Post by GraemeH » Thu Feb 08, 2018 6:55 am

I am assuming this is down to a bot but I may be wrong and am looking for advice to stop this.

Approximately 10 times a day we are getting a new customer create an account. Always with the same name (James Kelvin) with the same address, but always a different location. Again I am assuming this is down to a VPN as its all over the world from New York, Mali, Japan, Phillipines, etc. Every account created is logged in several times from another different location. I keep blacklisting the ip addresses, but it just comes back with another. As soon as I delete one account, it seems within 30 minutes another is created.

So, is there anything I can do about this, and what is the purpose? My host (TSO Host) have said there is not really anything they can do as the ip address keeps changing. Any ideas welcome.

New member

Posts

Joined
Fri Apr 20, 2012 4:56 pm

Post by nagoyajin » Thu Feb 08, 2018 9:19 am

This is not an isolated case. I'm seeing this too. It also created a bunch of affiliate accounts.

New member

Posts

Joined
Sun Oct 28, 2012 9:57 am

Post by IP_CAM » Thu Feb 08, 2018 1:06 pm

Well, this OC v.1.5.6.x Extension at least keeps some from coming back,
because one needs to add a valid eMail, to receive the confirmation Mail,
and then 'unlock' the account, by clicking a link.
The Mod and it's Creator is no longer listed, but I recall, that it worked well,
at least, if one uses a default 1.5.6.x Theme.
It requires an additional Database-Table, usually to be added automatically,
when installing the Extension.
Just an Idea, good Luck ! ;)
Ernie
---
OC v.1.5.6.x Download:
http://www.ipc.li/os/verification_email-1_0.zip
---
More info and modified default code here:
Adding Customer Verification e-mail feature to an OpenCart solution
http://marrriva.blogspot.ch/2013/08/add ... -mail.html
---
In the extension section, all the free stuff is gone on this... :'(
https://www.opencart.com/index.php?rout ... activation

For Sale: Top URL's, including an OpenCart V-Pro Shop!
A wide range of matching Designs can be seen here: http://www.opencart.li
For Information on URL's offered, please contact me at: jti@jacob.ch
Hundreds of Mods in 380+ Repositories for OC v.1.5.x - v.2.3.x
to be found on my Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by GraemeH » Thu Feb 08, 2018 4:16 pm

Hi,

Thanks for the above. Its something to look at, but I'd rather avoid if possible as it might have negative effects towards genuine customers (not that it should, but we all know how inconvenienced they are by having to wait a minute for something).

I just wish I knew what the end game with this was.

New member

Posts

Joined
Fri Apr 20, 2012 4:56 pm

Post by uksitebuilder » Thu Feb 08, 2018 11:17 pm

Definitely not isolated, have seen it too a few times now.

Try this to prevent CSRF attacks

https://www.opencart.com/index.php?rout ... on_id=4773

ImageImageImageImageImage

For Friendly Professional Support - Click Here


User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by saxico81 » Fri Feb 09, 2018 7:12 am

I tried to install the CSRF protection extension but it doesn't work, all the forms fails on render on 1.5.5.1

Is needed install other file/s to do the extension work? It seems the CSRF library is not in the extension.

Newbie

Posts

Joined
Fri Feb 09, 2018 7:10 am

Post by uksitebuilder » Fri Feb 09, 2018 3:54 pm

If you are having problems with the extension, please drop a question on the extension page.

Starlight, who created the extension will be able to set you straight.

ImageImageImageImageImage

For Friendly Professional Support - Click Here


User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by GraemeH » Thu Feb 15, 2018 3:59 am

Extension wouldn't work for me either, but it's not showing at compatible with 1.5.4.1 anyway.

New member

Posts

Joined
Fri Apr 20, 2012 4:56 pm

Post by exibar » Thu Feb 15, 2018 1:56 pm

the Kelvin clan, along with others too...
Kely Klein
John Farengeit
Tim Kelvin
Dave McClaren
July Doe
Alex Klein
Dave Kastro
Jane Kastro
July Kelvin
Dave Kelvin
Kim Kastro
John Kastro
...etc....

At least I know I'm not alone and being targetted... I'm trying to get a captcha for new account registration setup, but not having good luck....
I've setup that new accounts have to be approved by an admin before they can login, but that doesn't stop the creation of the accounts... and I don't think that sending an email to a bogus email address to approve a new account will help either...
I'm really hoping the captcha requirement will stop the creation of these accounts once and for all.

Please let me know how you make out, and I'll do the same so we can all learn the best method to rid ourselves of this pest..

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by pprmkr » Thu Feb 15, 2018 4:30 pm

Attached is vQmod : Captcha for Account register and Affiliate register.
Made and tested for OC 1.5.6.*
Installed last week and stopped creation of new 'James Kelvin' accounts as customer and affiliate.

