CrassOne Posted March 24, 2010 Share Posted March 24, 2010 Someone (or something) is creating fake, SPAM customers accounts. It is likely an automated process because it produces dozens at a time and is occurring at roughly hourly intervals. It began yesterday and I have been manually deleting the accounts in the Admin. I have two questions: First, can they be stopped? I noticed that they all have the same first and last name. Can someone create code that would discard any user with both names the same? Alternatively, is there a way to prohibit them via IP address (although I don't presently know the IP address these are coming from)? Or any other way to cut them off? Secondly, until there is a way to prohibit them, is there a way to delete them in bulk? I am marginally familiar with phpMyAdmin. Would it be as simple as deleting a batch in a customer database, or does this info go into multiple databases? Thanks so much for any assistance. I don't know why anyone would do this. There doesn't seem to be anything to be gained. But it sure is annoying. Link to comment Share on other sites More sharing options...
MR1 Posted March 24, 2010 Share Posted March 24, 2010 http://addons.oscommerce.com/info/1237 this should stop it. Link to comment Share on other sites More sharing options...
spooks Posted March 24, 2010 Share Posted March 24, 2010 That would help, you could also look at adding Anti-hacker Account Mods http://addons.oscommerce.com/info/7202 as that includes a functions to sanitse the post vars & adds extra validation to all account pages its much harder for spammers esp robot ones to get an account (some have said they've removed capcha functions as they found that sufficient). PS If there are fields you find they are putting links in, you can add checks for that also, rejecting input if so. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
CrassOne Posted March 24, 2010 Author Share Posted March 24, 2010 http://addons.oscommerce.com/info/1237 this should stop it. Thanks for the suggestion. I may give it a try, but it seems pretty complex to install. I was hoping there would be a simple solution with a little code that would check to see if the first and last names of the registering customer were the same and, if they were, would discard the registration. Link to comment Share on other sites More sharing options...
spooks Posted March 24, 2010 Share Posted March 24, 2010 Thanks for the suggestion. I may give it a try, but it seems pretty complex to install. I was hoping there would be a simple solution with a little code that would check to see if the first and last names of the registering customer were the same and, if they were, would discard the registration. well if that's all you want just use preg_match Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
CrassOne Posted March 25, 2010 Author Share Posted March 25, 2010 well if that's all you want just use preg_match I don't know what preg_match is (I know, I can look it up :) ), however, I already modified my create_account file to include this check: "if (is_numeric($postcode) == false)" The spammer has been inserting alpha characters into every field. So I figured a check to see if the zip code was numeric could defeat the fake registrations. So far, so good. But I will wait a couple of hours (or days) to make sure they have completely stopped. If you think there is any reason why my solution might not be OK (or might cause some trouble), please let me know. Thanks again. Link to comment Share on other sites More sharing options...
spooks Posted March 25, 2010 Share Posted March 25, 2010 I don't know what preg_match is (I know, I can look it up ), however, I already modified my create_account file to include this check: "if (is_numeric($postcode) == false)" The only trouble there is many countries have alpha chars in the post code, if you look at http://addons.oscommerce.com/info/7202 that includes proper post code validation, ie only valid post code (for country) will pass, most hackers wont get past that. If you think your simple checks will do for now, I`d apply that to the phone field. PS A valid US post code can contain a non-numeric char!! Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
CrassOne Posted March 25, 2010 Author Share Posted March 25, 2010 Thanks. I'll probably use your suggestions. First I'll wait to see if this even works. It is still holding up for now. I can even see the perpetrator trying to create accounts when I check Who's Online. I just hope he doesn't bother to patch his robot to put numeric characters in. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.