mediadogg Posted January 19, 2013 Share Posted January 19, 2013 The attacks against my site are increasing. I am using the unlicensed version of the store. Is there a script I can add that will prevent the growing number of bogus customers that are being created in my database? I am hoping to upgrade to a registered copy of the store software someday. I am a bit nervous about it because I do not have the skills to do the migration or resolve issues myself. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted January 19, 2013 Share Posted January 19, 2013 Do you have the ReCaptcha enabled? Please create your signature with your setup information, so those who can help you won't waste time having to ask. Quote Link to comment Share on other sites More sharing options...
bsmither Posted January 19, 2013 Share Posted January 19, 2013 Welcome mediadogg! Glad to see you made it to the forums. The licensing mode of the store will make no difference. The Google reCaptcha mechanism used by CC5 has been thwarted and be easily worked through by automated means. As of now, the reCaptcha offers only a frustration to those who try to solve it using human reasoning. What we in the community hope for is a new (at least different) mechanism in CC520. For each new version, there are fewer 'hiccups' in the automated upgrade process. Quote Link to comment Share on other sites More sharing options...
SimChris Posted January 21, 2013 Share Posted January 21, 2013 Tip to all with this issue ... get in the habit of capturing the I.P. address of those creating accounts, as saved by your store. Keep these in text file, or excel spreadsheet, or whatever. You can check who/where the location is by using the WHOIS for either the U.S. or other countries to see WHERE that is coming from. If it's a country you won't ever do business with (Romania, Argentina, Iran, Iraq, etc.), you should create an .htaccess file or edit the one you have to BLOCK access to your server from those IPs. So, if you end up with 20 "fake accounts" in your store from Russia, well guess what .. block the suckers from access to your site entirely. Only way to fly. We do this here both at server level for hackers, and at domain level for abuse. A ban IP option in the store itself would be useful, too, at some point. Quote Link to comment Share on other sites More sharing options...
mediadogg Posted February 6, 2013 Author Share Posted February 6, 2013 Thanks to all for the replies. I have a very small business, and limited knowledge of PHP programming, so I my confidence is weak in this area. I thought I had added the signature info, but must have made a mistake. I will redo this soon. I am also looking into upgrading to the "Pro" version from the free version, which I am using now. I am nervous about the transition because I don't have the skills to debug problems. I will probably purchase the upgrade/install service and hope that they will preserve the few changes that I did make, along with all existing data. I am wondering if they will also enable the Captcha as part of that upgrade ... I hope so. Thanks again for all the replies. (Still looking for how to update signature - so please don't think I have ignored this request. I did update the "About me" earlier, thinking this was what you meant. My version info is there. So far, I do not see the word "signature" on my profile page,) Edit: I found it. The signature is in My Settings, not Profile. That was my confusion. Moderator might want to consider clarifying this in the sticky post. Quote Link to comment Share on other sites More sharing options...
bsmither Posted February 6, 2013 Share Posted February 6, 2013 "upgrading to the "Pro" version from the free version" Ok, now we see that you started this conversation with mentioning the "free version of Cubecart" meaning CC3 -- which does not require a license. CubeCart 5 also has a "Free" mode of operation, and our answers were based on that unrealized assumption. CC3 has a very rudimentary captcha system (by today's standards). CC5 has a better system, but even now, it offers less deterrent than it used to. Whatever modifications you've made to CC3 will not carry over to CC5. Devellion won't even attempt to carry over the mods. But the upgrade process from CC3 to CC5 may go smoothly. You may still wish to buy the upgrade service. Customers, sales, inventory -- they will all be there after the upgrade. But make a backup first. Quote Link to comment Share on other sites More sharing options...
mediadogg Posted February 6, 2013 Author Share Posted February 6, 2013 Once again, thanks for your prompt reply. I have updated My Settings / Signature for future reference. Let me know when I am exceeding the bounds of this Forum or thread, but I have a couple of questions about upgrading: (1) Is it possible to create a parallel installation of CC5 with CC3 and then "cut over" when the new one is ready? I have full access to my web site, but as I mentioned before, my skills are weak in the web site administration area. (2) The features I want most in an upgraded version would be: - ability to apply Gift Certificates / Discount coupons - more detailed manipulation of database table records without having to resort to SQL - Sales reports, using typical metrics (by product, by category, by time period, by customer, etc.) - select by product to send email - batch update of download cutoff date, by product - ability to create a gratis order on behalf of a user I want to reward (or a "get it free coupon") - customer levels (e,g. VIP gets automatic discount) - ability to add custom Admin commands to the side panel (e.g. a custom SQL search if not available in the product) I know I can do all that stuff with SQL (as I do now), but I am not comfortable with that method. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted February 6, 2013 Share Posted February 6, 2013 Sorry about the signature directions. I can't find it myself right now. It should have been in the Edit Profile list. Quote Link to comment Share on other sites More sharing options...
