NewBudda Posted September 4, 2011 Posted September 4, 2011 Hi, in the last weeks I've had hundreds of fake customers register. They only registered as customers but do not try to buy anything. The names are so obviously fake, that I just have to wonder: What is the point of this? Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey
Dan Cole Posted September 4, 2011 Posted September 4, 2011 I get a bit of that and in my case it seems that they are registering to find out how much it'll cost to have the items shipped. Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here.
Rabaeys Posted September 4, 2011 Posted September 4, 2011 If you get a lot of people register but not buy, it means that something is wrong after registration (like the shipping costs are too high) Ask these registered customers what is wrong. Many of them will tell you. Or is the problem that you get registered customers with special characters? Then it could be that the problem is a bot that makes accounts. This can be solved by using captcha or ask the customer a question like 1 + 2 =
web-project Posted September 4, 2011 Posted September 4, 2011 I personally email sort of customers to ask is everything is ok? or any issues they had? sort of way you will show the customer service to the customers and find out if your website have the issues. Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you.
Taipo Posted September 5, 2011 Posted September 5, 2011 What are some of the types of usernames being used, are they using real world names or just random character strings? - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX
NewBudda Posted September 7, 2011 Author Posted September 7, 2011 Sorry if I was unclear. It's definetely 1 or several bots, not humans. I just don't get the point of it. Whats the use of having 200 fake customers register? Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey
NodsDorf Posted September 7, 2011 Posted September 7, 2011 Philip, if you have tell a friend box they maybe using fake names to abuse emailing people with your server's mailbox.
NewBudda Posted September 8, 2011 Author Posted September 8, 2011 ahh. hmm, I will have to check that. Sounds very complicated for spammers to get their way. But maybe your right! Open Source Newsletter: PhPList Open Source Questionnaire: Lime Survey
germ Posted September 8, 2011 Posted September 8, 2011 The depths of evil know no bounds. Maybe you should add a recaptcha to the create account/login page? That usually deters bots. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
satish Posted September 8, 2011 Posted September 8, 2011 I Support Germ on his comment. Recaptcha or some mathematical question to answer should be an addiitonal way out. Also I recommend No follow for create account page so these fake account people need to surf your site to reach create account. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does.
Guzappum Posted September 19, 2011 Posted September 19, 2011 Hi, in the last weeks I've had hundreds of fake customers register. They only registered as customers but do not try to buy anything. The names are so obviously fake, that I just have to wonder: What is the point of this? Hi, I have experienced a similar phenomenon in the last few days. The store has been on-line for more than a year now, and this is the first time I have encountered this. As my account creation page is not indexed in search engines the robots most likely know what they are looking for (the create_account.php). My thought was that changing the file name might solve this for the moment. (I try to avoid anything that takes any effort for actual users to register.) What do you think? Regards
germ Posted September 19, 2011 Posted September 19, 2011 Changing the name won't fool anyone unless you remove all links to it on all your pages. Then no one can create an account... Bad idea... If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
NodsDorf Posted September 19, 2011 Posted September 19, 2011 Denes, you could add recaptcha to your account creation. This will atleast stop bots. The only other reasons I know that somebody would be making fake accounts is to abuse the tell a friend which you can turn off / remove or to write reviews with spam in them.
Taipo Posted September 20, 2011 Posted September 20, 2011 I just don't get the point of it. Whats the use of having 200 fake customers register? It is one of those things where a system such as osCommerce has been heavily exploited where the initial attacks were used to seed osCommerce sites with virus code for the purpose of spreading the viruses from web to pc. The first phase of attacks are hopefully over leaving the attackers to switch to less vulnerable scripts on osCommerce sites. That means flooding registration forms and the like with masses of usernames which probably have links to sites they are trying to promote in a vane attempt to boost search engine listings, or perhaps even the opposite affect, to cause the likes of Google to drop a site they dislike from its high listing because it gets picked up by Google as attempts to spam. I cannot really be sure why, but flooding websites is what usually follows after most users of a system such as osCommerce patch their sites, perhaps its sour grapes by the attackers, or something else, either way it is a regular pattern I have seen. It is why I began working on the osCSpamTrap aspect of osC_Sec integrating a function written by another programmer into osC_Sec which will catch most of those automated flooders without having to add captcha type interuptions to your site users experience. It is still in test form at the moment though. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX
etzeppy Posted October 3, 2011 Posted October 3, 2011 I too have experienced a rash of fake accounts recently. Starting at the end of August some type of bot setup hundreds of fake accounts over the period of a week or two. The last names on these accounts was typically "billaa", "Andeson", or "John". They all used an address in "NewYork" or Atlanta. I removed all of the accounts and have been checking daily for more. A new one or two will show up every few days but it has really slowed down. I am also perplexed as to the motive. Tell A Friend is turned off, links removed, and the script has been renamed. So it should be impossible to use that feature to send spam. I would really like to know the end game on this. I have a lingering fear that there is some sort of security exploit that has not yet been discovered.
