Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

New customers - injected?


Scottyj

Recommended Posts

Hi all, in the past month or so I have been getting 3 or 4 on average new customers a day that are I believe are part of some sort of scam but just not sure what is going on.

Basically the new customers are random characters (adfsad*&FSFs FDSHJFHWE) with similar details but with real email addresses. And each email address is different. All I can figure is the site will generate a 'welcome' email back to that email address but not sure what that will achieve. I have had no customer response saying 'i didn't sign up' or anything like that.

Considering my signup page is a little different to a default oscommerce page in that it uses 'tabs', I am not sure its some sort of automated script to generate new customers and all I can think is someone is use some SQL injection to insert customers. But I cannot see what gain there is.

Everyday I go through and delete the accounts. They are never logging in.

I'm going to disable my new customer page by renaming create_account.php for a few days, this will stop both legit customers but maybe this scammer as well. If they still get created it points to a SQL injection i guess?

Anyone come across this before?

Thanks
Scott

Link to comment
Share on other sites

5 hours ago, Scottyj said:

Anyone come across this before?

This is only a problem for sites that have unsecured forms, and unfortunatly out of the box all osC version install with unsecured forms. It's clear that osC sites are beeing targeted due to this. I know that some hosts are now refusing to allow sites with unsecured forms to run on servers. I resently had one of my sites shutdown and was told it would not be allowed back up again untill all unsecured forms had been fixed.

Google reCapatcha is your best option, this free add-on works on Frozen and Phoenix.

reCAPTCHA-2 Form Validation for BS Edge

The hackers know osC has unsecured forms on first install and are hopping most users don't know what a risk this is and so are targeting osC sites. It's down to you to lock all the doors on your site.

I have not found any of the attempts to be successful so far on any of my sites as some string cleaning is done before it's saved to db but that is what they are hoping to do. As you are currently doing best to deleat the account, do not try to edit or use them as this could cause problems, just deleat.

They are not all bot's many are  idiots sitting on pc's with lists of sites to make accounts on. It's very common in some places for people to be paid to do this.

 

Link to comment
Share on other sites

Hi everyone, thanks for the info, I've got Phoneix on my radar to use, my site is heavily customized so its not a quick task to move. But I think reCAPTCHA-2 is the way to go for now. Appreciate the response.

Scott

Link to comment
Share on other sites

Ok so after trying to reCAPTCHA-2 working and not getting far due to the changes to my site (and it not being BE Edge didnt help) I think I have found a fairly easy solution.

I renamed the create_account.php file and any references to it (maybe 3 other files?). Basically pointing it to a new file and I think that was enough to break (likely temporary) any automated scripts or whatever is going on.  So far its been over 24 hours with no new (fake) accounts when I would typically have 5 to 10.

Happy to let people know what files to change etc if this proves to be a solution

Scott

Link to comment
Share on other sites

48 hours and no fake accounts so pretty happy that changing file names has addressed the problem for now. I'm sure one day they will try again and I'd be happy to rename the file again. Certainly easier than deleting accounts everyday!

Cheers Scott

Link to comment
Share on other sites

  • 2 months later...
On 10/30/2019 at 5:29 AM, Scottyj said:

I renamed the create_account.php file and any references to it (maybe 3 other files?)

I've had the same problem and my website is soooooo old, I don't think recaptcha or anything was invented!  Can you tell me which files make reference to the filename so if I rename it, it doesn't mess the job up? thanks

Running a botched up version of  osCommerce Online Merchant v2.3.4 bootstrap with the dresscode theme installed, numerous add-ons, terrible coding, terrible website, but will have to make do until I have made up for my losses and can risk shutting down for a couple of weeks while I start all over again. - I did not install my program but am endeavouring to fix it with your help.

Link to comment
Share on other sites

2 hours ago, zefeena said:

my website is soooooo old, I don't think recaptcha or anything was invented!

If it's old enough, you'll still have includes/filenames.php and can just change

define('FILENAME_CREATE_ACCOUNT', 'create_account.php');

to something like

define('FILENAME_CREATE_ACCOUNT', 'secret_create_account.php');

after first copying the file from the old name to the new name. 

So steps: 

1.  Copy the create_account.php file to the new name.

2.  Edit includes/filenames.php to point to the new name as described above. 

3.  Wait an hour (or day or whatever; enough time that anyone who might currently be creating an account has time to finish) and delete the old file. 

That way there shouldn't even be an outage. 

If you don't have includes/filenames.php, in Phoenix, the files that refer to create_account.php are

create_account.php
ext/modules/payment/paypal/express.php
ext/modules/payment/paypal/express_payflow.php
includes/modules/navbar_modules/templates/tpl_nb_account.php
includes/modules/content/login/templates/tpl_cm_create_account_link.php
includes/modules/content/footer/cm_footer_account.php
includes/modules/content/index/cm_i_customer_greeting.php
includes/modules/header_tags/ht_datepicker_jquery.php
includes/modules/header_tags/ht_robot_noindex.php
includes/apps/paypal/functions/compatibility.php


But don't be surprised if you don't have all of those (and you may not be using them even if they're there).  Regardless, before deleting the old file, go check that the links are going to the new file. 

Some older versions may have links in index.php and includes/header.php as well.  And of course I can hardly guess where your template might have put things.  That's why I recommend testing the links after making the change so as to see if you got them all. 

Always back up before making changes.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...