Guest Posted October 23, 2019 Share Posted October 23, 2019 I'm using 2.3.4.1 CE with PHP 7.0 Recently, I'm seeing an increasing number of fake accounts created with long sentences for First and Last Name, like the latest one: The second name is a real account created with a first and last name (erased). The first one speaks for itself. I'm sure there's a way to limit the number of characters in the input fields, but...what about the number of words? Like...one word for first name (maybe two max?) and one for last name. I'm seeing more and more of this lately. Nothing urgent...just asking! Thanks! - Andrea Link to comment Share on other sites More sharing options...
kgtee Posted October 23, 2019 Share Posted October 23, 2019 I think limiting the length of names is not going to do much in stopping people from creating fake accounts. These people will still hack the system with short names. Best is install captchas. Link to comment Share on other sites More sharing options...
Guest Posted October 23, 2019 Share Posted October 23, 2019 @kgtee Hi! I expect you're right. I do have Honeypot Captcha installed, nothing more. Most of the fake accounts are a little more promotional text oriented....lots of references to invest-in-Bitcoin lately. Big long sprawling text for the first and last name which ends up looking like an advertisement or something. The one I posted was pretty slack, really. The IP addresses are mostly coming from Ukraine. Stuff like this is never-ending, it seems! Thanks for replying to my post, I appreciate it! - Andrea Link to comment Share on other sites More sharing options...
kgtee Posted October 23, 2019 Share Posted October 23, 2019 Hi @puggybelle There is an extensive discussion here. The conclusion sounds like Google Recaptcha-2 is the most effective captcha to stop those fake accounts. Give that a try! Cheers! Link to comment Share on other sites More sharing options...
Peper Posted October 23, 2019 Share Posted October 23, 2019 7 hours ago, kgtee said: Hi @puggybelle There is an extensive discussion here. The conclusion sounds like Google Recaptcha-2 is the most effective captcha to stop those fake accounts. Give that a try! Cheers! Same issue here but not so intensive as other users are describing it. Using Recaptcha in create_account In admin/customers.php i have modified the search Mostly the spammers uses companies like google - easier to track down and deleted many - hth <?php $search = ''; if (isset($_GET['search']) && tep_not_null($_GET['search'])) { $keywords = tep_db_input(tep_db_prepare_input($_GET['search'])); $search = "where c.customers_lastname like '%" . $keywords . "%' or c.customers_firstname like '%" . $keywords . "%' or c.customers_email_address like '%" . $keywords . "%' or a.entry_company like '%" . $keywords . "%' or c.customers_telephone like '%" . $keywords . "%'"; } Getting the Phoenix off the ground Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 I've been getting hit all day long with fake accounts like this (and the following was all inserted in the first name field only!) "Exactly how would certainly you utilize $87264 to make even more cash: https://get-xxx-xxx-xxxx.blogspot.nl And then even more to follow in the last name field in create_account.php I think it's ridiculous that those fields are even set up to allow that many characters to start with...255? That's nuts! I put a little maxlength="16" in those forms to act as a deterrent. No sooner than you start typing away...it's over. Your cursor just gets stuck in place. I have to think fake accounts like this are done with the hope of me visiting their urls, well...gosh, what a shame if you can't complete them anymore. Have a nice day! - Andrea Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 31, 2019 Share Posted October 31, 2019 On 10/22/2019 at 10:42 PM, puggybelle said: Recently, I'm seeing an increasing number of fake accounts created with long sentences for First and Last Name, like the latest one: The latest version of Honey Pot has an option for this, as well as several other new options. I will try to get it uploaded this weekend. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 If my database entries in the customers table look like this: Does the number 16 mean that is the maximum number of characters that can be stored when creating an account? Because I woke up to this today: And plenty more to follow those. How is that possible? Just trying to learn and understand what is happening. My remedies to stop it are obviously not working. - Andrea Link to comment Share on other sites More sharing options...
♥JcMagpie Posted October 31, 2019 Share Posted October 31, 2019 11 minutes ago, puggybelle said: Just trying to learn and understand what is happening. My remedies to stop it are obviously not working. Changing the length input accepted will not help. Install this and you will see a 99% reduction over night. osC is beeing targeted by both spam bot's and human spamers. reCAPTCHA-2 Form Validation for BS Edge No easy solution to this you have to lock all forms on your site. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted October 31, 2019 Share Posted October 31, 2019 here is why it's happening. I get offers like this everyday. Hi! ****************** Have you ever heard that you can send a message through the contact form? These forms are located on many sites. We sent you our message in the same way, and the fact that you received and read it shows the effectiveness of this method of sending messages. Since people in any case will read the letter received through the contact form. Our database includes more than 35 million websites from all over the world. The price of sending one million messages 49 USD. There is a discount program for large orders. Free test mailing of 50,000 messages to any country of your selection. This offer is created automatically. Please use the contact details below to contact us. Contact us. Telegram - @Feed*****FormEU Skype Feed*****Form2019 Email - ***************** Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 Hi @JcMagpie - Happy Halloween! I'll try out that other reCaptcha - I'm just trying to rationalize how they can exceed 16 characters when the database says...16. Only 16. Right? Link to comment Share on other sites More sharing options...
