Jump to content

Site Spam attacks


mediadogg
 Share

Recommended Posts

The attacks against my site are increasing. I am using the unlicensed version of the store. Is there a script I can add that will prevent the growing number of bogus customers that are being created in my database?

 

I am hoping to upgrade to a registered copy of the store software someday. I am a bit nervous about it because I do not have the skills to do the migration or resolve issues myself.

Link to comment
Share on other sites

Welcome mediadogg! Glad to see you made it to the forums.

 

The licensing mode of the store will make no difference.

 

The Google reCaptcha mechanism used by CC5 has been thwarted and be easily worked through by automated means. As of now, the reCaptcha offers only a frustration to those who try to solve it using human reasoning.

 

What we in the community hope for is a new (at least different) mechanism in CC520.

 

For each new version, there are fewer 'hiccups' in the automated upgrade process.

Link to comment
Share on other sites

Tip to all with this issue ...

get in the habit of capturing the I.P. address of those creating accounts, as saved by your store.

 

Keep these in text file, or excel spreadsheet, or whatever.

 

You can check who/where the location is by using the WHOIS for either the U.S. or other countries to see WHERE that is coming from. If it's a country you won't ever do business with (Romania, Argentina, Iran, Iraq, etc.), you should create an .htaccess file or edit the one you have to BLOCK access to your server from those IPs.

 

So, if you end up with 20 "fake accounts" in your store from Russia, well guess what .. block the suckers from access to your site entirely.

 

Only way to fly.

 

We do this here both at server level for hackers, and at domain level for abuse.

 

A ban IP option in the store itself would be useful, too, at some point.

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Thanks to all for the replies. I have a very small business, and limited knowledge of PHP programming, so I my confidence is weak in this area.

 

I thought I had added the signature info, but must have made a mistake. I will redo this soon. I am also looking into upgrading to the "Pro" version from the free version, which I am using now. I am nervous about the transition because I don't have the skills to debug problems. I will probably purchase the upgrade/install service and hope that they will preserve the few changes that I did make, along with all existing data. I am wondering if they will also enable the Captcha as part of that upgrade ... I hope so. 

 

Thanks again for all the replies.

 

(Still looking for how to update signature - so please don't think I have ignored this request. I did update the "About me" earlier, thinking this was what you meant. My version info is there. So far, I do not see the word "signature" on my profile page,)

 

Edit: I found it. The signature is in My Settings, not Profile. That was my confusion. Moderator might want to consider clarifying this in the sticky post.

Link to comment
Share on other sites

"upgrading to the "Pro" version from the free version"

 

Ok, now we see that you started this conversation with mentioning the "free version of Cubecart" meaning CC3 -- which does not require a license.

 

CubeCart 5 also has a "Free" mode of operation, and our answers were based on that unrealized assumption.

 

CC3 has a very rudimentary captcha system (by today's standards). CC5 has a better system, but even now, it offers less deterrent than it used to.

 

Whatever modifications you've made to CC3 will not carry over to CC5. Devellion won't even attempt to carry over the mods.

 

But the upgrade process from CC3 to CC5 may go smoothly. You may still wish to buy the upgrade service.

 

Customers, sales, inventory -- they will all be there after the upgrade. But make a backup first.

Link to comment
Share on other sites

Once again, thanks for your prompt reply. I have updated My Settings / Signature for future reference. 

 

Let me know when I am exceeding the bounds of this Forum or thread, but I have a couple of questions about upgrading:

 

(1) Is it possible to create a parallel installation of CC5 with CC3 and then "cut over" when the new one is ready? I have full access to my web site, but as I mentioned before, my skills are weak in the web site administration area.

(2) The features I want most in an upgraded version would be:

- ability to apply Gift Certificates / Discount coupons

- more detailed manipulation of database table records without having to resort to SQL

- Sales reports, using typical metrics (by product, by category, by time period, by customer, etc.)

