to self, stop beeing stupid and use what already works 😂. HoneyPot beeing installed now. Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2019 Author Share Posted January 14, 2019 7 hours ago, MrPhil said: ...In the (presumably made up?) example... Nope, not made up Thank you for the advise. We only sell in the United States, so I guess I'll turn all the other countries off. Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2019 Author Share Posted January 14, 2019 3 hours ago, puddlec said: are they using the same IP address? if they are you could block them, that way. Proxies. Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2019 Author Share Posted January 14, 2019 3 hours ago, burt said: Back End What about a backend page that allows shopowner to drill down customers [and delete them], eg show me; customers who registered between X date and Y date and/or have not logged in since and/or have made no orders The options, or lack of, for sorting and displaying customers seems to be...lacking...at best. Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2019 Author Share Posted January 14, 2019 When I select one of these fake accounts, I get a bunch of errors. Should I be worried? Link to comment Share on other sites More sharing options...
MrPhil Posted January 14, 2019 Share Posted January 14, 2019 Exactly what osC version? What PHP version? Yes, you should worry about such errors. Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2019 Author Share Posted January 14, 2019 37 minutes ago, MrPhil said: Exactly what osC version? What PHP version? Yes, you should worry about such errors. osCommerce Online Merchant v2.3.4 PHP Version 5.6.39 Please note, I *only* get those errors when clicking on the name of a fake account. Never for a real account. I am concerned it's some kind of hacking thing. Link to comment Share on other sites More sharing options...
MrPhil Posted January 15, 2019 Share Posted January 15, 2019 I presume that's the "official" osC 2.3.4? I'm not sure it will properly run at PHP 5.6. The community-supported osC 2.3.4.1BS "Frozen" (see link in my signature) will go to at least PHP 7.1, so you should strongly consider upgrading your shop. As for why only "fake" accounts exhibit this behavior, I have never heard of this behavior. I suppose it's somewhat possible that there is some fishy data stored with these accounts, but offhand I can't think of what it could be. Maybe you could go into phpMyAdmin and take a look at one of these problem-causing fake accounts, and compare them with a normal real account, and see if there is anything in the customer data that looks like a script (HTML tags) or something else odd. Are you sure it's only fake accounts, or are those the only ones you tried this operation on? This is only selecting the account, and you haven't pressed Delete yet? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.