♥ecartz Posted October 31, 2019 Share Posted October 31, 2019 29 minutes ago, puggybelle said: Does the number 16 mean that is the maximum number of characters that can be stored when creating an account? It should, but I'm kind of suspicious that they did something funky to handle multibyte characters. I note that your strings are still limited. It looks like to 32 characters. So they may have set it to handle 32 bytes on the theory that on average that will be enough to hold 16 characters. Or they converted to UTF-16 in the storage, which can hold any value that can be represented as UTF-8 as two bytes. Or something even funkier. Stack Overflow suggests that you may find names that are longer than those limits. Always back up before making changes. Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 28 minutes ago, JcMagpie said: reCAPTCHA-2 Form Validation for BS Edge Can this be used in conjunction with Honeypot Captcha? Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 31, 2019 Share Posted October 31, 2019 36 minutes ago, JcMagpie said: Changing the length input accepted will not help. I'm curious why you think this? I have the limit in the unreleased version of Honey Pot and it stops the account creation if names have more words than in the settings. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Jack_mcs Posted October 31, 2019 Share Posted October 31, 2019 10 minutes ago, puggybelle said: Can this be used in conjunction with Honeypot Captcha? The new version of Honey Pot has captcha as an option. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥JcMagpie Posted October 31, 2019 Share Posted October 31, 2019 8 minutes ago, Jack_mcs said: I'm curious why you think this? From my testing it made no change . I have honey pot and google recapatch running between them 99% of bot's were stopped niether stoped the human idiots, they still spam but it in much smaller numbers, Also what helped was setting the time to about 30 min before they can resubmit in admin. Fake account down to less than 1 per week and it's clear this is human. The contact_us form ( it's the only one I have active) is still under attack but again down to a few a day now. Link to comment Share on other sites More sharing options...
Kevin.Dallas Posted October 31, 2019 Share Posted October 31, 2019 very simple, look in your customer varchar 3 customers_firstname varchar(40) utf8_unicode_ci 4 customers_lastname varchar(40) utf8_unicode_ci make it 20 or whatever number of words you would like Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 25 minutes ago, Kevin.Dallas said: varchar(40) utf8_unicode_ci So 40 does not represent characters...it represents the number of words? Is that what you're saying? Link to comment Share on other sites More sharing options...
Kevin.Dallas Posted October 31, 2019 Share Posted October 31, 2019 characters = words define how many characters in the word, for example, in word has 5 characters then set varchar(40) to varchar(5) Link to comment Share on other sites More sharing options...
♥JcMagpie Posted October 31, 2019 Share Posted October 31, 2019 16 minutes ago, puggybelle said: So 40 does not represent characters. Just be carefull as if you change the length too short could bugger up all the data in your db. Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 1 minute ago, JcMagpie said: Just be carefull as if you change the length too short could bugger up all the data in your db. I understand. I really don't like messing with the database. Think I'll just sit and wait for Jack's new version of Honeypot. Link to comment Share on other sites More sharing options...
Kevin.Dallas Posted October 31, 2019 Share Posted October 31, 2019 2 minutes ago, puggybelle said: I understand. I really don't like messing with the database. Think I'll just sit and wait for Jack's new version of Honeypot. i would max set it 40 or just use the google verification code, damm spammers i hear you Link to comment Share on other sites More sharing options...
♥JcMagpie Posted October 31, 2019 Share Posted October 31, 2019 If you have first name set to sa 225 and you change it to say 12 than all first names in your db will be trimed to 12 characters ! not good Only make any changes if you are sure you dont have anything in that table longer than the number you set! My advice do not mess with the db it's no real answer to the problem, Bot's will just dump a shorter text into that section and dump longer bit's into another part. Link to comment Share on other sites More sharing options...
Guest Posted October 31, 2019 Share Posted October 31, 2019 1 minute ago, JcMagpie said: If you have first name set to sa 225 and you change it to say 12 than all first names in your db will be trimed to 12 characters ! not good I changed it last night to 16 for both first and last name. Total waste of time, I guess. Mephistopheles will still fit. 🤩 Link to comment Share on other sites More sharing options...
♥ecartz Posted October 31, 2019 Share Posted October 31, 2019 51 minutes ago, puggybelle said: So 40 does not represent characters...it represents the number of words? No. Characters does not represent words. The 16/32 issue may be a bug or just database weirdness. Always back up before making changes. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.