yorksred Posted March 7, 2017 Share Posted March 7, 2017 I currently have 6400+ people online mostly from he same ip address all with these failed logins. I have put the ip into cpanel ipblocker but made no difference and this number is increasing by the minute. I have had to take my store offline anyway to stop this ? Quote Link to comment Share on other sites More sharing options...
bsmither Posted March 7, 2017 Share Posted March 7, 2017 The largest abuser of registering fake accounts makes the registration using the same first and last name. This isn't everyone, but more than 99%. I had to delete almost 50 fake customers a day. Now, about 5 a month. In index.php, on a new blank line just after the first line, add code so that the two lines look like the following: <?php if (isset($_GET['_a']) && $_GET['_a'] == "register" && !empty($_POST['first_name']) && !empty($_POST['last_name']) && ((!empty($_POST['phone']) && $_POST['phone']=="123456") || $_POST['first_name']===$_POST['last_name'])) exit; // Kills PHP leaving browser with white screen I have also added a means to select, in bulk, customers to have their accounts deleted. However, at 6400+, maybe a SQL query to delete directly from the database. I usually suggest not to do this, as deleting a customer without deleting everything else that is associated with the customer's ID key may cause problems. But fake registrations do not make orders, nor fill out the addressbook. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted March 7, 2017 Share Posted March 7, 2017 I have split your posting plus the reply from @bsmither into a new thread. There are any number of ways at the server / hosting side of things that should already be preventing this type of thing but it sounds like your hosting company doesn't have these configured. A DDoS attack like this coming from a single IP address should never be allowed through the server security. For clarity, are these customer login attempts or attempts to login to admin ? What version of CubeCart are you running ? Ian Quote Link to comment Share on other sites More sharing options...
keat Posted March 7, 2017 Share Posted March 7, 2017 If they are all coming from the same IP, you could try adding a deny statement in your .htaddcess file. However, this won't stop them coming in from another IP or proxy, so you could end up chasing your own tail. deny from xx.xxx.xxx.0/24 or deny from xx.xxx.0.0/16 sorry typo'd htaccess Quote Link to comment Share on other sites More sharing options...
yorksred Posted March 15, 2017 Author Share Posted March 15, 2017 (edited) thanks for the help. These were just tonnes of failed logins at the customer login page, it wasn't creating fake accounts just tring to login in with hundreds of different email address I did manage to block the ip I tried the deny from in htaccess instantly as I have blocked a few ip addresses already but for some reason it didn't work. After googling a bit that deny from wasn;t working I found a few suggestions so added the following to the htaccess file SetEnvIf remote_addr ^xxx.xxx.xx.xxx$ block=1 Order allow,deny allow from all deny from env=block and RewriteCond %{REMOTE_ADDR} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:VIA} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:FORWARDED} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:USERAGENT_VIA} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:PROXY_CONNECTION} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} ^xxx.xxx.xx.xxx [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} ^xxx.xxx.xx.xxx RewriteRule ^(.*)$ - [F] Not sure what is means lol but the the login attempts stopped almost instantly Edited March 15, 2017 by yorksred Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.