OpenCart Community

Dear OC!

I'm using opencart 2.0.3.1. Recently a customer with James Kelvin is doing some fraudulent logins on our store with different email addresses with same name, contact, and address. I have banned some IPs and he is doing the same fraudulent logins with random IPs (still creating accounts using different IPs).

Can any one help me suggesting an idea by which i can permanently eradicate this type of fraudsters. Thanks in Advance

Well, you will not find anyone, ANYWHERE, to assist you on this, because
if a solution would exist, for anyone, the Internet would be a much safer place.
The only FREE way, to keep Intruders off, is the use of .htaccess, where
one can block individual IP-Numners as well as entire IP Ranges, to keep 'em off.
And this is an ongoing daily battle, it's not done once and then for good.
Ernie

I would advise strongly against this as you may block good customers too with blocking ranges.

The bot or user will simply keep changing their IP Address anyway and you will be chasing your tail.

The person or bot you have mentioned seems to have been quite busy going for and attacking many OpenCart stores.

One thing that has been known to work is by adding a free extension to stop CSRF attacks.

Hope this helps: https://www.opencart.com/index.php?rout ... on_id=4773

warisaha wrote: ↑

Thu Feb 08, 2018 1:51 pm

he is doing the same fraudulent logins with random IPs (still creating accounts using different IPs)

What harm is being caused?

I would advise strongly against this as you may block good customers too with blocking ranges.

I second this statement. The methodology on using banned IP addresses over .htaccess or from the host console can also affect the results of the search engine whenever results are appearing. The results may still be shown but the link where the search engine has tracked the URL may not be accessible which could become quite problematic for the website's reputation as it is not good practice.

I would suggest using this extension in order to separate all users sessions when using HTML forms: https://www.opencart.com/index.php?rout ... on_id=4773

This also allows webmasters to focus on users specifically rather than automated scripts whenever data is being posted on the store.

Well, if I run a Shop for i.E. Swiss Customers, I sure don't need anyone from China
or Russia to have access to the Site. And by Nature of things, one should always first
make sure, not to block ranges, before exactly checking, what and who will be blocked.
I am doing this for Years already, by FIRST blocking only a full numbered IP, but as soon
as multiple access attempts from the same Main Ranges exist, I lock 'em down, section
for section. It's the only working way, to keep the Fellows off for good, and without using
some external 'helpers', just slowing down loading time.
And as long as one does NOT block important seach engines, nothing will happen, that's
a proven fact too.
Ernie
---
PS. I never got the Mod, mentioned above, to work, like obviously many others too. It's to
complex, and potentially problemsome, if users have to modify Source, to make such work.

Just started for me today, same names and from new york. I have default to disabled for affiliates, should I worry or just leave them there? the commission is set to 0, so I don't think I have to worry. This doesn't provide them any access to the site does it?

commission is set to 0, so I don't think I have to worry

Well, just compare it with a decision on either keep your Backdoor in your house,
or then replacing it by a solid wall. You should never allow anyone into your shop,
exept for those, allowed to by their 'status'. And if you do not use i.E. Affiliates,
Product-Returns, or Gift Vouchers, the 'Access' to those 'Programs' should not be
possible at all, and any attempt, to call such an URL, should result in either an Error
Message Page, or then the Front Start.
This way, one does not have to care about such any longer, and this leaves more
time for other matters. So it's up to you, and better don't listen to anyone, telling
you, better not to touch Source, because later Upgrades would create Problems,
because they always forget, that later Upgrades contain their own new Code and
Files, to so create their own!

Removing Affiliates is not a big problem to solve, to keep a potential nasty problem
off! And depending on your Coder Talent, you can do it for free, by 'screening' freely
available info about.
Good Luck!
Ernie
---
Mods:
https://www.opencart.com/index.php?rout ... +affiliate
---
Google:
https://www.google.com/search?q='remove ... n+Opencart
---

IP_CAM wrote: ↑

Sat Mar 24, 2018 12:03 pm

Reoving Affiliates is not a big problem to solve, to keep a potential nasty problem

This should do it:
https://www.opencart.com/index.php?rout ... on_id=7305

The provided extension above is for OC v1.5x releases. This inquiry has been posted for OC v2.x releases.

straightlight wrote: ↑

Sat Mar 24, 2018 7:29 pm

The provided extension above is for OC v1.5x releases. This inquiry has been posted for OC v2.x releases.

Fair point but our experience is lots of OpenCart users are experiencing this on 1, 2 and 3 so it might help someone else if not the OP.

While this statement may be agreeable, the provided extension also state a considerable fee for that to happen and, in this case, for a different OC version that may not be compatible with the OP's OC version.

straightlight wrote: ↑

Sat Mar 24, 2018 8:13 pm

considerable fee

It's the cheapest an extension can be.

straightlight wrote: ↑

Sat Mar 24, 2018 8:13 pm

may not be compatible with the OP's OC version.

As above, it will fix the problem for others with the same issue.

I'm not sure what your point is, buying this extension is not mandatory