- select by product to send email

- batch update of download cutoff date, by product

- ability to create a gratis order on behalf of a user I want to reward (or a "get it free coupon")

- customer levels (e,g. VIP gets automatic discount)

- ability to add custom Admin commands to the side panel (e.g. a custom SQL search if not available in the product)

 

I know I can do all that stuff with SQL (as I do now), but I am not comfortable with that method.

Link to comment
Share on other sites

"Is it possible to create a parallel installation of CC5 with CC3 and then "cut over" when the new one is ready?"

Not in the sense you are hoping for. Yes, both CC3 and CC5 can run independently, with www.domain.com/cc5/index.php if you don't have another domain name. But they cannot share the same database.

 

- ability to apply Gift Certificates / Discount coupons

Yes, but that feature is broke as of CC521.

 

- more detailed manipulation of database table records without having to resort to SQL

No. CC5 gives you the ability to send SQL commands to the database, but there is no means to examine the results. There is nothing like phpMyAdmin incorporated into the feature set of CC5.

 

- Sales reports, using typical metrics (by product, by category, by time period, by customer, etc.)

Yes - somewhat. Certainly not everything you can think of, nor is there any ability that would let you create a custom report.

 

- select by product to send email

What kind of email?

Whether an item is considered 'digital', and thus 'downloadable', and thus an email containing a 'link' to download the purchase? Yes.

Whether to send an email thanking the customer using phrases dependent upon the product bought? No.

 

- batch update of download cutoff date, by product

No. The download expiry parameters are databased when purchased and the only adjustment is to, individually by item in the Order Overview, click a link to 'reset' the expiry parameters for that downloadable product using current store settings.

 

- ability to create a gratis order on behalf of a user I want to reward (or a "get it free coupon")

Yes. You add an order and assign it to a customer. There have been problems with an admin creating an order for a customer (such as taking an order over the phone), then leaving that order to be paid by the customer when the customer logs in. But I think that got fixed.

 

- customer levels (e,g. VIP gets automatic discount)

Yes. As many as you want. And can have individual tax rates too.

 

- ability to add custom Admin commands to the side panel (e.g. a custom SQL search if not available in the product)

Yes. FTP a plugin to your site and begin using it's capabilities right away - once enabled. Creating a plugin requires studying the SDK, which there isn't one.

Link to comment
Share on other sites

Guest flowerz

I am glad someone has brought this subject up I had just a couple of bogus customers register the other day but I but since then my site has been
bombarded with requests for this below code (some parts I have altered for obvious
reasons) I am using the latest V5


[Relevant Date & Time] [error] [client CHINA IP] File

does not exist: /home/MYSTORE/public_html/Store/index.php+++++++++++++++++++Result:+POST-timeouts+1;+used+x_fields.txt;+chosen+nickname+"Playefsfazy";+captcha+recognized;+registered+(registering+only+mode+is+ON);,
referer: newprada.webs.com


The referer changes all the time but always high end products
lookalikes like cheaplouisvuittonbest 
& louisvuittonfamoussold plus lots more.


 the ip’s for the attacks  change a few times an hour throughout the day but are always from China,

I have denied the  Ips ranges concerned so they are just throwing Error 403 & do not get to the store.

the store was using recaptcha when it all started days ago but I turned it off & also removed the register only button from the top bar  but they
still keep hitting on the above code.


The nickname  Playefsfazy is always the same on all.

the code seems to be to do with captcha I know no more!

Pam
 

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

Tip to all with this issue ...

get in the habit of capturing the I.P. address of those creating accounts, as saved by your store.

 

Keep these in text file, or excel spreadsheet, or whatever.

 

You can check who/where the location is by using the WHOIS for either the U.S. or other countries to see WHERE that is coming from. If it's a country you won't ever do business with (Romania, Argentina, Iran, Iraq, etc.), you should create an .htaccess file or edit the one you have to BLOCK access to your server from those IPs.

 

So, if you end up with 20 "fake accounts" in your store from Russia, well guess what .. block the suckers from access to your site entirely.

 

Only way to fly.

 

We do this here both at server level for hackers, and at domain level for abuse.

 

A ban IP option in the store itself would be useful, too, at some point.

