Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP! I'm Getting Hundreds of SPAM Customers


CrassOne

Recommended Posts

Someone (or something) is creating fake, SPAM customers accounts. It is likely an automated process because it produces dozens at a time and is occurring at roughly hourly intervals. It began yesterday and I have been manually deleting the accounts in the Admin.

 

I have two questions:

 

First, can they be stopped? I noticed that they all have the same first and last name. Can someone create code that would discard any user with both names the same? Alternatively, is there a way to prohibit them via IP address (although I don't presently know the IP address these are coming from)? Or any other way to cut them off?

 

Secondly, until there is a way to prohibit them, is there a way to delete them in bulk? I am marginally familiar with phpMyAdmin. Would it be as simple as deleting a batch in a customer database, or does this info go into multiple databases?

 

Thanks so much for any assistance. I don't know why anyone would do this. There doesn't seem to be anything to be gained. But it sure is annoying.

Link to comment
Share on other sites

That would help, you could also look at adding Anti-hacker Account Mods http://addons.oscommerce.com/info/7202 as that includes a functions to sanitse the post vars & adds extra validation to all account pages its much harder for spammers esp robot ones to get an account (some have said they've removed capcha functions as they found that sufficient).

 

PS If there are fields you find they are putting links in, you can add checks for that also, rejecting input if so.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

http://addons.oscommerce.com/info/1237

 

this should stop it.

Thanks for the suggestion. I may give it a try, but it seems pretty complex to install. I was hoping there would be a simple solution with a little code that would check to see if the first and last names of the registering customer were the same and, if they were, would discard the registration.

Link to comment
Share on other sites

Thanks for the suggestion. I may give it a try, but it seems pretty complex to install. I was hoping there would be a simple solution with a little code that would check to see if the first and last names of the registering customer were the same and, if they were, would discard the registration.

 

 

well if that's all you want just use preg_match

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

well if that's all you want just use preg_match

 

I don't know what preg_match is (I know, I can look it up :) ), however, I already modified my create_account file to include this check:

"if (is_numeric($postcode) == false)"

 

The spammer has been inserting alpha characters into every field. So I figured a check to see if the zip code was numeric could defeat the fake registrations.

 

So far, so good. But I will wait a couple of hours (or days) to make sure they have completely stopped.

 

If you think there is any reason why my solution might not be OK (or might cause some trouble), please let me know.

 

Thanks again.

Link to comment
Share on other sites

I don't know what preg_match is (I know, I can look it up smile.gif ), however, I already modified my create_account file to include this check:

"if (is_numeric($postcode) == false)"

 

 

 

The only trouble there is many countries have alpha chars in the post code, if you look at http://addons.oscommerce.com/info/7202 that includes proper post code validation, ie only valid post code (for country) will pass, most hackers wont get past that.

 

 

 

If you think your simple checks will do for now, I`d apply that to the phone field.

 

PS A valid US post code can contain a non-numeric char!!

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Thanks. I'll probably use your suggestions. First I'll wait to see if this even works.

 

It is still holding up for now. I can even see the perpetrator trying to create accounts when I check Who's Online. I just hope he doesn't bother to patch his robot to put numeric characters in.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...