Jump to content
Scottyj

New customers - injected?

Recommended Posts

Hi all, in the past month or so I have been getting 3 or 4 on average new customers a day that are I believe are part of some sort of scam but just not sure what is going on.

Basically the new customers are random characters (adfsad*&FSFs FDSHJFHWE) with similar details but with real email addresses. And each email address is different. All I can figure is the site will generate a 'welcome' email back to that email address but not sure what that will achieve. I have had no customer response saying 'i didn't sign up' or anything like that.

Considering my signup page is a little different to a default oscommerce page in that it uses 'tabs', I am not sure its some sort of automated script to generate new customers and all I can think is someone is use some SQL injection to insert customers. But I cannot see what gain there is.

Everyday I go through and delete the accounts. They are never logging in.

I'm going to disable my new customer page by renaming create_account.php for a few days, this will stop both legit customers but maybe this scammer as well. If they still get created it points to a SQL injection i guess?

Anyone come across this before?

Thanks
Scott

Share this post


Link to post
Share on other sites

@Scottyj
It's an increasingly common occurrence with all websites.
Make sure your website is using the latest Phoenix 1.0.3.0 - that's a good start.
Download here - https://github.com/gburton/CE-Phoenix
Google recaptcha 2 installed will usually stop this - it did on our website.

Share this post


Link to post
Share on other sites
5 hours ago, Scottyj said:

Anyone come across this before?

This is only a problem for sites that have unsecured forms, and unfortunatly out of the box all osC version install with unsecured forms. It's clear that osC sites are beeing targeted due to this. I know that some hosts are now refusing to allow sites with unsecured forms to run on servers. I resently had one of my sites shutdown and was told it would not be allowed back up again untill all unsecured forms had been fixed.

Google reCapatcha is your best option, this free add-on works on Frozen and Phoenix.

reCAPTCHA-2 Form Validation for BS Edge

The hackers know osC has unsecured forms on first install and are hopping most users don't know what a risk this is and so are targeting osC sites. It's down to you to lock all the doors on your site.

I have not found any of the attempts to be successful so far on any of my sites as some string cleaning is done before it's saved to db but that is what they are hoping to do. As you are currently doing best to deleat the account, do not try to edit or use them as this could cause problems, just deleat.

They are not all bot's many are  idiots sitting on pc's with lists of sites to make accounts on. It's very common in some places for people to be paid to do this.


 

Share this post


Link to post
Share on other sites

Hi everyone, thanks for the info, I've got Phoneix on my radar to use, my site is heavily customized so its not a quick task to move. But I think reCAPTCHA-2 is the way to go for now. Appreciate the response.

Scott

Share this post


Link to post
Share on other sites

Ok so after trying to reCAPTCHA-2 working and not getting far due to the changes to my site (and it not being BE Edge didnt help) I think I have found a fairly easy solution.

I renamed the create_account.php file and any references to it (maybe 3 other files?). Basically pointing it to a new file and I think that was enough to break (likely temporary) any automated scripts or whatever is going on.  So far its been over 24 hours with no new (fake) accounts when I would typically have 5 to 10.

Happy to let people know what files to change etc if this proves to be a solution

Scott

Share this post


Link to post
Share on other sites

48 hours and no fake accounts so pretty happy that changing file names has addressed the problem for now. I'm sure one day they will try again and I'd be happy to rename the file again. Certainly easier than deleting accounts everyday!

Cheers Scott

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×