Jack_mcs Posted November 1, 2019 Share Posted November 1, 2019 6 hours ago, JcMagpie said: From my testing it made no change . I have honey pot and google recapatch running between them 99% of bot's were stopped niether stoped the human idiots OK, thanks. But just to be clear in case someone is reading this, the current, released, version of Honey Pot doesn't have the check for the number of words in a name. The unreleased version does and I hope to get it uploaded this weekend. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
♥JcMagpie Posted November 1, 2019 Share Posted November 1, 2019 My attacks were not the same as @puggybelle the names were normal length and no ad's were part of the account. What they had was script in the address lines in some and some had just fake addresses. None had actualy logged in. I spoke with my host about this and the first thing they did was inform me that if any of my sites had unscured form's and was hacked it would be susspended untill it was cleaned and all forms secured! Luckly all live site were already secure with google and they did not have an issue. The problem was with Frozen and Phoenix test sites. We then secured most of them keeping 2 for testing. So why were they attacking the account page? Well I tested on one site and selected to edit one of the fake account, it then became clear what they were after as on about the 5th or 6th fack account I opend and edited the site crashed as the db was messed up, simply opening and editing the account and then saving it caused the db to crash. Most of these fake accounts had script in the address lines. What It's intentions are i have no idea but i dont think they were good. On the second site I then changed the input lenght on the fileds in the data base to limit the lenght of characters per line , but the attack still continued just the bits saved were trimed to the lenght set. I imagine the bots just look for an input box and dump stuff into it. As i said I belive you need to lock the door and put a few bolts on it as well. 1) I use HoneyPot it reduced the number 2) Added Google recapatcha and they droped by about 95% in total 3) Added a long resubmit time in admin and it reduced the human idiots as I imagine they are not too keen on siting around for 30min before they can try again. Sound's like the new HoneyPot will do most of this so I'm sure that will be welcome by users. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted November 4, 2019 Share Posted November 4, 2019 Just to see how active the @puggybelle attack on osC is I removed Google capatch from one site about 2 days ago and it was under atack within a few seconds of the capatcha beeing disabled. This is what it looks likes...... Link to comment Share on other sites More sharing options...
Guest Posted November 4, 2019 Share Posted November 4, 2019 @JcMagpie - Welcome to MY world! 😛 It's not unusual to see one or two of these things every month, but...I've been getting bombarded with it for the last week or so. Dozens of these every day now. I guess spammers are really ramping things up for the holiday season! - Andrea Link to comment Share on other sites More sharing options...
♥Smoky Barnable Posted November 4, 2019 Share Posted November 4, 2019 I've been seeing a lot of these fake accounts this week as well. I use cloudflare cdn firewall to challenge the countries they are coming from....Hungary, Latvia etc. It's working quite well. I refuse to inconvenience my customers with a captcha. The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence. - Rabindranath Tagore Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.