I am seeing bogus customer registration also.

i.e.

(Last, First name)

DitsBymnineneEK, DitsBymnineneEK

Vc0bwe JD, Fe3chd JD

ChbbiadOS, ChbbiadOS

Things of that nature.

 

The IP address has not been stored on these accounts...  I do not know why.

 

enabling reCaptcha did not prevent spam sign ups.

Link to comment
Share on other sites

"The IP address has not been stored on these accounts...  I do not know why."

 

I do not know at what version this was fixed (that is, if it has been fixed), but when a page request goes through a web proxy, there may be the case where more than one IP address get strung together. In such cases, CubeCart does not know how to decipher that phrase and quits trying. Thus, no IP address at all.

 

Google's reCaptcha is virtually worthless at this time.

Link to comment
Share on other sites

  • 3 weeks later...

This one's such a nuisance;  each time I delete the suckers, they're back.  I've tried changing passwords, email addy, deleting the bogus customers .....  the frustration is that they register with the same first and second names, which doesn't seem to happen often in real life. 

 

M

Link to comment
Share on other sites

  • 3 weeks later...

This one's such a nuisance;  each time I delete the suckers, they're back.  I've tried changing passwords, email addy, deleting the bogus customers .....  the frustration is that they register with the same first and second names, which doesn't seem to happen often in real life. 

 

M

same deal here.  Would be nice if there was a way to not allow the first and last names to be the same.

Sorry Montgomery Montgomery... lol

Link to comment
Share on other sites

Anybody running their own ecommerce site should spend some time to research the error logs options available from your hosting provider, as you can often see brute force attacks on your store where IPs will be captured, so that you can block them. This may often reveal folks trying to login or create repeat accounts and generating errors  -- particularly if they're using human powered spam posts to your site. Your host should be running iptables, csf, or whatever to block most attacks, but human powered stuff can only be stopped by figuring out how to track those folks by IP and then adding that to a firewall or to .htaccess "deny" rules (DENY FROM). However, accounts which don't show an IP in the store can be frustrating, but if you look at your server logs you can often see WHERE the traffic is coming from... so, if you have no clients in Argentina and suddenly have bunch of IP traffic from there, you can often see if that perhaps is where the baddies are coming from.

 

It's a time suck for sure, but it's one of those things you can look into, with your hosting provider as to options for playing detective to block some stuff, particularly the worst offenders. It would be AWESOME if CubeCart would consider implementing some of the solutions out there like bad behavior, or other tools already used for Wordpress like akismet as this will force capture of IPs (we do this to block all the shoe comment spammers hitting our magazine portals).

 

NEW CAPTCHA! .... and we've actually had some fairly good success using the add-on "visual captcha" module sold by ... um...(had to look that up) "GWorks" ... he's updated it to work with IE10 (it didn't originally), and (CAVEAT!) he also has an advertisement link in the Captcha which isn't disclosed during sale of the module (ahem). So, we just edited that link out as having an advert to services in a captcha during customer signup is so wrong on many levels. Anyway... the captcha uses little graphic that somebody has to drag into a box to register.

 

Maybe this helps somebody somewhere....

Link to comment
Share on other sites

  • 2 weeks later...

I've started a new tactic - each time I get a spam registration, I disable the account.  That means the suckers have to go back and use a different email addy each time to create a new account.  Slowly wearing them down, I think :)

 

....  perhaps I shouldn't speak too soon :o

 

M

 

I've been doing this too...  not helping too much.  It was a good idea.  I'm going to start deleting them as I see them come in again.  I have over 3,000 registered customers, I'm thinking I need to keep it clean.

Link to comment
Share on other sites

  • 5 months later...

I seem to be getting a number of spam customers signing up (again with same first name and last name).  Is there any way to stop these - They always have a Hotmail account, so I wonder if there's a way to ban customers signing up with Hotmail e-mail addresses.

Equally I may be missing something but I can't see what these people are achieving other than being a complete nuisance.

 

If anyone has any suggestions to stop these bogus customers I'd be most grateful :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...