Attachments


User avatar
Active Member

Posts

Joined
Sat Jan 08, 2011 11:05 pm
Location - Netherlands

Post by davidbfranks » Thu Feb 15, 2018 10:28 pm

pprmkr wrote:
Thu Feb 15, 2018 4:30 pm
Attached is vQmod : Captcha for Account register and Affiliate register.
Made and tested for OC 1.5.6.*
Installed last week and stopped creation of new 'James Kelvin' accounts as customer and affiliate.
How does this work without installing a separate Captcha script to work alongside it?

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by Johnathan » Thu Feb 15, 2018 11:33 pm

I also have a commercial Account Registration Captcha extension that affects both the customer and affiliate registrations. There are versions for all OpenCart 1.5.x and 2.x versions. I've seen a large increase in sales of it lately, likely because someone has created bot scripts targeting OpenCart stores.

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by pprmkr » Fri Feb 16, 2018 12:11 am

davidbfranks wrote:
Thu Feb 15, 2018 10:28 pm
How does this work without installing a separate Captcha script to work alongside it?
No need to install separate Captcha script. This uses default Captcha function in controller/information/contact.php ( information/contact/captcha ).

User avatar
Active Member

Posts

Joined
Sat Jan 08, 2011 11:05 pm
Location - Netherlands

Post by exibar » Fri Feb 16, 2018 12:41 am

I downloaded a captcha vQmod from the ocart extentions pages for ocart 1.5.6. It didnt' work so I modified it and now it works like a champ, no more bot registrations!
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.

Mike B

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by davidbfranks » Fri Feb 16, 2018 12:50 am

Johnathan wrote:
Thu Feb 15, 2018 11:33 pm
I also have a commercial Account Registration Captcha extension that affects both the customer and affiliate registrations. There are versions for all OpenCart 1.5.x and 2.x versions. I've seen a large increase in sales of it lately, likely because someone has created bot scripts targeting OpenCart stores.
Just purchased this extension from you, can confirm it works great and spam is eliminated!

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by GraemeH » Fri Feb 16, 2018 8:09 pm

exibar wrote:
Fri Feb 16, 2018 12:41 am
I downloaded a captcha vQmod from the ocart extentions pages for ocart 1.5.6. It didnt' work so I modified it and now it works like a champ, no more bot registrations!
just copy it to your vQmod XML directory like normal and it will do the trick. Even though the code has provisions for other languages, it's English only.

Mike B
Thanks for that, I've got it up and running, just have to wait and see if it works now. If not, I'll try the other extension.
Does anyone know the point of this? I can't see how they could access anything in the admin section of the database by creating a customer account.

New member

Posts

Joined
Fri Apr 20, 2012 4:56 pm

Post by exibar » Fri Feb 16, 2018 10:09 pm

it certainly did the trick for me... stopped the bot registrations cold dead in their tracks.... hopefully this will last :-)

I too was wondering the significance of them creating these bogus accounts... they can't log in until I approve the new user, so they only create the account.. nothing more.. I fail to see the benefit other than being annoying to us admins....

Newbie

Posts

Joined
Fri Dec 06, 2013 12:50 pm

Post by Johnathan » Fri Feb 16, 2018 11:42 pm

Nobody knows at this point. There haven't been reports of actual security breaches, just a bunch of dummy accounts created. Maybe it *is* just for annoyance. :)

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by mkp007 » Sat Feb 17, 2018 1:55 am

exibar wrote:
Fri Feb 16, 2018 10:09 pm
it certainly did the trick for me... stopped the bot registrations cold dead in their tracks.... hopefully this will last :-)

I too was wondering the significance of them creating these bogus accounts... they can't log in until I approve the new user, so they only create the account.. nothing more.. I fail to see the benefit other than being annoying to us admins....
Tried installing the vqmod but it is not taking. 1.5.6.4

I don't see anything added to the registration page. Tried deleting system and vqmod cache. Tried opening using a different browser.

any ideas?

Vorticy, Inc.
Opencart 1.5.6.4, MySQL 5.1.73-5, PHP 5.3.3-46, Plesk v12.0.18, OS CentOS 6


New member

Posts

Joined
Fri May 10, 2013 12:56 am

Post by mkp007 » Sat Feb 17, 2018 2:34 am

Well, the problem is probably in <file name="catalog/controller/account/register.php">
Can't find: $data['button_upload'] = $this->language->get('button_upload');

Probably needs to be changed to: $this->data['button_continue'] = $this->language->get('button_continue');

There appears to be other changes needed as well. beyond my capabilities at this time.

Vorticy, Inc.
Opencart 1.5.6.4, MySQL 5.1.73-5, PHP 5.3.3-46, Plesk v12.0.18, OS CentOS 6


New member

Posts

Joined
Fri May 10, 2013 12:56 am
Who is online

Users browsing this forum: mylasbags and 32 guests