bsmither Posted February 6, 2013 Share Posted February 6, 2013 "Is it possible to create a parallel installation of CC5 with CC3 and then "cut over" when the new one is ready?" Not in the sense you are hoping for. Yes, both CC3 and CC5 can run independently, with www.domain.com/cc5/index.php if you don't have another domain name. But they cannot share the same database. - ability to apply Gift Certificates / Discount coupons Yes, but that feature is broke as of CC521. - more detailed manipulation of database table records without having to resort to SQL No. CC5 gives you the ability to send SQL commands to the database, but there is no means to examine the results. There is nothing like phpMyAdmin incorporated into the feature set of CC5. - Sales reports, using typical metrics (by product, by category, by time period, by customer, etc.) Yes - somewhat. Certainly not everything you can think of, nor is there any ability that would let you create a custom report. - select by product to send email What kind of email? Whether an item is considered 'digital', and thus 'downloadable', and thus an email containing a 'link' to download the purchase? Yes. Whether to send an email thanking the customer using phrases dependent upon the product bought? No. - batch update of download cutoff date, by product No. The download expiry parameters are databased when purchased and the only adjustment is to, individually by item in the Order Overview, click a link to 'reset' the expiry parameters for that downloadable product using current store settings. - ability to create a gratis order on behalf of a user I want to reward (or a "get it free coupon") Yes. You add an order and assign it to a customer. There have been problems with an admin creating an order for a customer (such as taking an order over the phone), then leaving that order to be paid by the customer when the customer logs in. But I think that got fixed. - customer levels (e,g. VIP gets automatic discount) Yes. As many as you want. And can have individual tax rates too. - ability to add custom Admin commands to the side panel (e.g. a custom SQL search if not available in the product) Yes. FTP a plugin to your site and begin using it's capabilities right away - once enabled. Creating a plugin requires studying the SDK, which there isn't one. Quote Link to comment Share on other sites More sharing options...
mediadogg Posted February 7, 2013 Author Share Posted February 7, 2013 Thanks again for the quick and forthright answers! And I love the sense of humor! Little things like that help sell the product. Quote Link to comment Share on other sites More sharing options...
Guest flowerz Posted February 8, 2013 Share Posted February 8, 2013 I am glad someone has brought this subject up I had just a couple of bogus customers register the other day but I but since then my site has been bombarded with requests for this below code (some parts I have altered for obvious reasons) I am using the latest V5 [Relevant Date & Time] [error] [client CHINA IP] File does not exist: /home/MYSTORE/public_html/Store/index.php+++++++++++++++++++Result:+POST-timeouts+1;+used+x_fields.txt;+chosen+nickname+"Playefsfazy";+captcha+recognized;+registered+(registering+only+mode+is+ON);, referer: newprada.webs.com The referer changes all the time but always high end products lookalikes like cheaplouisvuittonbest & louisvuittonfamoussold plus lots more. the ip’s for the attacks change a few times an hour throughout the day but are always from China, I have denied the Ips ranges concerned so they are just throwing Error 403 & do not get to the store. the store was using recaptcha when it all started days ago but I turned it off & also removed the register only button from the top bar but they still keep hitting on the above code. The nickname Playefsfazy is always the same on all. the code seems to be to do with captcha I know no more! Pam Quote Link to comment Share on other sites More sharing options...
bkessler91 Posted February 19, 2013 Share Posted February 19, 2013 I am seeing bogus customer registration also. i.e. (Last, First name) DitsBymnineneEK, DitsBymnineneEK Vc0bwe JD, Fe3chd JD ChbbiadOS, ChbbiadOS Things of that nature. The IP address has not been stored on these spam accounts... Quote Link to comment Share on other sites More sharing options...