MrPhil Posted October 4, 2011 Posted October 4, 2011 Possibly there's some exploit that we don't know about here (on the public forum). Or maybe they're signing up hoping to use Tell A Friend, etc. to spam, and when they find them unusable, they simply leave. Do you think they're going to be polite and clean up after themselves?
etzeppy Posted October 5, 2011 Posted October 5, 2011 Possibly there's some exploit that we don't know about here (on the public forum). Or maybe they're signing up hoping to use Tell A Friend, etc. to spam, and when they find them unusable, they simply leave. Do you think they're going to be polite and clean up after themselves? You're probably right but they keep comming back and setting up more accounts even though Tell A Friend is a dead end on my site. I know it is the same person/bot because of patterns in the address. I deleted four bogus accounts today. I would feel better about it if they would give up and simply leave.
Taipo Posted October 5, 2011 Posted October 5, 2011 The tell a friend script is not being used to register users, that would be the regular registration form. There are a number of methods in use these days to thwart automated registrations, captcha image seems to be the most popular, although there are a number of applications available now for attackers to use that employ an OCR function to read the content of images in the capchas therefore fulfilling the human role demanded by the form. Many of the flooder type applications that are designed to auto fill in these types of forms may or may not have the OCR function, but most of them do not comprehend both cookies and javascript as well. Try installing osC_Sec if you have not done so already, and test out the $osCSpamTrapfeature to see if that puts an end to the automated registrations. It basically just asks the requesting browser that it understand javascript and cookies before allowing a page execution to take place. To see it in action go to http://warbeast.netne.net/ and click to register. The browser will redirect as it is instructed to do so by the javascript then load the page for execution. If you disabled javascript then on that page you will merely see the enabled javascript warning. $osCSpamTrap is still in test phase and in general I recommend that users not use it, but i have set it to only work on user input pages like registrations and once it is tested completely and bug free then it will become part of the regular features of osC_Sec because unfortunately, account registration flooding, as I said earlier, is probably going to be the next phase that osCommerce faces once most users patch their out of date sites. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX
tobybailey Posted October 18, 2011 Posted October 18, 2011 We too are suffering from this. I have added some code stopping them using their favourite email addresses which helps a bit, but of course they can just change. One worrying thing is that a proportion of the fake accounts can not be deleted through the back office. And when viewed they *seem* to have no entries in any of the data fields. Does anybody know what is going on with those? Toby
npn2531 Posted October 18, 2011 Posted October 18, 2011 I also get these fake accounts. I am not a programmer or a security expert. However, if I the rename the 'tablebox' class in includes/classes/boxes to something else then no more new fake accounts. When I switch it back to 'tablebox' then the fake accounts start showing up and I cannot use the submit button in the admin to delete these accounts. Of course renaming the tablebox class creates issues. I have no explanation why this seems to works, it doesn't make sense to me, and I just happened to chance on this 'solution'. Oscommerce site: OSC to CSS, http://addons.oscommerce.com/info/7263 -Mail Manager, http://addons.oscommerce.com/info/8120
MrPhil Posted October 19, 2011 Posted October 19, 2011 The bots may be keying in on 'tablebox' to find their place on the page of where to fill in form information. Changing the name (change both the PHP that generates the page, and the CSS file) could thwart that attack until the bot author decides to key in on something else (in other words, for a short time). It might be best to find a way to prevent these guys from signing up in the first place by using CAPTCHA and maybe some sort of Q&A ("How did you hear about us?" etc.).
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.