Jump to content

Potential Malicous Attack


keat

Recommended Posts

@wkd

Just bear in mind what I mentioned 6 posts up.

If a customer had his caps lock on, and his first and second name ended in the same letter, then he's going to get caught by BSmithers trap.

 

From my point of view

It's not often that a customer will leave his caps lock on, and what's the odds that if he did, that he might just have the same end letter in both his first and second name?

However, if we lost a customer, and he was about to spend £500 (or above), then this would be more annoying than the bot.

 

Maybe we should collectively try to find another pattern ?

Link to comment
Share on other sites

I just got a registered customer with the same three letter first and last name in all caps from singapore.  What is your trap Brian?

I know this won't make sense and I've been told in the past this is not possible but it has happened again.  I went to look at my webstore this morning and it was showing and old skin that I still have uploaded. I DID NOT CHANGE THE SETTINGS IN ADMIN. Also, in checking my email log the above customer had used the contact form and sent it to the following departments:  General Inquiry - International Shipping Quote - Questions about a product.   I have long ago deleted those email accounts and moved all emails sent from the contact form to sales@blah blah.  In looking at the store settings  these old email addresses are showing which I  had changed all of them to sales@blahblah. I still have the departments.

I don't know if the two are connected but I'd like to figure out what is going on.

Link to comment
Share on other sites

I added that code but now nobody can sign up for our site - it will give everyone the white out...

 

message me direct and I will send  you the credentials for our website so you can check it out yourself bsmither.

Link to comment
Share on other sites

  • 8 months later...

 In case anyone wants to try SemperFi's old hack, I found the code in an archived copy of our store. (The link to the post is from the old CC forum and is no longer any good. - maybe somebody knows how to find it in the new forum?)

If I remember correctly, a REAL customer going through the sign up form sees the error message that first and last cannot be the same - but a bot will not see that message and will never know they were not successful.

In cubecart.class.php

				// Check passwords match if not empty
				if (isset($_POST['register']) && $_POST['register']==1 && !empty($_POST['password']) && $_POST['password'] !== $_POST['passconf']) {
					$errors['password'] = true;
					$error_messages[] = $GLOBALS['language']->account['error_password_mismatch'];
				}
				//SemperFi from http://www.cubecartforums.org/index.php?showtopic=17937 STOP HACKERS
				// Check names aren't the same
		                if ($_POST['user']['first_name']==$_POST['user']['last_name']) {
		                    $error['names'] = true;
		                    $error_messages[] = $GLOBALS['language']->account['error_names_same'];
		                }				
				//SemperFi end STOP HACKERS
				if (preg_match("/[a-z]/i", $_POST['user']['phone'])) {
					$errors['phone'] = true;
					$error_messages[] = $GLOBALS['language']->account['error_valid_phone'];
				}

 

Link to comment
Share on other sites

  • 2 months later...

Thank you Brian, Which script is best to try first? 

It seems we are all struggling with this same issue/bot. 

I went through our customer db and removed all customers in bold that have 0 purchases and with duplicate first and last names, but moving forward I will try adding one of the scripts in this thread.

Wouldn't a plugin/addon or even hardcoded into cc asking a single question or even better say 6-10 rotating questions that we could set relevant to our site not be a simpler/better option this would surly stop all? Or am I missing something?

I've never learned php most a pitty.

Thanks

Link to comment
Share on other sites

Either script will work, but the one that is placed ini-custom.inc.php will kill PHP immediately.

A code snippet or plugin still requires CubeCart to get up to be fully awake only to thwart an unwanted event.

So, if that's what we want, to simply and quickly thwart an unwanted event, just kill PHP at the earliest possible opportunity.

Sure, a different Captcha (Q/A, for example) would try and catch faulty submissions, but we are aware that the vast majority of robotically submitted registrations match a pattern.

The few that make it through in a year's time (that's been my rate since doing this) is easily managed.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...