bkessler91 Posted March 21, 2013 Share Posted March 21, 2013 Tip to all with this issue ... get in the habit of capturing the I.P. address of those creating accounts, as saved by your store. Keep these in text file, or excel spreadsheet, or whatever. You can check who/where the location is by using the WHOIS for either the U.S. or other countries to see WHERE that is coming from. If it's a country you won't ever do business with (Romania, Argentina, Iran, Iraq, etc.), you should create an .htaccess file or edit the one you have to BLOCK access to your server from those IPs. So, if you end up with 20 "fake accounts" in your store from Russia, well guess what .. block the suckers from access to your site entirely. Only way to fly. We do this here both at server level for hackers, and at domain level for abuse. A ban IP option in the store itself would be useful, too, at some point. I am seeing bogus customer registration also. i.e. (Last, First name) DitsBymnineneEK, DitsBymnineneEK Vc0bwe JD, Fe3chd JD ChbbiadOS, ChbbiadOS Things of that nature. The IP address has not been stored on these accounts... I do not know why. enabling reCaptcha did not prevent spam sign ups. Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 21, 2013 Share Posted March 21, 2013 "The IP address has not been stored on these accounts... I do not know why." I do not know at what version this was fixed (that is, if it has been fixed), but when a page request goes through a web proxy, there may be the case where more than one IP address get strung together. In such cases, CubeCart does not know how to decipher that phrase and quits trying. Thus, no IP address at all. Google's reCaptcha is virtually worthless at this time. Quote Link to comment Share on other sites More sharing options...
macgillivray Posted April 9, 2013 Share Posted April 9, 2013 This one's such a nuisance; each time I delete the suckers, they're back. I've tried changing passwords, email addy, deleting the bogus customers ..... the frustration is that they register with the same first and second names, which doesn't seem to happen often in real life. M Quote Link to comment Share on other sites More sharing options...
bkessler91 Posted April 24, 2013 Share Posted April 24, 2013 This one's such a nuisance; each time I delete the suckers, they're back. I've tried changing passwords, email addy, deleting the bogus customers ..... the frustration is that they register with the same first and second names, which doesn't seem to happen often in real life. M same deal here. Would be nice if there was a way to not allow the first and last names to be the same. Sorry Montgomery Montgomery... lol Quote Link to comment Share on other sites More sharing options...
SimChris Posted April 25, 2013 Share Posted April 25, 2013 Anybody running their own ecommerce site should spend some time to research the error logs options available from your hosting provider, as you can often see brute force attacks on your store where IPs will be captured, so that you can block them. This may often reveal folks trying to login or create repeat accounts and generating errors -- particularly if they're using human powered spam posts to your site. Your host should be running iptables, csf, or whatever to block most attacks, but human powered stuff can only be stopped by figuring out how to track those folks by IP and then adding that to a firewall or to .htaccess "deny" rules (DENY FROM). However, accounts which don't show an IP in the store can be frustrating, but if you look at your server logs you can often see WHERE the traffic is coming from... so, if you have no clients in Argentina and suddenly have bunch of IP traffic from there, you can often see if that perhaps is where the baddies are coming from. It's a time suck for sure, but it's one of those things you can look into, with your hosting provider as to options for playing detective to block some stuff, particularly the worst offenders. It would be AWESOME if CubeCart would consider implementing some of the solutions out there like bad behavior, or other tools already used for Wordpress like akismet as this will force capture of IPs (we do this to block all the shoe comment spammers hitting our magazine portals). NEW CAPTCHA! .... and we've actually had some fairly good success using the add-on "visual captcha" module sold by ... um...(had to look that up) "GWorks" ... he's updated it to work with IE10 (it didn't originally), and (CAVEAT!) he also has an advertisement link in the Captcha which isn't disclosed during sale of the module (ahem). So, we just edited that link out as having an advert to services in a captcha during customer signup is so wrong on many levels. Anyway... the captcha uses little graphic that somebody has to drag into a box to register. Maybe this helps somebody somewhere.... Quote Link to comment Share on other sites More sharing options...
macgillivray Posted April 26, 2013 Share Posted April 26, 2013 I've started a new tactic - each time I get a spam registration, I disable the account. That means the suckers have to go back and use a different email addy each time to create a new account. Slowly wearing them down, I think .... perhaps I shouldn't speak too soon M Quote Link to comment Share on other sites More sharing options...
bkessler91 Posted May 10, 2013 Share Posted May 10, 2013 I've started a new tactic - each time I get a spam registration, I disable the account. That means the suckers have to go back and use a different email addy each time to create a new account. Slowly wearing them down, I think .... perhaps I shouldn't speak too soon M I've been doing this too... not helping too much. It was a good idea. I'm going to start deleting them as I see them come in again. I have over 3,000 registered customers, I'm thinking I need to keep it clean. Quote Link to comment Share on other sites More sharing options...
Brian T Posted November 6, 2013 Share Posted November 6, 2013 I seem to be getting a number of spam customers signing up (again with same first name and last name). Is there any way to stop these - They always have a Hotmail account, so I wonder if there's a way to ban customers signing up with Hotmail e-mail addresses. Equally I may be missing something but I can't see what these people are achieving other than being a complete nuisance. If anyone has any suggestions to stop these bogus customers I'd be most grateful Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted November 6, 2013 Share Posted November 6, 2013 Try this: http://www.cubecartforums.org/lofiversion/index.php?t17937.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.